SlideShare ist ein Scribd-Unternehmen logo

Understanding IEC 62304

MethodSense, Inc.
MethodSense, Inc.

What do hospital beds, blood pressure cuffs, dosimeters, and pacemakers all have in common? They are all medical devices with software that regulates their functionality in a way that contributes to Basic Safety or Essential Performance. With the FDA reporting that the rate of medical device recalls between 2002 and 2012 increased by 100% – where software design failures are the most common reason for the recalls – it’s no wonder IEC 62304 has been implemented. Its implementation, however, has medical device manufacturers asking questions about if, when and under what circumstances the standard is required. This article explains what IEC 62304 is, when medical devices must comply with it and how IEC 62304 compliance is assessed.

Business
1 von 8
Downloaden Sie, um offline zu lesen
Understanding IEC 62304 Co-authored by MethodSense, Inc. and Medical Equipment Compliance Associates, LLC www.methodsense.com | 919.313.3960
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Understanding IEC 62304 By: Rita King, Chief Executive Officer, Methodsense, Inc. and Alex Grob, Chief Biomedical Engineer & Quality Manager, Medical Equipment Compliance Associates, LLC What do hospital beds, blood pressure cuffs, dosimeters, and pacemakers all have in common? They are all medical devices with software that regulates their functionality in a way that contributes to Basic Safety or Essential Performance. With the FDA reporting that the rate of medical device recalls between 2002 and 2012 increased by 100% – where software design failures are the most common reason for the recalls – it’s no wonder IEC 62304 has been implemented. Its implementation, however, has medical device manufacturers asking questions about if, when and under what circumstances the standard is required. For starters, what is IEC 62304? IEC 62304 is the international standard that defines software development lifecycle requirements for medical device software. The standard was developed from the perspective that product testing alone is insufficient to ensure patient safety when software is involved. The standard requires all aspects of the software development life cycle to be scrutinized, including: • Development • Risk management • Configuration • Problem resolution • Maintenance The standard provides a common framework for medical device manufacturers to develop software. Conformance with this standard provides evidence that there is a software development process in place that fulfills the requirements of the Medical Device Directive. Because it has been harmonized with the Medical Device Directive in the EU and Recognized as a Consensus Standard by the FDA in the US, IEC 62304 can be used as a benchmark to comply with regulatory requirements in both markets. To date, this standard has been recognized in most countries that use compliance standards to fulfill regulatory requirements. When is IEC 62304 compliance required? One of the most commonly asked questions of test labs is, “Is compliance with this standard required?” Technically, the answer is “no” because compliance with the standard is voluntary. But, in practice, the answer is “yes.” Read on for greater clarification.
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Since most medical devices in today’s market contain some type of software, manufacturers must determine under which circumstances IEC 62304 is required. These include: • FDA regulatory compliance with IEC 60601-1 Amendment 1 • Reliance upon software to perform Basic Safety functions • Reliance upon software for Essential Performance If your device falls into any of the above categories, you must have evidence that the software development process used is as good as, or better than, the process presented in IEC 62304. Complying with 62304 enhances the reliability of your device’s software by requiring attention to detail in design, testing and verification, ultimately improving the overall safety of the medical device. Does your device have to meet IEC 60601-1 requirements? The EU has been using IEC 62304 since 2008, but it has gained even more traction with its incorporation into the third edition of IEC 60601-1’s Amendment 1. The inclusion of Amendment 1 shifted the standard from a recommendation to a requirement if your device utilizes software. For those who design or manufacture electromedical equipment, 60601-1 is one of the most important safety and performance standards to meet. The standard addresses critical safety issues, including electrical shocks and mechanical hazards, such as pinching, crushing, and breaking. Devices that must meet IEC 60601-1 requirements include those which: • Diagnose, treat, or monitor the patient under medical supervision • Make physical or electrical contact with the patient • Transfer energy to or from the patient; and/or • Detect such energy transfer to or from the patient. 60601-1 Clause 14 requires manufacturers to comply with IEC 62304 unless the device’s software has no role in providing basic safety or essential performance or risk analysis demonstrates that a failure of any Programmable Electronic Safety System (PESS) does not lead to an unacceptable risk. What role does Basic Safety play? Basic safety is the main focus of IEC 60601-1. It’s important that you conduct a risk analysis to identify your device’s level of unacceptable risk and determine the role of software in risk mitigation. This analysis will determine the applicable basic safety requirements for your device, and, for some requirements, the test parameters that need to be used by the test laboratory. A Common Mistake… The most common mistake that medical device manufacturers make is that they do not always assess which elements of risk their software mitigates. These are the elements that must be addressed by IEC 62304. For example, what would happen if the creator of a hoist didn’t properly vet the software that signaled the hoist to lower the patient at a certain speed? If a patient were lowered to quickly – or not at all – there would be a risk management nightmare. Since software plays a role in the Basic Safety functions of the hoist, it must comply with 62304’s requirements.
