IEC 62304 Medical Device Software — Software Life Cycle Processes

IEC 62304 defines the life cycle requirements for medical device software. The set of processes, activities, and tasks described in this standard establishes a common framework for medical device software life cycle processes that is similar to other safety-critical software development standards.

The software development life cycle model spans the life of the software from definition of requirements to release for manufacturing, which:

  • identifies the process, activities and tasks involved in development of a software product,
  • describes the sequence of and dependency between activities and tasks, and
  • identifies the milestones at which the completeness of specified deliverables is verified.

The following diagram provides a representation of the software life cycle phases, outputs, linkages and activities. The life cycle is framed by a planning process where a consistent set of plans and standards is used to describe the activities and phases. The life cycle is supported by a configuration management process, a change management process, and software quality assurance.

A key component of the software life cycle is the risk analysis and safety analysis activities that expose potential hazards and result in a determination of safety class of a given software component.

The risk management process is identified in ISO 14791 and it results in the creation of a risk management file as shown in the figure below.

Once the risks have been identified, captured in a risk management file, evaluated and controlled, then the software can be classified as described in IEC 62304.

IEC 62304, amendment 1 defines three safety classes for software:

  • Safety class A: the SOFTWARE SYSTEM cannot contribute to a HAZARDOUS SITUATION; or the SOFTWARE SYSTEM can contribute to a HAZARDOUS SITUATION which does not result in unacceptable RISK after consideration of RISK CONTROL measures external to the SOFTWARE SYSTEM.
  • Safety class B: the SOFTWARE SYSTEM can contribute to a HAZARDOUS SITUATION which results in unacceptable RISK after consideration of RISK CONTROL measures external to the SOFTWARE SYSTEM and the resulting possible HARM is non-SERIOUS INJURY.
  • Safety class C: the SOFTWARE SYSTEM can contribute to a HAZARDOUS SITUATION which results in unacceptable RISK after consideration of RISK CONTROL measures external to the SOFTWARE SYSTEM and the resulting possible HARM is death or SERIOUS INJURY.

Verocel’s plans and standards are designed to meet the rigorous requirements for class C software in medical devices. We provide medical device clients with a detailed hazard analysis of the software design which is linked to the identified risks. Our verification activities ensure any residual risks are controlled and if possible completely mitigated.

If you’d like to discuss your project needs or would like more information please get in touch