What Is IEC 62304?
Created by the International Organization for Standardization (ISO) through an international electrotechnical commission, IEC 62304 is the standard that specifies the process and needed objectives to develop medical device software safely.
The U.S. FDA accepts IEC 62304 compliance as evidence that the software has been designed according to the required regulations/standards and risk control measures.
Reaching Every Phase of the SDLC
These guidelines touch every phase of the software development life cycle (SDLC), covering everything from initial software development planning, requirement analysis, software detailed design, unit implementation, and all the way through to software test validation and device deployment.
This standard covers the development of medical software. By contrast, ISO 13485 sets functional safety standards for medical device manufacturers to use for medical device development—for the design and manufacture of the devices themselves.
Software Risk Management Categories
Whether it’s a doctor, a specialist, or a nurse, healthcare providers depend on medical devices to treat their patients. As part of the software risk management process, those safety-critical systems need to be secure and reliable to ensure everything has been done to prevent any catastrophic failure that could cause death or serious injury.
To assess the risk, the U.S. Food and Drug Administration (FDA) has created a classification system to help with the development of these safety-critical systems.
Medical devices can be sorted into three categories as part of a risk management software process.
- Class I. Low-risk devices are not intended to support or sustain life. These could include items like a bandage, a crutch, or a non-electric wheelchair.
- Class II. Intermediate-risk devices come into sustained contact with a patient and the practitioner needs training to use them. These devices could include catheters, blood pressure cuffs, or intravenous infusion pumps.
- Class III. High-risk devices designed to sustain or support life. Class III devices are life-saving tools like defibrillators, pacemakers, or high-frequency ventilators.
Although IEC 62304 is filled with highly detailed documentation that tells you what should be done to create compliant software and to guard against software failure and hazardous situations, the caveat is that it doesn’t really tell you how it should be done. These guidelines were intentionally created that way to account for evolutionary software changes, changes in software development processes and practices, and the introduction of new technologies.