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. In conjunction with IEC 60601-1, 62304 is intended to minimize the occurrence of these situations. When device software is mitigating a known potential hazard, ensuring that the code is developed properly is critical for the management of patient safety, as well as liability to the manufacturer. Does your software impact Essential Performance? It can be difficult to determine if a device’s software is tied to its Essential Performance (EP), especially because the definition of EP has been widely debated for years. Thankfully, the definition and requirements for Essential Performance changed with Amendment 1 of IEC 60601-1 to help provide more clarity. Determining Essential Performance begins with a list of all functional aspects of your device, including accuracy, measurements and its capabilities. Once you identify these items, determine whether any of these are already covered by the Basic Safety requirements of IEC 60601-1 or whether any item is not part of the device’s intended use. Then, and this is key, every item remaining gets posed the question, “If this item degrades, will it create a risk for the patient?” If the answer is yes, you must identify how its functionality must be maintained so the risk is still acceptable. This is your Essential Performance. A good example to help clarify the impact of Essential Performance on IEC 62304 is accuracy. Consider a device that claims its EP is accurate within 5%. If the device is relying on software to maintain that accuracy or provide an alert when outside of 5%, and that software fails, then the manufacturer will be unable to detect if the device’s Essential Performance is being met. This means the software is providing Essential Performance. Once you know your device software is responsible for Essential Performance, you must comply with IEC 62304 to ensure there is no unacceptable risk to a patient. What are common scenarios manufacturers miss? There are several situations that manufacturers often don’t realize require compliance with IEC 62304. These product features can create major headaches and costly delays if they are not properly developed. These scenarios include:
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Alarms & Alerts Alarms are often an Essential Performance requirement because they are intended to detect abnormalities. If the alarm was removed, the device would no longer meet it’s performance requirements, making the risk unacceptable. Software is used to detect the issue, instigate the alarm and make the sound. Speed & Position Sensors These sensors are in place to address Basic Safety concerns. For example, a hospital bed has a position sensor to keep it from crushing the operator’s foot and mammography has sensors to gauge compression. Devices like these use software to limit range of motion, speed and force. Algorithms Algorithms are frequently used with physiological monitoring. If the software is removed, the device is no longer able to operate as intended, resulting in the algorithms being part of Essential Performance. It is important to note that these situations apply to the patient, operator or service personnel. How is compliance assessed? Once you know you must comply with IEC 62304, how do you go about preparing for it? To start, know that compliance with this standard is defined as implementing all of the processes, activities and tasks identified in the standard in accordance with the software safety class. 62304 itself does not prescribe a particular organizational structure or specific format for documentation, however. Compliance is determined by a review of all required documentation, including the risk management file. The logical first step toward achieving compliance is to assess risk management as seen in IEC 60601-1. This includes: • Defining your operational and manufacturing processes • Documenting and assessing operational risks • Defining controls Once your risk management file is complete, your next step is to review the requirements for IEC 62304. Make sure all required elements are defined and met in your procedures. Then, you’re ready to compile your documentation and submit it to your test lab. The test lab will review your documentation against a Test Report Form. They will comb through each step and verify you are including requirements in your procedures. If it has been decided that the software performs Basic Safety or Essential Performance for your device, the lab will conduct a product review. Alarms & Alerts, Speed & Position Sensors and Algorithms are components that are often missed by manufacturers. They all use software for Basic Safety and Essential Performance functions… requiring IEC 63204 compliance.
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. The lab will only review the segments of your software development process that apply to Basic Safety and Essential Performance. When the review is complete and approved, you’ll receive a compliance report. If you’ve failed any areas, they will be noted, allowing you to make corrections. If you passed, you are able to move forward with your other regulatory commitments, such as obtaining a 510(k) for the US market or CE Marking for Europe. What are some key pitfalls to look out for? Well-documented Processes When meeting the requirements of IEC 62304, there are areas you would benefit from paying close attention to. The most critical is making sure you have clearly defined processes for your company and your software development lifecycle in particular. IEC 62304 identifies several expectations related to the information that should be included in your software development lifecycle