IEC 62304 is a European harmonized* standard for “medical device software.” It is entitled “Medical device software – Software life-cycle processes” and sets minimum requirements for processes such as the development and maintenance of software.
Content
On this page, you will find:
Articles on the aspects of IEC 62304
Articles on life-cycle activities
Articles on the regulatory significance of IEC 62304
Advice on where and how to get help with implementation
* IEC 62304 was harmonized under the MDD and IVDD and is meanwhile harmonized under the MDR and IVDR.
1. Articles on the aspects of IEC 62304
a) Scope of application
IEC 62304 is applicable for
standalone software that counts as a medical device (software as medical device), such as
Medical devices that are and contain software and that have external interfaces such as USB or ethernet as subject to IT security requirements. Please note the requlatory requirements related to IT security.
One of these requirements is that “For devices that incorporate software or for software that are devices in themselves,” the
“software shall be developed and manufactured in accordance with the state of the art taking into account the principles of development life cycle, risk management, including information security, verification and validation.”
This is a statutory requirement. A breach of this can be punished with fines and imprisonment as defined in national laws such as the German MDCG.
Manufacturers of medical devices should demonstrate conformity with these requirements by complying with harmonized standards.
The IEC 62304 standard is the standard specifically harmonized for life-cycle processes. Another standard is IEC 82304-1.
b) “Consensus Standard” of the FDA
The FDA recognizes IEC 62304 as a “Consensus Standard,” but it does not expect conformity with this standard. However, the authority does have comparable requirements in its guidelines on software validation, for example.
c) IEC 62304 certification
Some test centers offer “certification according to IEC 62304”. Manufacturers should be aware of the limitations of these certifications:
A certification does not have such a high value, especially if the testing facility is not accredited for this certification. This is because anyone could issue such a certificate.
IEC 62304 is a process standard, not a product standard. Therefore, an inspection must assess the process conformity and not the device conformity. Thus, the certificate does not say too much about the product quality.
The claim made by some testing bodies that certification helps to save time during testing is incomprehensible. Manufacturers can save time through test automation and suitable tools and procedures. However, certification does not reduce the testing effort.
As part of certification in accordance with ISO 13485, which is carried out by accredited bodies, auditors have to indirectly test conformity with IEC 62304 anyway, at least with spot checks.
The Johner Institute does not generally advise against certification in accordance with IEC 62304. But everyone should be aware of the “probative value” of these certificates.
4. Support with IEC 62304
Benefit from the support of the Johner Institute:
Do you still have questions about standards-compliant software development? Then, take advantage of the free micro-consulting.
In the compact seminar on medical software, you will acquire the prescribed competencies. You will learn about and fulfill the statutory requirements for software development.
The Medical Device University uses video training to show you how to create lean, IEC 62304-compliant documentation step by step. A complete set of templates takes a lot of work off your hands.
Contact us right away so that we can discuss the next steps together. This will ensure that your “approval” is a success and that your devices are quickly launched on the market.
Software as medical device (SaMD) refers to (independent) standalone software that is a medical device but not part of one. It should not be confused with medical device software as defined by the EU. As a manufacturer, when do you have to qualify software as medical device, and when as medical device software? Find out…
C5 certificates are relevant for service providers and, where applicable, for medical device manufacturers. The German Digital Act (DigiG), which came into force at the beginning of 2024, redefines the requirements for cloud services in the healthcare sector. This article explains the most important aspects of C5 certification for medical device manufacturers and service providers…
The EU AI Act has been published. Many manufacturers of medical devices and IVD, as well as other healthcare players, are faced with the major task of understanding the 140+ pages of legal text and complying with the requirements. Note: Infringements/violations of the AI Act are punishable by a fine of up to 7% of…
The incorporation of AI in medical devices has made great strides, for example, in the diagnosis of disease. Manufacturers of devices with machine learning face the challenge of having to demonstrate compliance of their devices with the regulations. Even if you know the law – what are the standards and best practices to consider in…
The standard ISO 15223-1, regulates the symbols that manufacturers are permitted to/must use for labeling medical devices. In January 2022, the EU Commission harmonized EN ISO 15223-1 as one of relatively few standards under the MDR and added it to the list of harmonized standards. This alone makes it clear how relevant labeling has become. …
In software development, unit testing refers to the testing of software units. However, there is no common understanding of This article provides clarity.
PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides
What is the difference between verification and validation, and how are these terms defined? Even standards and regulations use the terms incorrectly or misleadingly. This article
The qualification and classification of IVD software determine how and how quickly IVD manufacturers can bring their software to market and what costs arise for “approval.” This article will help you correctly qualify and classify IVD software, thereby avoiding regulatory problems and the resulting costs and delays.
We need your consent before you can continue on our website.If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission.We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience.Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement.You can find more information about the use of your data in our privacy policy.You can revoke or adjust your selection at any time under Settings.
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission.We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience.Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement.You can find more information about the use of your data in our privacy policy.Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.