Featured On-Demand Webinar: Accelerate Software Compliance With AI Watch Now >>
Created by the International Organization for Standardization (ISO) through an international electrotechnical commission, IEC 62304 is the standard that specifies the process and needed objectives to develop medical device software safely.
The U.S. FDA accepts IEC 62304 compliance as evidence that the software has been designed according to the required regulations/standards and risk control measures.
These guidelines touch every phase of the software development life cycle (SDLC), covering everything from initial software development planning, requirement analysis, software detailed design, unit implementation, and all the way through to software test validation and device deployment.
This standard covers the development of medical software. By contrast, ISO 13485 sets functional safety standards for medical device manufacturers to use for medical device development—for the design and manufacture of the devices themselves.
Whether it’s a doctor, a specialist, or a nurse, healthcare providers depend on medical devices to treat their patients. As part of the software risk management process, those safety-critical systems need to be secure and reliable to ensure everything has been done to prevent any catastrophic failure that could cause death or serious injury.
To assess the risk, the U.S. Food and Drug Administration (FDA) has created a classification system to help with the development of these safety-critical systems.
Medical devices can be sorted into three categories as part of a risk management software process.
Although IEC 62304 is filled with highly detailed documentation that tells you what should be done to create compliant software and to guard against software failure and hazardous situations, the caveat is that it doesn’t really tell you how it should be done. These guidelines were intentionally created that way to account for evolutionary software changes, changes in software development processes and practices, and the introduction of new technologies.
Satisfy IEC 62304 compliance objectives by automating verification and validation methods like the following, while also reducing the amount of labor costs and time to market.
This can be all part of the software configuration management process, software problem resolution process, software maintenance process, and software maintenance plan.
Learn more about developing software for medical devices compliant with the FDA’s quality system regulations.
Upon completion of the software safety classification your software application will be categorized as class A, B, or C. Software categorized at level C will require a higher level of testing. Know what the expectations are.
To comply with IEC 62304, organizations must implement multiple processes and life cycle requirements, and also techniques like static analysis and unit testing. Test automation activities will significantly improve code safety, security, reliability and will expedite organizations in achieving IEC 62304 compliance.
Parasoft C/C++test is certified by TÜV SÜD as suitable for use when developing safety-critical systems. The TÜV certification covers C/C++test qualification for all levels of SIL. Parasoft also has a Qualification Kit that automates a significant part of the tool qualification process, if it’s ever needed.
IEC 62304 recommends bidirectional traceability between requirements and the test cases that verify and validate the software requirements. Parasoft C/C++test has bidirectional integration between ALM tools like Jama, Polarion, codebeamer, and Jira, which fulfill and have extended traceability needs.
Parasoft C/C++test and Parasoft DTP cover all the bases in reporting the test verification and validation documentation needed to demonstrate compliance to IEC 62304, including audit purposes.
Adopt an automated software testing solution that will support and take you through the entire IEC 62304 software development life cycle. Parasoft’s tools provide a complete verification and validation framework with static analysis, unit testing, integration testing, system testing, structural code coverage, and more, for the delivery of safe, secure, and reliable software architectural designs, compliant to any SIL level, satisfying IEC 62304.
Also, important to note is that C/C++test integrates right into your developers’ IDE (integrated development environment). This dramatically shortens the learning curve, simplifies adoption, improves productivity at the same time reduces costs.
Begin by implementing your code to requirements. However, as the code is written, run the static analysis often to identify and fix any coding violation identified. This prevents defects in safety, security, and quality at the earliest and least expensive phase in software development.
As you move into and up the software verification phases (unit, integration, and software system testing), strongly consider integrating your testing into your build process.
Automation into a modern continuous integration and continuous delivery (CI/CD) workflow has shown to be beneficial in many ways. Defects are found quicker and often, the products improve rapidly, more features are introduced, software release cycles are shorter, and much more.
C/C++test easily integrates into modern CI/CD development ecosystems, offering the most value and cost-effective automated software testing solution.
There are many unique advantages that Parasoft’s automated software testing solutions bring to IEC 62304 compliance.
One key Parasoft C/C++test benefit is its dedicated integrations with embedded IDEs and debuggers. Supported IDE environments include:
C/C++test can also be used to execute unit, integration, and system tests on the host platform, target processor simulator, or the embedded target optimized to take minimal additional overhead for the binary footprint or process cycles.
Another huge benefit Parasoft brings to the table is its unique tool suite offering to address today’s medical industry needs in terms of medical device testing and compliance for FDA new device certification and 510(k) evidence demonstration.
Parasoft test automation solutions provide considerable time and cost savings. Comprehensive compliance reporting provides granular, dynamic views into the compliance process. A centralized reporting system gives teams insight into code violation analytics by group and category and generates compliance documentation automatically to prove compliance with IEC 62304.
The standard is not mandatory, it’s voluntary. However, the FDA has acknowledged that the use of IEC 62304 helps assure safety in medical devices and recognizes that it can be used to submit a declaration of conformity, which is a premarket (such as 510(k)) submission requirement.
The first edition of the international standard was released back in May of 2006. It’s an adaptation of IEC 61508.
The standard has had one update in 2015. Amendment 1 added a few regulatory requirements. Others were amended, particularly those related to safety classification. Also, the handling of legacy code and software item separation is discussed. The latest version remains IEC 62304:2006/Amd 1:2015.
As defined, Programmable Electrical Medical Systems (PEMS) validation determines that the requirements for intended use are satisfied. In other words, performance requirements need to be tested by way of execution. A pass result validates the requirement. Verification of the requirement ensures that a test case exists for every requirement.