procedures. If your processes are not well documented, you will have a lengthy, costly process ahead of you. Document management is essential for meeting compliance goals. The SOUP Can The next most difficult issue is SOUP, and we’re not talking about chowder or minestrone here. SOUP is an acronym for Software of Unknown Provenance (or Pedigree). This is software you did not develop and have limited knowledge as to how it was created. Think of when an operating system, such as Windows, sends you updates and how your device’s software interacts with them. While test labs don’t expect you to be able to explain the development process of your SOUP manufacturer, you will have to identify how your software relies on SOUP to function. You must identify if SOUP contributes to any unacceptable risk. In your software development process, you will need a plan for how you will handle the SOUP. It’s recommended that you build your software around SOUP in a way that enables your device to operate properly in the event that it (the SOUP) causes your software to fail. Unfortunately, many developers and device manufactures neglect to consider the impact of SOUP. Software Partitioning The certifying body reviewing your device will only look at software partitioned around your Essential Performance and Basic Safety. However, if you’ve not taken the time to partition the code well, they will have to apply the principles of IEC 62304 to your entire code. Partitioning makes for a faster review process and minimizes your compliance risks. This is something to consider at the onset of your development process, as well as when your software undergoes changes over time. Document Development While software developers know what they are doing when it comes to writing code, that doesn’t mean they know what they are doing as it relates to medical devices. Documenting the software lifecycle as the code is created makes for a much smoother, more accurate process than trying to remember how the software was developed after the fact. All too often, software developers are unaware of the scope of documentation required for medical devices. This is particularly critical because over the last couple decades software development methodologies have been evolved and many of the emerging methodologies place less emphasis on documentation and more emphasis on rapid development. So, the key to the software development process is the management of a software development methodology that creates the efficiency the company is looking for with the accountability that the IEC 62304 is expecting.
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Version Control & Updates The chance of your software requiring updates or version changes is pretty likely, and changes conducted after achieving compliance are often forgotten. When you create your software development lifecycle process, be sure to include how these are defined including how you maintain your software in a validated state. Keep in mind that when changes are made to your software, additional testing may be necessary. What about non-compliance? If you get caught in any of the abovementioned pitfalls, you can expect that you will not be in compliance. You will either not receive a report at all, or will receive a report that says you failed somewhere in IEC 60601-1 or IEC 62304. Because the standards are voluntary, you don’t necessarily have to make product changes if you fail. You can choose to not comply. However, for each “fail,” you will be required to provide justification for each deviation. If you have valid justification, your device should still attain regulatory approval from the FDA or in the EU, although developing this justification can be a lengthy process in itself. The reality is these standards are here to stay, especially as software becomes an even more influential medical device component. Summation Based on our experience, when seeking CE Marking, Notified Bodies try to create a level of consistency with their reviews. Thus, it has become more and more difficult to convince a Notified Body that you don’t have to comply with IEC 62304 when it is clear the role of software in your medical device contributes to Essential Performance. Attempting to take the path of “justification” will likely add more time to your process, and you may find yourself needing to complete IEC 62304 in the long run. Our recommendation is to avoid loopholes that don’t really exist and to go through the process of meeting IEC 62304 requirements. Not only will this be more effective for meeting commercialization goals, but it will prove you stand behind the safety of your device.
delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. About the authors MethodSense is a life science consulting firm with offices in the US and Europe. They guide medical device, biotech and pharmaceutical companies with quality, regulatory and technology solutions. Their services enable clients to operate more effectively during the commercialization process and beyond. As it relates to IEC 60601-1 and 62304, MethodSense provides expert guidance and interpretation, helping you with: ! Reviewing the standard you must comply with ! Conducting a gap analysis of your Risk Management Program against ISO 14971 ! Updating your Risk Management Documentation ! Completing the IEC 60601-1 and other relevant tables ! Submitting your documentation for review For more information about MethodSense, visit www.methodsense.com. MECA was formed in 2002, to assist medical device companies with their safety certification, compliance, and regulatory needs. They have grown their business and network of associates with the leaders in their respective fields, to offer the highest level of certification and regulatory support that you will find anywhere. MECA works to help bring the safest devices possible to market, especially as it relates to IEC 60601-1 and IEC 62304 compliance. To learn more about MECA’s service, visit 60601-1.com.

