Featured On-Demand Webinar: Accelerate Software Compliance With AI Watch Now >>
Created by the International Organization for Standardization (ISO) through an international electrotechnical commission, IEC 62304 is the standard that specifies the process and needed objectives to develop medical device software safely.
The U.S. FDA accepts IEC 62304 compliance as evidence that the software has been designed according to the required regulations/standards and risk control measures.
These guidelines touch every phase of the software development life cycle (SDLC), covering everything from initial software development planning, requirement analysis, software detailed design, unit implementation, and all the way through to software test validation and device deployment.
This standard covers the development of medical software. By contrast, ISO 13485 sets functional safety standards for medical device manufacturers to use for medical device development—for the design and manufacture of the devices themselves.
Whether it’s a doctor, a specialist, or a nurse, healthcare providers depend on medical devices to treat their patients. As part of the software risk management process, those safety-critical systems need to be secure and reliable to ensure everything has been done to prevent any catastrophic failure that could cause death or serious injury.
To assess the risk, the U.S. Food and Drug Administration (FDA) has created a classification system to help with the development of these safety-critical systems.
Medical devices can be sorted into three categories as part of a risk management software process.
Although IEC 62304 is filled with highly detailed documentation that tells you what should be done to create compliant software and to guard against software failure and hazardous situations, the caveat is that it doesn’t really tell you how it should be done. These guidelines were intentionally created that way to account for evolutionary software changes, changes in software development processes and practices, and the introduction of new technologies.
Satisfy IEC 62304 compliance objectives by automating verification and validation methods like the following, while also reducing the amount of labor costs and time to market.
This can be all part of the software configuration management process, software problem resolution process, software maintenance process, and software maintenance plan.
Learn more about developing software for medical devices compliant with the FDA’s quality system regulations.
Parasoft’s walkthroughs or code review module is designed to make peer reviews more practical and productive by automating preparation, notification, and tracking. It automatically identifies updated code, matches it with designated reviewers, and tracks the progress of each review item until closure.
Parasoft technology uses several analysis techniques, including simulation of application execution paths to identify paths that could trigger runtime defects. Defects detected include the use of uninitialized memory, null pointer dereferencing, division by zero, memory, and resource leaks.
Parasoft’s data flow analysis finds potentially crash-causing defects like exceptions and resource leaks without having to create, execute, or maintain test cases. It allows you to determine whether actual application execution paths could lead to injection vulnerabilities, XSS, exposure of sensitive data, and other weaknesses. This provides a fast and easy way to identify reliability and performance problems without executing the application.
Achieve compliance with safety coding standards such as MISRA, AUTOSAR C++14, and more. Or, as part of a quality management system (QMS), create your own custom coding standards configuration for your organization and suppliers using our RuleWizard.
Weave compliance with security coding standards like SEI CERT, CWE, OWASP, and UL 2900 into the SA testing set of processes and ensure your code meets stringent cybersecurity standards.
Fulfill all IEC 62304 code coverage requirements. All code coverage types (statement, branch, MC/DC and more) are supported and help ensure code safety, security, and reliability by exposing untested code, dead code, and flushing out defects.
Isolate the software unit to be tested with Parasoft’s automated stubbing framework and mocks in cases where the dependent code is unavailable, cannot be easily controlled, or in instances where fault injection is difficult.
Creating unit tests manually is tedious. Fortunately, unit tests lend themselves well to automatic unit test creation. Parasoft’s configurable test case generation can build smart test cases that will identify bugs, automate code coverage, collect results and metrics to feed project analytics.
Parasoft’s static analysis, unit testing, regression testing, and code coverage integrate easily into your CI/CD pipeline. With continuous testing, deliver safe, secure, and high-quality software quickly.
Parasoft’s dynamic reporting dashboard automatically tracks compliance and can automatically produce reports. It also enables advanced reporting strategies using historical data, even when working with large codebases and legacy code where visibility into the code is typically challenging.
Code defects found in production or out in the field are the most expensive. Prevent them from slipping through the cracks by highlighting code that has not been tested before you release your application. This can be performed at the developer’s workstation or automated as part of the continuous integration (CI) pipeline
Automate bidirectional traceability between requirements, test cases, test results, code, and code reviews.
