What is IEC 62304 and why do we hit two birds with one stone with ISO 13485

You may have already learned from our blog, that we want to get certified according to ISO 13485.

ISO 13485 is a standard for requirements of the quality management system, specifically for the development of medical products. It serves to ensure the product, as well as the safety of the patient and the user.

But this is just a small refresher. This blog article is about the IEC 62304.

What is the IEC 62304?

IEC stands for International Electrotechnical Commission. The IEC 62304 is therefore a collection of proven practices for the development of medical software established by this Commission.It is the successor to the American ANSI/AAMI SW68 and places more importance on the software in medical products and the associated risks.

As the proportion of software in the medical field becomes increasingly larger and more significant, it is now indispensable to establish guidelines for its development to prevent potential risks. Therefore, the IEC 62304 sets detailed requirements for the processes and activities carried out in the development of this software.

 

Special attention is given to the software lifecycle, which consists of the following 3 phases:

• Phase 1: Software Development
• Phase 2: Software Maintenance
• Phase 3: Software Shutdown

The latter phase is something one would want to prevent as long as possible, through the alternating execution of phase 2. However, in order not to fall behind the constantly evolving state of technology after just a few years, a necessary structure must be observed during development.

 

The IEC 62304 therefore covers 5 topic areas:

• Software Development
• Software Maintenance
• Software Risk Management
• Software Configuration Management
• Software Problem Solving

The requirements for a work step under these processes are defined with a focus on the safety risk of the respective work step.

 

The basis for this are the safety classes defined according to ISO 14971:

• A: no injury or damage to health
• B: no severe injury possible
• C: death or severe injury possible

The risk is calculated according to ISO 14971 based on the probability of occurrence times the severity. With software, it cannot be determined in advance whether an error will occur. Therefore, the probability is provisionally set at 100%, which means that only the question of how high the severity is when an error occurs is taken into account.

 

For software development, it is therefore recommended to use a clear method that supports the separability of individual work steps. These would be, for example, the waterfall method, the incremental method, or the evolutionary method.

 

Exemplary procedure models: Waterfall, incremental, evolutionaryr.

 

They allow the separate handling of work steps with higher security levels. This provides a better overview of the necessary requirements and their implementation.

In development, all fundamental aspects of software engineering must be covered, regardless of which security class is affected.However, risk countermeasures, system architecture and integration, as well as integration tests only need to be established and applied from safety class B onwards.

From safety class C onwards, standards, methods and tools must be recorded in advance in a development plan and a documentation of the work steps must be kept. More details are specified in ISO 61508.

If the process of work development is carried out carefully, it facilitates the other processes considerably. Precise procedures for these are also defined in the IEC 62304. The software risk management, for example, can be implemented according to the ISO 14971.If the prescribed standards are adhered to, software for medical products can be implemented efficiently and in accordance with requirements. Moreover, not only medical devices are considered medical products. Even software that is only partially related to the healthcare sector must have been developed according to the prescribed standards!

IEC 62304 Certification and the Matter of Two Flies

Of course, we want to assure you that our products meet the standards. Therefore, we would like to point out here that a simple certification according to IEC 62304 is not sufficient!

Because everyone is entitled to issue such a certificate. Accordingly, it is not allowed to develop medical products if you only have a certification for IEC 62304!

That's why we get certified according to ISO 13485.This means that the ISO 13485 examination is conducted by accredited bodies. They also check for conformity with IEC 62304

This means that a company that is certified according to ISO 13485 is also tested according to IEC 62304!