Empfohlen

IEC 62304 Action List
IEC 62304 Action List IEC 62304 Action List
IEC 62304 Action List MethodSense, Inc.
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 
An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)DePuy Synthes
 
validation and verification of medical device.pptx
validation and verification of medical device.pptxvalidation and verification of medical device.pptx
validation and verification of medical device.pptxGargiVaghela
 
ISO Standard 13485
ISO Standard 13485ISO Standard 13485
ISO Standard 13485Himanshi Arora
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Greenlight Guru
 
ISO: 14971 Quality risk management of medical devices
ISO: 14971 Quality risk management of medical devicesISO: 14971 Quality risk management of medical devices
ISO: 14971 Quality risk management of medical devicesAtul Bhombe
 
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...Arete-Zoe, LLC
 

Empfohlen

IEC 62304 Action List
IEC 62304 Action List IEC 62304 Action List
IEC 62304 Action List MethodSense, Inc.
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management MethodSense, Inc.
 
An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)An Overview for Software as a Medical Device (SaMD)
An Overview for Software as a Medical Device (SaMD)DePuy Synthes
 
validation and verification of medical device.pptx
validation and verification of medical device.pptxvalidation and verification of medical device.pptx
validation and verification of medical device.pptxGargiVaghela
 
ISO Standard 13485
ISO Standard 13485ISO Standard 13485
ISO Standard 13485Himanshi Arora
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Greenlight Guru
 
ISO: 14971 Quality risk management of medical devices
ISO: 14971 Quality risk management of medical devicesISO: 14971 Quality risk management of medical devices
ISO: 14971 Quality risk management of medical devicesAtul Bhombe
 
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...
Medical Devices Regulation (MDR) 2017/745 - Part II Placing devices on EU ma...Arete-Zoe, LLC
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...Greenlight Guru
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Intland Software GmbH
 
Medical device reporting 27 sep2016
Medical device reporting 27 sep2016Medical device reporting 27 sep2016
Medical device reporting 27 sep2016Ann-Marie Roche
 
Iso13485 ppt
Iso13485 pptIso13485 ppt
Iso13485 pptRajashekhara Gowda
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
US FDA Medical Device or Equipment
US FDA Medical Device or EquipmentUS FDA Medical Device or Equipment
US FDA Medical Device or EquipmentDrMohammadKausar
 
Regulation of Medical Devices in US
Regulation of Medical Devices in USRegulation of Medical Devices in US
Regulation of Medical Devices in USAnkit Geete
 
Regulation of software as medical devices
Regulation of software as medical devicesRegulation of software as medical devices
Regulation of software as medical devicesTGA Australia
 
Premarket Notification The 510(k) Process
Premarket Notification The 510(k) ProcessPremarket Notification The 510(k) Process
Premarket Notification The 510(k) ProcessMichael Swit
 
ISO-13485-2016.pptx
ISO-13485-2016.pptxISO-13485-2016.pptx
ISO-13485-2016.pptxPradeepa J
 
Design and development of medical device
Design and development of medical deviceDesign and development of medical device
Design and development of medical deviceMalesh M
 
Medical device design and development | Combination Product
Medical device design and development | Combination ProductMedical device design and development | Combination Product
Medical device design and development | Combination ProductAnil Chaudhari
 
Iso 13485:2016
Iso 13485:2016Iso 13485:2016
Iso 13485:2016Suhas R
 
21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdf21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdfBhavikaAPatel
 
ASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptxASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptxAartiVats5
 
Process Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical DevicesProcess Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical DevicesRina Nir
 
Medical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing SurvellianceMedical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing SurvellianceCSIR-URDIP, NCL Campus, Pune
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usVinod Raj
 
Iso 14971 2019
Iso 14971 2019Iso 14971 2019
Iso 14971 2019Suhas R
 
Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Sterling Medical Devices
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 

Weitere ähnliche Inhalte

Was ist angesagt?

THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...Greenlight Guru
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Intland Software GmbH
 
Medical device reporting 27 sep2016
Medical device reporting 27 sep2016Medical device reporting 27 sep2016
Medical device reporting 27 sep2016Ann-Marie Roche
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
US FDA Medical Device or Equipment
US FDA Medical Device or EquipmentUS FDA Medical Device or Equipment
US FDA Medical Device or EquipmentDrMohammadKausar
 
Regulation of Medical Devices in US
Regulation of Medical Devices in USRegulation of Medical Devices in US
Regulation of Medical Devices in USAnkit Geete
 
Regulation of software as medical devices
Regulation of software as medical devicesRegulation of software as medical devices
Regulation of software as medical devicesTGA Australia
 
Premarket Notification The 510(k) Process
Premarket Notification The 510(k) ProcessPremarket Notification The 510(k) Process
Premarket Notification The 510(k) ProcessMichael Swit
 
ISO-13485-2016.pptx
ISO-13485-2016.pptxISO-13485-2016.pptx
ISO-13485-2016.pptxPradeepa J
 
Design and development of medical device
Design and development of medical deviceDesign and development of medical device
Design and development of medical deviceMalesh M
 
Medical device design and development | Combination Product
Medical device design and development | Combination ProductMedical device design and development | Combination Product
Medical device design and development | Combination ProductAnil Chaudhari
 
Iso 13485:2016
Iso 13485:2016Iso 13485:2016
Iso 13485:2016Suhas R
 
21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdf21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdfBhavikaAPatel
 
ASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptxASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptxAartiVats5
 
Process Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical DevicesProcess Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical DevicesRina Nir
 
Medical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing SurvellianceMedical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing SurvellianceCSIR-URDIP, NCL Campus, Pune
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usVinod Raj
 
Iso 14971 2019
Iso 14971 2019Iso 14971 2019
Iso 14971 2019Suhas R
 

Was ist angesagt? (20)

THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
 
Medical device reporting 27 sep2016
Medical device reporting 27 sep2016Medical device reporting 27 sep2016
Medical device reporting 27 sep2016
 
Iso13485 ppt
Iso13485 pptIso13485 ppt
Iso13485 ppt
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
US FDA Medical Device or Equipment
US FDA Medical Device or EquipmentUS FDA Medical Device or Equipment
US FDA Medical Device or Equipment
 
Regulation of Medical Devices in US
Regulation of Medical Devices in USRegulation of Medical Devices in US
Regulation of Medical Devices in US
 
