Operating system compliant with IEC 62304 and FDA?
When selecting an operating system, do medical device manufacturers have to ensure that the operating system is IEC 62304-compliant? What does the FDA say? This article…
IEC 62304 is a European harmonized* standard for “medical device software.” It is entitled “Medical device software – Software life-cycle processes” and sets minimum requirements for processes such as the development and maintenance of software.
Content
On this page, you will find:
* IEC 62304 was harmonized under the MDD and IVDD and is meanwhile harmonized under the MDR and IVDR.
IEC 62304 is applicable for
Because IEC 82304-1 references the standard, IEC 62304 is even relevant for health software.
Qualification and classification
Please also note the articles on life-cycle activities under point 2.
Particular requirements for software
The following articles are grouped according to the chapters of IEC 62304.
Chapter 5.1: Design and development planning
The first requirement of the standard is to create a design and development plan. These articles are worth reading in this context:
Chapter 5.2: Requirements
The manufacturer must derive the software requirements from the requirements of the device or the stakeholder requirements.
Chapters 5.3 and 5.4: Architecture
In the architecture, the manufacturer determines the “blueprint.”
Chapters 5.5 to 5.7: Implementation and verification
The software must then be implemented and verified in accordance with the architecture. Validation is not covered by IEC 62304 but by IEC 82304-1.
Chapter 5.8: Release
Development and maintenance conclude with the release, which should not be confused with the product release:
Further requirements and processes of the standard
Medical devices that are and contain software and that have external interfaces such as USB or ethernet as subject to IT security requirements. Please note the requlatory requirements related to IT security.
In Annex I, the MDR and IVDR medical device regulations formulate the so-called “General Safety and Performance Requirements” (GSPR).
One of these requirements is that “For devices that incorporate software or for software that are devices in themselves,” the
“software shall be developed and manufactured in accordance with the state of the art taking into account the principles of development life cycle, risk management, including information security, verification and validation.”
This is a statutory requirement. A breach of this can be punished with fines and imprisonment as defined in national laws such as the German MDCG.
Manufacturers of medical devices should demonstrate conformity with these requirements by complying with harmonized standards.
The IEC 62304 standard is the standard specifically harmonized for life-cycle processes. Another standard is IEC 82304-1.
The FDA recognizes IEC 62304 as a “Consensus Standard,” but it does not expect conformity with this standard. However, the authority does have comparable requirements in its guidelines on software validation, for example.
Some test centers offer “certification according to IEC 62304”. Manufacturers should be aware of the limitations of these certifications:
The Johner Institute does not generally advise against certification in accordance with IEC 62304. But everyone should be aware of the “probative value” of these certificates.
Benefit from the support of the Johner Institute:
Contact us right away so that we can discuss the next steps together. This will ensure that your “approval” is a success and that your devices are quickly launched on the market.
When selecting an operating system, do medical device manufacturers have to ensure that the operating system is IEC 62304-compliant? What does the FDA say? This article…
Configuration management is much more than using version management tools like git or svn. This becomes clear when you look at IEC 62304 and the FDA guidance documents. In this article, you will read about
DetailsCyclomatic complexity is a metric in software engineering that helps determine the complexity and, thus, the likelyhood of errors and the maintainability of code. Cyclomatic complexity is also referred to as the McCabe metric.
The standard ISO 15223-1, regulates the symbols that manufacturers are permitted to/must use for labeling medical devices. In January 2022, the EU Commission harmonized EN ISO 15223-1 as one of relatively few standards under the MDR and added it to the list of harmonized standards. This alone makes it clear how relevant labeling has become. …
DetailsIn software development, unit testing refers to the testing of software units. However, there is no common understanding of This article provides clarity.
DetailsPDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides
DetailsWhat is the difference between verification and validation, and how are these terms defined? Even standards and regulations use the terms incorrectly or misleadingly. This article
DetailsThe qualification and classification of IVD software determine how and how quickly IVD manufacturers can bring their software to market and what costs arise for “approval.” This article will help you correctly qualify and classify IVD software, thereby avoiding regulatory problems and the resulting costs and delays.
DetailsMedical device cybersecurity is a focus not only for the FDA but also for other legislators and authorities, both in the US and other markets. This is understandable The USA has added requirements for cyber devices to the Food, Drug & Cosmetic Act (FD&C), and the FDA has published several guidance documents on cybersecurity, which…
DetailsLaws and standards require medical device manufacturers to compile a Software Bill of Materials, the SBOM. However, standardized SBOM formats are not always sufficient to meet these requirements. In particular, medical device manufacturers who do not supply and use SBOMs for their software are no longer accepted in the market. Here are the reasons.
DetailsWe need your consent before you can continue on our website. If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. You can revoke or adjust your selection at any time under Settings.
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.