My last several posts have all talked about IEC 62304.

Let’s back up. What is IEC 62304 again?

What is IEC 62304?

IEC 62304 is a standard titled: Medical device software — Software life cycle processes

Here is the abstract from the actual standard:

This standard applies to the development and maintenance of MEDICAL DEVICE SOFTWARE when software is itself a MEDICAL DEVICE or when software is an embedded or integral part of the final MEDICAL DEVICE. This standard describes PROCESSES that are intended to be applied to software which executes on a processor or which is executed by other software (for example an interpreter) which executes on a processor.

IEC 62304 specifies requirements for the process you use to develop software.

Why is it important?

Well, if you comply with 62304, and include the associated documentation with your FDA submission, you will satisfy the FDA’s regulations on Design Controls from 21 CFR 820.30, with regards to software.

So, follow 62304, and you’re in good shape to pass FDA review of the software portion of your submission.

It’s expensive!

It sure is! Tough luck. It’s peanuts compared to the cost to develop a medical device, so quit whining and just buy it. All the other standards you need to comply with are expensive too.

Important to note: the original version of IEC 62304 was published in 2006. The latest version was published in 2016. You’ll see :2006 or :2016 after the number to tell you which version you are looking at. Make sure you are buying the latest version.

What’s inside?

Because IEC 62304 took a standards committee years to produce and involved a lot of effort from many highly experienced and expensive people, the developers rightly take copyright enforcement very seriously. So, I can’t replicate any of the content here. I do feel comfortable sharing the most important parts of the table of contents, so you can understand what’s inside.

  • Part 4: General Requirements
    • Use a Quality System that complies with ISO 13485
    • Conduct a Risk Management process that complies with ISO 14971
    • Determine your Software Safety Classification (A, B, or C) which will determine if there are other parts of the standard you have the option of skipping
  • Part 5: Software Development Process
    • 5.1 Planning
    • 5.2 Requirements
    • 5.3 Architectural Design
    • 5.4 Detailed Design
    • 5.5 Unit Implementation
    • 5.6 Integration & Integration Testing
    • 5.7 System Testing
    • 5.8 Release
  • Part 6: Software Maintenance Process
    This is very similar to Part 5. It addresses what happens when you make changes to software that has previously been released, whether to fix an issue or add new functionality.

  • Part 7: Software Risk Management Process
  • Part 8: Software Configuration Management Process
  • Part 9: Software Problem Resolution Process

In the future, I’ll go into more detail about the nuances of each of these sections.

Bottom line: Buy it, read it, and if you have any questions, hit reply and get in touch.

Happy developing!