Regulation of software as medical devices
Regulation of software as medical devicesRegulation of software as medical devices
Regulation of software as medical devices
 
Premarket Notification The 510(k) Process
Premarket Notification The 510(k) ProcessPremarket Notification The 510(k) Process
Premarket Notification The 510(k) Process
 
ISO-13485-2016.pptx
ISO-13485-2016.pptxISO-13485-2016.pptx
ISO-13485-2016.pptx
 
Design and development of medical device
Design and development of medical deviceDesign and development of medical device
Design and development of medical device
 
Medical device design and development | Combination Product
Medical device design and development | Combination ProductMedical device design and development | Combination Product
Medical device design and development | Combination Product
 
Iso 13485:2016
Iso 13485:2016Iso 13485:2016
Iso 13485:2016
 
21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdf21 CFR 820 and 801 pptx.pdf
21 CFR 820 and 801 pptx.pdf
 
ASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptxASEAN COUNTRIES.pptx
ASEAN COUNTRIES.pptx
 
Process Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical DevicesProcess Validation & Verification (V&V) for Medical Devices
Process Validation & Verification (V&V) for Medical Devices
 
Medical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing SurvellianceMedical Device Exemption and Post Marketing Survelliance
Medical Device Exemption and Post Marketing Survelliance
 
Regulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in usRegulatory approval process for invitro diagnostics in us
Regulatory approval process for invitro diagnostics in us
 
Iso 14971 2019
Iso 14971 2019Iso 14971 2019
Iso 14971 2019
 

Ähnlich wie Understanding IEC 62304

Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Sterling Medical Devices
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...3GDR
 
Elements to Consider for Risk Assessment in SaMDs
Elements to Consider for Risk Assessment in SaMDsElements to Consider for Risk Assessment in SaMDs
Elements to Consider for Risk Assessment in SaMDsEMMAIntl
 
Building a QMS for Your SaMD
Building a QMS for Your SaMDBuilding a QMS for Your SaMD
Building a QMS for Your SaMDEMMAIntl
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilityASQ Reliability Division
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfICS
 
Developing Product Requirements For Medical Devices
Developing Product Requirements For Medical DevicesDeveloping Product Requirements For Medical Devices
Developing Product Requirements For Medical DevicesWalt Maclay
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic InsightsReliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic InsightsArrelic
 
Computer system validation
Computer system validation Computer system validation
Computer system validation ShameerAbid
 
The critical role of QA in Medical Device Testing.pdf
The critical role of QA in Medical Device Testing.pdfThe critical role of QA in Medical Device Testing.pdf
The critical role of QA in Medical Device Testing.pdfMindfire LLC
 
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity PerspectiveEMMAIntl
 
Medical device regulations 510k
Medical device regulations 510kMedical device regulations 510k
Medical device regulations 510kSigma
 
Design Verification vs Design Validation
Design Verification vs Design ValidationDesign Verification vs Design Validation
Design Verification vs Design ValidationEMMAIntl
 
Software Testing - Software Quality (Part 2)
Software Testing - Software Quality (Part 2)Software Testing - Software Quality (Part 2)
Software Testing - Software Quality (Part 2)Ajeng Savitri
 
Usability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and SoftwareUsability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and SoftwareUXPA Boston
 
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...April Bright
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIEMMAIntl
 

Ähnlich wie Understanding IEC 62304 (20)

Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...Critical Steps in Software Development: Enhance Your Chances for a Successful...
Critical Steps in Software Development: Enhance Your Chances for a Successful...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Elements to Consider for Risk Assessment in SaMDs
Elements to Consider for Risk Assessment in SaMDsElements to Consider for Risk Assessment in SaMDs
Elements to Consider for Risk Assessment in SaMDs
 
Building a QMS for Your SaMD
Building a QMS for Your SaMDBuilding a QMS for Your SaMD
Building a QMS for Your SaMD
 
Software controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliabilitySoftware controlled electron mechanical systems reliability
Software controlled electron mechanical systems reliability
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
 
Developing Product Requirements For Medical Devices
Developing Product Requirements For Medical DevicesDeveloping Product Requirements For Medical Devices
Developing Product Requirements For Medical Devices
 
TwinSPIN_Lecture.ppt
TwinSPIN_Lecture.pptTwinSPIN_Lecture.ppt
TwinSPIN_Lecture.ppt
 
Reliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic InsightsReliability Instrumented System | Arrelic Insights
Reliability Instrumented System | Arrelic Insights
 
Computer system validation
Computer system validation Computer system validation
Computer system validation
 
The critical role of QA in Medical Device Testing.pdf
The critical role of QA in Medical Device Testing.pdfThe critical role of QA in Medical Device Testing.pdf
The critical role of QA in Medical Device Testing.pdf
 
ISO 13485: What's Next?
ISO 13485: What's Next?ISO 13485: What's Next?
ISO 13485: What's Next?
 
