Loading
BAYOOSOFT
  • Management Solutions
    • IT-Security
      • Access Manager
      • gpg4o
    • MedTech
      • Reinventing Technical Documentation
      • Risk Manager
      • MEDiLEX
    • Telesolutions
      • HospiX
  • About us
    • BAYOOSOFT
      • Software Made in Germany
      • The Co-thinker Team
      • Contact Us
    • News & Events
      • News
      • Events
    • BAYOONET Group
      • BAYOOTEC
      • BAYOOMED
  • Jobs & Career
  • Shop
  • Search
  • Menu

Software development according to IEC 62304: Which requirements do you have to fulfil?

IEC 62304 is an international standard that sets minimum requirements for the most important processes of the software life cycle. It applies both to manufacturers who develop their software as an independent medical device (standalone software) and to those who merely embed software in their medical device (embedded software).

Based on DIN EN ISO 14971, the standard also describes the role of risk management within the software development process. Specifically, IEC 62304 defines requirements for the following processes of the software life cycle:

  • Software development
  • Software maintenance
  • Software risk management
  • Software Configuration Management
  • Software problem solving

In addition to the specific requirements for the various processes, IEC 62304 requires the use of a quality management system, a risk management system and a software safety classification.

Safety classification according to IEC 62304

The safety classification allows manufacturers of medical devices to adjust the effort required for the documentation of their software. The higher the potential damage caused by a software error, the more effort they have to put into documenting their software development.

IEC 62304 distinguishes between safety classes A, B and C, whereby the most effort must be made for safety class C. The safety classes are defined as follows:

Safety class A

For safety class A, a software error must not cause injury or damage to health. However, there is an exception to this: software systems also fall into class A if an error can lead to a situation that endangers health, but the risk is acceptable – at the latest when risk control measures are initiated. However, these measures may only be outside the software.

Safety class B

No severe damage must be possible through software systems that fall into class B. In concrete terms, this means that a software error may lead to an unacceptable risk, but according to the risk control measures, it must not result in severe damage.

Safety class C

For software systems classified as Class C, a software error can lead to serious injury or even death.

Requirements for software development according to IEC 62304

Depending on the security class of the software, a different number of requirements must be met for the documentation of the software development:

  • Software development plan (A, B, C)
  • Software requirements analysis (A, B, C)
  • Software architecture design (B, C)
  • Software design creation (C)
  • Implementation and verification of software units (B, C)
  • Software integration and integration testing (B, C)
  • Software system test (B, C)
  • Software release (A, B, C)

In a software system, the security class of the individual components may well be assessed differently. Since a different number of the above-mentioned requirements have to be fulfilled depending on the security class, it makes a lot of sense to integrate functions with a high and functions with a low security class into different components.

Of course, it must be ensured that the risks are actually limited to the corresponding components.

Risk management according to ISO 62304

The entire risk management process is also subject to certain requirements according to IEC 62304:

  • Analysis of the hazard situation
  • Risk control measures
  • Verification of risk control measures
  • Risk management of changes in the software

The norm requires that risk analysis be integrated into the entire development process. Whether all normative requirements have been met can be determined by inspecting the entire documentation. This also includes the risk management file.

  • Analysis of the hazard situation

  • Risk control measures

  • Verification of risk control measures

  • Risk management of changes in the software

The BAYOOSOFT Risk Manager offers a solution for the documentation of software development that is compliant with IEC 62304. International laws and regulations, EU directives, FDA guidelines, product and process standards, guidance documents and quality management systems form the basis of the Risk Manager.

Good to know

Traceability matrices can be used to prove that the development of medical device software conforms to IEC 62304.

These ensure that customer requirements have been checked within the framework of suitable validation processes and that they have been incorporated into the software and verified against the requirements – a demanding task, especially for large systems.

As a standard-compliant solution, the BAYOOSOFT Risk Manager combines the extension modules Requirements Engineering and REST API with risk management according to ISO 14971.

Make an appointment today for an individual product presentation. Our risk management experts will be happy to give you a detailed presentation of the BAYOOSOFT Risk Manager.

inquiry

Latest News

  • BAYOOSOFT @ MEDICA 202231. October 2022 - 19:09
  • Ein:e Ärtz:in sitzt vor einem Tablet und hat ein Stethoskop um den HalsClinical evaluation according to MDR5. October 2022 - 14:31
  • Header Bild, Bildschirm mit Schloss-SymbolEmail encryption – Which method is the most secure?13. May 2022 - 14:23
Contacts at BAYOOSOFT 

Svenja Winkler
CEO
[email protected]

 

 

Franziska Weiß
Head of Sales
[email protected]

Darmstadt
Lise-Meitner-Straße 10
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München

Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Contact: [email protected]
Jobs: [email protected]
Press: [email protected]

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

Contact support
  • Privacy Policy
  • Legal
IT Security Act 2.0 Usability vs. data protection
Scroll to top