10 Jul Medical Device Software Development Lifecycle Standard Changes – IEC 62304:2006 vs. 62304:2015 (Amendment 1)
Devices such as infusion pumps, pacemakers, hospital beds, and digital thermometers are considered medical devices since they interact directly with patients. If these devices use software to control or regulate their functionality in a way that affects the device Basic Safety or Essential Performance, then the software is a critical safety component of the device. Therefore, the development of the software contained in each is subject to the requirements of IEC 62304, which is the standard that defines the software development lifecycle requirements for medical device software.
IEC 62304 is a companion standard to the base medical device safety standard, IEC 60601-1, specifically Clause 14 (PEMS). The main differences and additions that comprise the second release of this very important medical device standard are summarized below.
62304:2015 (Amendment 1) vs. 62304:2006:
Scope – Clarified definition of what software is (any instruction that runs on a processor). This is intended to close the perceived loophole for FPGA source code and microcontroller firmware. Note that FPGA source code is now subject to the SW lifecycle requirements of the standard. (Section 1.2)
Risk – Some accommodation in risk classification (A, B, or C) allowed due to external probability for failure. SW probability of failure still considered at a p=1.0 (will occur). (Section 4.3)
Legacy Software – New Section 4.4 to address changes to previously deployed software (must take a Risk Based approach to the change). Note that legacy software was software on the market or in a marketed device prior to when compliance to IEC 62304 was required. At a minimum legacy software must be subjected to Software System Test.
Latent Defect List – The update now requires publishing the list of known defects in the software (much like the FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices: https://www.gmp-compliance.org/guidemgr/files/UCM089593.PDF), including the triage and risk information about each defect showing it has no impact on safety to remain unresolved. (Section 5.1.12)
Network Software – Added requirements for IT security, networking, and user interfaces (Section 5.2.2)
Strengthened Design Documentation Requirements – Design documents must now contain sufficient detail to allow for correct implementation. This aids software maintenance as well. (Sections 5.4.2 & 5.4.3)
Software System Test – This was expanded to include Class A software. Formal evaluation of adequacy of verification strategies and test procedures was added, as was a requirement for traceability.
Class A Software – Additional requirements for Class A software for testing, release, monitoring, defect resolution, and archive. (Sections 5.6-6.3)
Class B/C – Additional requirement to identify and avoid common software defects (introduced by technology, etc.).
Note: IEC 62304:2006/AMD1:2015 is a Recognized Standard per the US FDA, but is not yet fully harmonized in the EU.
The Realtime Group has deep Medical Product Development experience, including standards compliance, including IEC 62304. We have a shared passion for time to market and product compliance. Visit us at www.TheRealtimeGroup.com or call us at 972-985-9100 to see how we can help you with your product development and testing!
Don Hurd, VP of Quality and Validation Services
Garyld Miles, VP of Operations and Engineering