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
5 Ways to Be Vigilant for your Medical Devices from a Cybersecurity Perspective
 
Medical device regulations 510k
Medical device regulations 510kMedical device regulations 510k
Medical device regulations 510k
 
Design Verification vs Design Validation
Design Verification vs Design ValidationDesign Verification vs Design Validation
Design Verification vs Design Validation
 
Software Testing - Software Quality (Part 2)
Software Testing - Software Quality (Part 2)Software Testing - Software Quality (Part 2)
Software Testing - Software Quality (Part 2)
 
Usability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and SoftwareUsability Validation Testing of Medical Devices and Software
Usability Validation Testing of Medical Devices and Software
 
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...
Computational Modeling & Simulation in Orthopedics: Tools to Comply in an Ev...
 
Building a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part IIBuilding a QMS for Your SaMD Part II
Building a QMS for Your SaMD Part II
 

Kürzlich hochgeladen

Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Aggregage
 
Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration TrainingCalvinarnold843
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Neha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and CareerNeha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and Careerr98588472
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHelp Desk Migration
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfASGITConsulting
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Darshan Hiranandani (Son of Niranjan Hiranandani).pdf
Darshan Hiranandani (Son of Niranjan Hiranandani).pdfDarshan Hiranandani (Son of Niranjan Hiranandani).pdf
Darshan Hiranandani (Son of Niranjan Hiranandani).pdfShashank Mehta
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Simplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansSimplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansNugget Global
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 

Kürzlich hochgeladen (20)

Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
 
Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration Training
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Authentically Social - presented by Corey Perlman
Authentically Social - presented by Corey PerlmanAuthentically Social - presented by Corey Perlman
Authentically Social - presented by Corey Perlman
 
Neha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and CareerNeha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and Career
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your Business
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdf
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Darshan Hiranandani (Son of Niranjan Hiranandani).pdf
Darshan Hiranandani (Son of Niranjan Hiranandani).pdfDarshan Hiranandani (Son of Niranjan Hiranandani).pdf
Darshan Hiranandani (Son of Niranjan Hiranandani).pdf
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
Simplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansSimplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business Loans
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 

