WIXLIB

IEC 62304An introduction the Software Life Cycle for Medical DevicesVersion 04Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 1

Content The IEC62304 and its environment SW Classification IEC62304 implementation The IEC62304 step by step General RequirementsSoftware DevelopmentSoftware Risk ManagementSoftware Configuration ManagementSoftware Problem ResolutionSoftware MaintenanceSOUPProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 2

But first who is who . Willem vd Biggelaar Quality and Medical Regulatory Consultant for 15 years nowCertified DEKRA auditor for ISO 9001 / ISO 13485Setup ISO 13485 certified Quality Management Systems (QMS)Previous jobs Quality Assurance Officer (5 years) System Tester (1 year) Embedded software engineer (7 years) And you?Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 3

The IEC62304 and its environmentProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 4

Just to set the scope .IEC62304:2006 v1.0 Is the de-facto process standard for the development of medicaldevice software New 2.0 version on it’s way, version 1.1 already available but notharmonizedProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 5

Recognized by major markets (EU, USA, China)Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 6

Regulatory frameworkHarmonized Standards presume conformance to GSPRGeneric Product StandardsexamplesProcess StandardsIEC 60601-1 ElectricalSafetyISO 13485 QMS formedical devicesISO 14971 RiskManagementIEC 62366 UseabilityEngineeringMDR contains GSPRIEC 60601-1-2 EMCMedical DeviceRegulatoryrequirementsIEC 60601-1-6 UsabilitySatisfyFulfillParticular Product StandardsexamplesEuropean MedicalDevicesRegulation (2017/745/EC)RegulateIEC 60601-2-10 safety of nerveand muscle stimulatorsIEC 62304 Software LifecycleIEC 60601-2-57 Non-laser lightsource equipmentMandatory. You have to complyIEC 62471 Photobiologicalsafety of lamps and lampsystemsVoluntary but if you do not follow them,a lot of justification is neededEuropean website where you can find the harmonized standards (based on current s/index en.htmProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 7

Relation with other standardsStandalone Health SWIEC82304Health SoftwareStandalone & embeddedMedical Device SWEmbeddedMedical Device SWIEC62304Medical DeviceSoftwareIEC60601-1Health SWAny kind of software, which directly orindirectly has an effect on health.E.g. Radiology Information Systems (RIS),Prescription Management Systems (PMS),Laboratory Information Mngt Systems (LIMS)NormativeReferenceISO14971Risk ManagementISO13485Quality SystemsProcess VisionMedical ElectricalEquipment – Basic safetyMedical Electrical EquipmentElectrical equipment having anAPPLIED PART or transferring energy toor from the PATIENT or detecting suchenergy transfer to or from thePATIENT and which is intended by itsMANUFACTURER to be used as a MEDICALDEVICEIEC62366UseabilityIEC62304 Medical Device Software – Life Cycle processesSheet 8

Out of scope of IEC62304: Validation Standalone Software: IEC82304 Health Software Embedded Software: IEC60601-1 Medical Electrical Equipment:Chapter 14: PEMSProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 9

Relation with IEC60601-1 Medical Electrical EquipmentProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 10

Content IEC623041.2.3.4.5.6.7.8.9.10.11.12.13.Process VisionScopeNormative referencesTerms and definitionsGeneral RequirementsSoftware DevelopmentSoftware MaintenanceSoftware Risk ManagementSoftware Configuration ManagementSoftware Problem ResolutionAnnex A Rationale for the requirements of this standardAnnex B Guidance on the provisions of this standardAnnex C Relationship to other standardsAnnex D ImplementationIEC62304 Medical Device Software – Life Cycle processesSheet 11

Product creation in one pictureMaintenance& ChangeManagementStakeholderHazardsfeedbackField impact on changeInstalled BaseChangeRequestTiming, budgetCM oject / ProductManagementProject PlanV&V ineDesignReviewsCustomerproductProduct ReleaseRelease NotesUser ManualRisk / BenefitanalysisControlMeasuresProblem ReportsV&V SpecsV&V tionsPeerReviewsRegressionTestsPeerReviewsProcess VisionVerification &Validation (V&V)Design SpecsSoftware CodeDesign &ImplementationIEC62304 Medical Device Software – Life Cycle processesSheet 12

So what is IEC62304 about?ProfessionalSoftwareDevelopmentProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 13

SoftwareClassificationProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 14

Definition Software classificationClass AClass BClass CNo injury or damage to health possibleNon serious injury possibleDeath or serious injury possibleDependent on the classification,more requirements from IEC62304 are to be implemented.The idea behind it is thatThe most unsafe SW requires the most strict SW processProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 15