Parasoft solutions have been TÜV SÜD certified for IEC 62304 for all SIL levels.
Parasoft incorporates AI and machine learning to improve productivity in your teams’ static analysis workflow, flagging and prioritizing the violations that need to be fixed first.
Upon completion of the software safety classification your software application will be categorized as class A, B, or C. Software categorized at level C will require a higher level of testing. Know what the expectations are.
To comply with IEC 62304, organizations must implement multiple processes and life cycle requirements, and also techniques like static analysis and unit testing. Test automation activities will significantly improve code safety, security, reliability and will expedite organizations in achieving IEC 62304 compliance.
Parasoft C/C++test is certified by TÜV SÜD as suitable for use when developing safety-critical systems. The TÜV certification covers C/C++test qualification for all levels of SIL. Parasoft also has a Qualification Kit that automates a significant part of the tool qualification process, if it’s ever needed.
IEC 62304 recommends bidirectional traceability between requirements and the test cases that verify and validate the software requirements. Parasoft C/C++test has bidirectional integration between ALM tools like Jama, Polarion, codebeamer, and Jira, which fulfill and have extended traceability needs.
Parasoft C/C++test and Parasoft DTP cover all the bases in reporting the test verification and validation documentation needed to demonstrate compliance to IEC 62304, including audit purposes.
Adopt an automated software testing solution that will support and take you through the entire IEC 62304 software development life cycle. Parasoft’s tools provide a complete verification and validation framework with static analysis, unit testing, integration testing, system testing, structural code coverage, and more, for the delivery of safe, secure, and reliable software architectural designs, compliant to any SIL level, satisfying IEC 62304.
Also, important to note is that C/C++test integrates right into your developers’ IDE (integrated development environment). This dramatically shortens the learning curve, simplifies adoption, improves productivity at the same time reduces costs.
Begin by implementing your code to requirements. However, as the code is written, run the static analysis often to identify and fix any coding violation identified. This prevents defects in safety, security, and quality at the earliest and least expensive phase in software development.
As you move into and up the software verification phases (unit, integration, and software system testing), strongly consider integrating your testing into your build process.
Automation into a modern continuous integration and continuous delivery (CI/CD) workflow has shown to be beneficial in many ways. Defects are found quicker and often, the products improve rapidly, more features are introduced, software release cycles are shorter, and much more.
C/C++test easily integrates into modern CI/CD development ecosystems, offering the most value and cost-effective automated software testing solution.
There are many unique advantages that Parasoft’s automated software testing solutions bring to IEC 62304 compliance.
One key Parasoft C/C++test benefit is its dedicated integrations with embedded IDEs and debuggers. Supported IDE environments include:
C/C++test can also be used to execute unit, integration, and system tests on the host platform, target processor simulator, or the embedded target optimized to take minimal additional overhead for the binary footprint or process cycles.
Another huge benefit Parasoft brings to the table is its unique tool suite offering to address today’s medical industry needs in terms of medical device testing and compliance for FDA new device certification and 510(k) evidence demonstration.
Parasoft test automation solutions provide considerable time and cost savings. Comprehensive compliance reporting provides granular, dynamic views into the compliance process. A centralized reporting system gives teams insight into code violation analytics by group and category and generates compliance documentation automatically to prove compliance with IEC 62304.
The standard is not mandatory, it’s voluntary. However, the FDA has acknowledged that the use of IEC 62304 helps assure safety in medical devices and recognizes that it can be used to submit a declaration of conformity, which is a premarket (such as 510(k)) submission requirement.
The first edition of the international standard was released back in May of 2006. It’s an adaptation of IEC 61508.
The standard has had one update in 2015. Amendment 1 added a few regulatory requirements. Others were amended, particularly those related to safety classification. Also, the handling of legacy code and software item separation is discussed. The latest version remains IEC 62304:2006/Amd 1:2015.
As defined, Programmable Electrical Medical Systems (PEMS) validation determines that the requirements for intended use are satisfied. In other words, performance requirements need to be tested by way of execution. A pass result validates the requirement. Verification of the requirement ensures that a test case exists for every requirement.