Understanding IEC 62304

  • 1. Understanding IEC 62304 Co-authored by MethodSense, Inc. and Medical Equipment Compliance Associates, LLC www.methodsense.com | 919.313.3960
  • 2. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Understanding IEC 62304 By: Rita King, Chief Executive Officer, Methodsense, Inc. and Alex Grob, Chief Biomedical Engineer & Quality Manager, Medical Equipment Compliance Associates, LLC What do hospital beds, blood pressure cuffs, dosimeters, and pacemakers all have in common? They are all medical devices with software that regulates their functionality in a way that contributes to Basic Safety or Essential Performance. With the FDA reporting that the rate of medical device recalls between 2002 and 2012 increased by 100% – where software design failures are the most common reason for the recalls – it’s no wonder IEC 62304 has been implemented. Its implementation, however, has medical device manufacturers asking questions about if, when and under what circumstances the standard is required. For starters, what is IEC 62304? IEC 62304 is the international standard that defines software development lifecycle requirements for medical device software. The standard was developed from the perspective that product testing alone is insufficient to ensure patient safety when software is involved. The standard requires all aspects of the software development life cycle to be scrutinized, including: • Development • Risk management • Configuration • Problem resolution • Maintenance The standard provides a common framework for medical device manufacturers to develop software. Conformance with this standard provides evidence that there is a software development process in place that fulfills the requirements of the Medical Device Directive. Because it has been harmonized with the Medical Device Directive in the EU and Recognized as a Consensus Standard by the FDA in the US, IEC 62304 can be used as a benchmark to comply with regulatory requirements in both markets. To date, this standard has been recognized in most countries that use compliance standards to fulfill regulatory requirements. When is IEC 62304 compliance required? One of the most commonly asked questions of test labs is, “Is compliance with this standard required?” Technically, the answer is “no” because compliance with the standard is voluntary. But, in practice, the answer is “yes.” Read on for greater clarification.
  • 3. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Since most medical devices in today’s market contain some type of software, manufacturers must determine under which circumstances IEC 62304 is required. These include: • FDA regulatory compliance with IEC 60601-1 Amendment 1 • Reliance upon software to perform Basic Safety functions • Reliance upon software for Essential Performance If your device falls into any of the above categories, you must have evidence that the software development process used is as good as, or better than, the process presented in IEC 62304. Complying with 62304 enhances the reliability of your device’s software by requiring attention to detail in design, testing and verification, ultimately improving the overall safety of the medical device. Does your device have to meet IEC 60601-1 requirements? The EU has been using IEC 62304 since 2008, but it has gained even more traction with its incorporation into the third edition of IEC 60601-1’s Amendment 1. The inclusion of Amendment 1 shifted the standard from a recommendation to a requirement if your device utilizes software. For those who design or manufacture electromedical equipment, 60601-1 is one of the most important safety and performance standards to meet. The standard addresses critical safety issues, including electrical shocks and mechanical hazards, such as pinching, crushing, and breaking. Devices that must meet IEC 60601-1 requirements include those which: • Diagnose, treat, or monitor the patient under medical supervision • Make physical or electrical contact with the patient • Transfer energy to or from the patient; and/or • Detect such energy transfer to or from the patient. 60601-1 Clause 14 requires manufacturers to comply with IEC 62304 unless the device’s software has no role in providing basic safety or essential performance or risk analysis demonstrates that a failure of any Programmable Electronic Safety System (PESS) does not lead to an unacceptable risk. What role does Basic Safety play? Basic safety is the main focus of IEC 60601-1. It’s important that you conduct a risk analysis to identify your device’s level of unacceptable risk and determine the role of software in risk mitigation. This analysis will determine the applicable basic safety requirements for your device, and, for some requirements, the test parameters that need to be used by the test laboratory. A Common Mistake… The most common mistake that medical device manufacturers make is that they do not always assess which elements of risk their software mitigates. These are the elements that must be addressed by IEC 62304. For example, what would happen if the creator of a hoist didn’t properly vet the software that signaled the hoist to lower the patient at a certain speed? If a patient were lowered to quickly – or not at all – there would be a risk management nightmare. Since software plays a role in the Basic Safety functions of the hoist, it must comply with 62304’s requirements.
  • 4. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. In conjunction with IEC 60601-1, 62304 is intended to minimize the occurrence of these situations. When device software is mitigating a known potential hazard, ensuring that the code is developed properly is critical for the management of patient safety, as well as liability to the manufacturer. Does your software impact Essential Performance? It can be difficult to determine if a device’s software is tied to its Essential Performance (EP), especially because the definition of EP has been widely debated for years. Thankfully, the definition and requirements for Essential Performance changed with Amendment 1 of IEC 60601-1 to help provide more clarity. Determining Essential Performance begins with a list of all functional aspects of your device, including accuracy, measurements and its capabilities. Once you identify these items, determine whether any of these are already covered by the Basic Safety requirements of IEC 60601-1 or whether any item is not part of the device’s intended use. Then, and this is key, every item remaining gets posed the question, “If this item degrades, will it create a risk for the patient?” If the answer is yes, you must identify how its functionality must be maintained so the risk is still acceptable. This is your Essential Performance. A good example to help clarify the impact of Essential Performance on IEC 62304 is accuracy. Consider a device that claims its EP is accurate within 5%. If the device is relying on software to maintain that accuracy or provide an alert when outside of 5%, and that software fails, then the manufacturer will be unable to detect if the device’s Essential Performance is being met. This means the software is providing Essential Performance. Once you know your device software is responsible for Essential Performance, you must comply with IEC 62304 to ensure there is no unacceptable risk to a patient. What are common scenarios manufacturers miss? There are several situations that manufacturers often don’t realize require compliance with IEC 62304. These product features can create major headaches and costly delays if they are not properly developed. These scenarios include:
  • 5. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Alarms & Alerts Alarms are often an Essential Performance requirement because they are intended to detect abnormalities. If the alarm was removed, the device would no longer meet it’s performance requirements, making the risk unacceptable. Software is used to detect the issue, instigate the alarm and make the sound. Speed & Position Sensors These sensors are in place to address Basic Safety concerns. For example, a hospital bed has a position sensor to keep it from crushing the operator’s foot and mammography has sensors to gauge compression. Devices like these use software to limit range of motion, speed and force. Algorithms Algorithms are frequently used with physiological monitoring. If the software is removed, the device is no longer able to operate as intended, resulting in the algorithms being part of Essential Performance. It is important to note that these situations apply to the patient, operator or service personnel. How is compliance assessed? Once you know you must comply with IEC 62304, how do you go about preparing for it? To start, know that compliance with this standard is defined as implementing all of the processes, activities and tasks identified in the standard in accordance with the software safety class. 62304 itself does not prescribe a particular organizational structure or specific format for documentation, however. Compliance is determined by a review of all required documentation, including the risk management file. The logical first step toward achieving compliance is to assess risk management as seen in IEC 60601-1. This includes: • Defining your operational and manufacturing processes • Documenting and assessing operational risks • Defining controls Once your risk management file is complete, your next step is to review the requirements for IEC 62304. Make sure all required elements are defined and met in your procedures. Then, you’re ready to compile your documentation and submit it to your test lab. The test lab will review your documentation against a Test Report Form. They will comb through each step and verify you are including requirements in your procedures. If it has been decided that the software performs Basic Safety or Essential Performance for your device, the lab will conduct a product review. Alarms & Alerts, Speed & Position Sensors and Algorithms are components that are often missed by manufacturers. They all use software for Basic Safety and Essential Performance functions… requiring IEC 63204 compliance.
  • 6. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. The lab will only review the segments of your software development process that apply to Basic Safety and Essential Performance. When the review is complete and approved, you’ll receive a compliance report. If you’ve failed any areas, they will be noted, allowing you to make corrections. If you passed, you are able to move forward with your other regulatory commitments, such as obtaining a 510(k) for the US market or CE Marking for Europe. What are some key pitfalls to look out for? Well-documented Processes When meeting the requirements of IEC 62304, there are areas you would benefit from paying close attention to. The most critical is making sure you have clearly defined processes for your company and your software development lifecycle in particular. IEC 62304 identifies several expectations related to the information that should be included in your software development lifecycle procedures. If your processes are not well documented, you will have a lengthy, costly process ahead of you. Document management is essential for meeting compliance goals. The SOUP Can The next most difficult issue is SOUP, and we’re not talking about chowder or minestrone here. SOUP is an acronym for Software of Unknown Provenance (or Pedigree). This is software you did not develop and have limited knowledge as to how it was created. Think of when an operating system, such as Windows, sends you updates and how your device’s software interacts with them. While test labs don’t expect you to be able to explain the development process of your SOUP manufacturer, you will have to identify how your software relies on SOUP to function. You must identify if SOUP contributes to any unacceptable risk. In your software development process, you will need a plan for how you will handle the SOUP. It’s recommended that you build your software around SOUP in a way that enables your device to operate properly in the event that it (the SOUP) causes your software to fail. Unfortunately, many developers and device manufactures neglect to consider the impact of SOUP. Software Partitioning The certifying body reviewing your device will only look at software partitioned around your Essential Performance and Basic Safety. However, if you’ve not taken the time to partition the code well, they will have to apply the principles of IEC 62304 to your entire code. Partitioning makes for a faster review process and minimizes your compliance risks. This is something to consider at the onset of your development process, as well as when your software undergoes changes over time. Document Development While software developers know what they are doing when it comes to writing code, that doesn’t mean they know what they are doing as it relates to medical devices. Documenting the software lifecycle as the code is created makes for a much smoother, more accurate process than trying to remember how the software was developed after the fact. All too often, software developers are unaware of the scope of documentation required for medical devices. This is particularly critical because over the last couple decades software development methodologies have been evolved and many of the emerging methodologies place less emphasis on documentation and more emphasis on rapid development. So, the key to the software development process is the management of a software development methodology that creates the efficiency the company is looking for with the accountability that the IEC 62304 is expecting.
  • 7. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. Version Control & Updates The chance of your software requiring updates or version changes is pretty likely, and changes conducted after achieving compliance are often forgotten. When you create your software development lifecycle process, be sure to include how these are defined including how you maintain your software in a validated state. Keep in mind that when changes are made to your software, additional testing may be necessary. What about non-compliance? If you get caught in any of the abovementioned pitfalls, you can expect that you will not be in compliance. You will either not receive a report at all, or will receive a report that says you failed somewhere in IEC 60601-1 or IEC 62304. Because the standards are voluntary, you don’t necessarily have to make product changes if you fail. You can choose to not comply. However, for each “fail,” you will be required to provide justification for each deviation. If you have valid justification, your device should still attain regulatory approval from the FDA or in the EU, although developing this justification can be a lengthy process in itself. The reality is these standards are here to stay, especially as software becomes an even more influential medical device component. Summation Based on our experience, when seeking CE Marking, Notified Bodies try to create a level of consistency with their reviews. Thus, it has become more and more difficult to convince a Notified Body that you don’t have to comply with IEC 62304 when it is clear the role of software in your medical device contributes to Essential Performance. Attempting to take the path of “justification” will likely add more time to your process, and you may find yourself needing to complete IEC 62304 in the long run. Our recommendation is to avoid loopholes that don’t really exist and to go through the process of meeting IEC 62304 requirements. Not only will this be more effective for meeting commercialization goals, but it will prove you stand behind the safety of your device.
  • 8. delivering breakthroughs within the life sciences © 2014 MethodSense, Inc. About the authors MethodSense is a life science consulting firm with offices in the US and Europe. They guide medical device, biotech and pharmaceutical companies with quality, regulatory and technology solutions. Their services enable clients to operate more effectively during the commercialization process and beyond. As it relates to IEC 60601-1 and 62304, MethodSense provides expert guidance and interpretation, helping you with: ! Reviewing the standard you must comply with ! Conducting a gap analysis of your Risk Management Program against ISO 14971 ! Updating your Risk Management Documentation ! Completing the IEC 60601-1 and other relevant tables ! Submitting your documentation for review For more information about MethodSense, visit www.methodsense.com. MECA was formed in 2002, to assist medical device companies with their safety certification, compliance, and regulatory needs. They have grown their business and network of associates with the leaders in their respective fields, to offer the highest level of certification and regulatory support that you will find anywhere. MECA works to help bring the safest devices possible to market, especially as it relates to IEC 60601-1 and IEC 62304 compliance. To learn more about MECA’s service, visit 60601-1.com.