Applicable clausesper classProcess VisionA22B46C525Software Development5.15.25.35.45.55.65.75.8Development PlanningRequirements AnalysisArchitectural DesignDetailed DesignSoftware Unit ImplementationIntegration and TestingSystem TestingRelease750010541064148581165458586Software Maintenance8886.1 Establish Software Maintenance Plan6.2 Problem and Modification Analysis6.3 Modification Implementation1521521527Software Risk Management112127.17.27.37.4Analysis of software contributing to HazardsRisk Control MeasuresVerification of Risk Control MeasuresRisk Management of Software Changes0001522352238Software Configuration Management7778.1 Configuration Identification8.2 Configuration Control8.3 Configuration Status Accounting3413413419888Software Problem ResolutionIEC62304 Medical Device Software – Life Cycle processesSheet 16

Differences classification mostly in development Class A no architectural designNo detailed designNo unit verification testingNo integration testingNo evaluation of known residual anomalies Class B No detailed designProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 17

SW Classification process in the IEC62304Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 18

Inheritance of safety classSW SystemCSW ItemSW ItemASW UnitSW UnitAProcess VisionSW UnitBSW UnitACBSW UnitBIEC62304 Medical Device Software – Life Cycle processesSheet 19

SW Classification process in the IEC62304 By default the whole SW system is class C You may use class A only if (Quote from DEKRA notified body):

SW Classification process Perform the system risk analysis according to ISO14971 Have the SW architecture defined Filter out all hazards that have a SW component failure as source Filter out all hazards that have SW component as control measure Classify those SW components based on the severity of the hazard If a HW control measure is defined, the classification can degradeProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 21

Example – surgical robotic system – initialassessment The system manipulates an instrument inside the organ. The software ofthe system has full control over this manipulation and can cause seriousinjuries. Therefore, the software system as a whole is treated as safety classC, with certain subsystems having a lower safety class A. All complexity and safety-critical aspects are centered in one subsystem. Application Software subsystem – Class CIncludes state control, robotic motion control and a safety layer. The state controlcontrols the states of the system. The robotic motion control controls themanipulation motion of the surgical instrument Service SW subsystem – Class A User Interface (GUI) SW subsystem – Class A Firmware (FW) Software subsystem – Class AProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 22

Example Lung function measuringdevice – full assessmentmeasure, calculate and present lung function parameters without any diagnosis.NO FORCED EXHALATION IS REQUIRED AS INSPIROMETRY; PULMONARY FUNCTIONVALUES ARE OBTAINED DURING TIDALBREATHING both the single occlusiontechnique (SOT) and the interruptertechnique (RINT) can be done. In addition,tidal flow volume (TFV) loops can bemonitored and analysed

Example Lung function measuring deviceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 24

Example Lung function measuring deviceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 25

Example Lung function measuring deviceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 26

Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 27

Example Lung function measuring deviceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 28

Example Lung function measuring deviceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 29

What I have seen gone wrong Not implementing IEC62304 for class A software System risk analysis NOT used as input No proper rationale why SW is A or B Assigning SW classification without SW architecture IEC62304 classification made equal to FDA Level of concernProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 30

Implementation of the IEC62304Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 31

Implementation of IEC62304 Go through the standard, clause by clause Adapt your software process accordingly Adapt your software templates and checklists accordingly Adapt your software environment accordingly (version control, codingcheckers, .)Process VisionIEC62304 Medical Device Software – Life Cycle processesSheet 32

Example software requirement templateProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 33

The ultimate compliance check Fill the TRF for IEC62304 a.s.a.p. in the projectProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 34

Outsource your software development? If you outsource . Select your supplier based on Prooven experience with medical device software With at least class B developmentProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 35

What I have seen gone wrong IEC62304 implementation in QMS not detailed out IEC62304 TRF filled in only at the end of the project (needed forsubmission to the notified body) No static or dynamic code checkers at all Outsource based on time/money not on software competenceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 36

The IEC62304 step by stepGeneral RequirementsSoftware DevelopmentSoftware Risk ManagementSoftware Configuration ManagementSoftware Problem ResolutionSoftware MaintenanceProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 37

4 - General requirements Have a quality system (also a demand from MDR)Article 10 MDRManufacturers of devices, other than investigational devices, shall establish, document, implement,maintain, keep up to date and continually improve a quality management system that shall ensurecompliance with this Regulation in the most effective manner and in a manner that is proportionate tothe risk class and the type of device. Have a risk management process conform ISO14971 Assign a software safety class depending on the effects of a hazard towhich the software system can contribute.A. no injuryB. non-serious injuryC. Death or serious injuryProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 38

5 – SW development SW development planning SW requirements analysis SW architectural design SW detailed design SW unit implementation and verification SW integration and integration testing SW system testing SW releasesProcess VisionIEC62304 Medical Device Software – Life Cycle processesSheet 39