Talk to an Expert


Expertise in IEC 62304 Certification


Among Asia Top 100 Consulting Firm

Top 100

Among Asia Top 100
Consulting Firm

step 1
Lowest Fees


Lowest Fees
100,000 + Clients.

step 1
4.9 Customer Rating


4.9 Customer Rating
50+ Offices

Overview of IEC 62304 Certification

IEC 62304 gives the requirements for the lifecycle of medical device software. It defines the processes, activities, and tasks for improving the safety and effectiveness of any medical device by taking a comprehensive, risk-based approach for software development. 

The first edition of IEC 62304 was published in 20o6. Then the Second version, which is amended, came into 2015, intending to add requirements to deal with the LEGACY SOFTWARE, where the software design is prior to the existence of this latest version, to assist manufacturers in showing compliance to Standard to meet European Directives. Software safety classification changes required for the amendment include clarifying the requirements and updating the software safety classification to include the risk-based approach. It is applied to the development and maintenance of medical device software in the following cases:

  • Software is itself a medical device 
  • Software is an embedded in or integral part of the medical device 

It is an international standard for all medical device software development and life cycle processes. The safety of patients and efficacy of medical device software used in the care of the patient are paramount, and so all caution is required. IEC 62304 provides guard rails that enhance the quality of medical device software reaching patients. Its principles are rigorous planning, paper works, testing and verification of everything and then traceability, combinedly with a transparent mechanism to verify the compliance of all parts of this Standard. 

In IEC 62304, the process specifications are based on the following classes of medical device software's safety:

  • Class A: No injury or damage to individual health possible
  • Class B: Injury possible, but not serious 
  • Class C: Death or serious injury possible 

The higher the safety classification of medical device software, the more stringent the process requirement on such medical device software. Class C medical device software is required to comply with all the specifications in the Second version of the Standard; Class B medical device software is exempted from some, and Class A are exempted from even more. 

Medical Software device is not defined in a quite vague manner under IEC 62304, and so it is difficult to identify which piece of software needs to adhere to the medical device standard. The following functions are used to classify the software as a medical device:

  • Software controls other medical devices 
  • Software programs for other medical devices 
  • The software calculates anatomical data 
  • The software has diagnostic functions 
  • Software controls active implants in anybody 
  • Software evaluates ECGs
  • The software that can evaluate medical risks. 

Benefits of obtaining IEC 62304 Certification 

Following are the benefits of having an IEC 62304 Certification:

  • The desired outcome and positive impact of using a software medical device on the health of an individual 
  • Positive impact on public health or patient management 
  • The positive impact of clinical outcome
  • It Impacts the quality of a patient's life 
  • Positive outcomes related to diagnosis 
  • The positive impact of the diagnostic software devices on clinical outcomes 
  • International recognition 
  • Efficiently and safely bringing a software medical device to the global market. 
  • Implementation of ideal methods for reducing risk
  • Development of effective software devices within the industry 

Prerequisites for IEC 62304 Certification

Following are the requirements one should comply with before applying for the IEC 62304 Certification:

  • Quality Management System 
  • Risk Management 
  • Legacy Software 
  • Software Development Process 
  • Software development planning 
  • Software requirements analysis 
  • Software architectural design 
  • Software detailed design 
  • Software unit implementation and verification
  • Software integration and integration testing 
  • Software system testing 
  • A software release for utilisation at a system level 

Software maintenance process 

  • Establish a software maintenance plan 
  • Analyse identified problems and devise modify them 
  • Implement the agreed-on modifications

Software risk management process 

  • Risk Analysis: Analysis of the software that may contribute to hazardous situations 
  • Risk control measures 
  • Risk evaluation 
  • Verification of such risks control measures 
  • Risk management of new software changes

Software configuration management process 

  • Identifying software configuration 
  • Controlling all changes made to the software 
  • Recording and reporting 

Software problem resolution process 

  • Preparing problem reports 
  • Investing existing problems 
  • Advise internal parties 
  • Change control processes 
  • Keep updated records of actions taken
  • Analyse problem reports and identify the trend
  • Verification of software problems resolution 
  • Test the paper works's contents

Documents Required for IEC 62304 Certification 

Following are the Documents required while obtaining IEC 62304 Certification:

  • Development plan 
  • Requirements specification 
  • Architecture 
  • Detailed design 
  • Unit implementation 
  • Unit verification 
  • Software Integration and integration testing 
  • System testing 
  • Software release
  • User requirements 
  • System requirements
  • Model 
  • Source code
  • Object code 
  • Risk management plan 
  • Risk management file
  • Import details, in case of import 
  • Information for the user the accountable for the installation, use, maintenance, decommissioning and disposal of medical device software 
  • Information related to safe use 
  • Technical description 
  • Installation manual 
  • Quick reference guide 
  • Documents with results achieved or providing evidence of all activities performed, including records. 

Book a Free Consultation

Get response within 24 hours

Procedure required for IEC 62304 Certification

 There are four essential steps to be followed while obtaining IEC 62304 Certification:

Optional Preliminary Audit

A voluntary Site inspection is conducted, and the issuing authority reviews quality management Documents to assess the organisation's readiness for scale I and II Auditing Phase.

Audit: Stage I

Assessment of the eligibility for Certification is understood as well as determined by results of on-site Auditing, business assessment and IEC 62304 standard Documents analysis.

Audit: Stage II

On-site evaluation of the compliance of the IEC 62304 standard for excellence in areas where practice and efficiency are applied. 


An official confirmation certifies the IEC 62304 standard's integrity and compliance and thus issues the IEC 62304 Certification.

Frequently Asked Questions

Medical Device Software is defined under IEC 62304 as a software system developed for the purpose of being incorporated into the medical device developed that is intended for being used as a medical device.

The Medical Device Software is legally placed on the market and is continuously marketed to date; however, for such medical device software, if there is insufficient objective evidence that it is developed in compliance with the latest version o IEC 62304 standard.

IEC 62304 talks about medical device software; however, for Quality Management and risk management of such software for medical devices, it follows ISO 13485 and ISO 14971, respectively.

The manufacturer follows the following steps while choosing to incorporate legacy software:

  • Risk management activities
  • Gap analysis 
  • Gap closure 
  • The rationale for the use of legacy software

The following comes under one of the IEC 62304 requirements, i.e., Risk Control:

  • Risk control option analysis 
  • Implementation of risk control measures 
  • Residual risk evaluation 
  • Benefit-risk analysis 
  • Risks arising from risk control measures
  • Completeness of risk control

Following are some key regulatory standards for medical devices:

  • ISO 13485 for Quality Management 
  • ISO 14971 for Risk Management 
  • European Union (EU) Medical Device Regulation, EU standard which replaced Medical Devices Directive in 2020
  • FDA Regulations, US standard for medical device compliance.

IEC 62304:2006 is the latest version of this Standard, which provides guidance to manufacturers for identifying hazards that can arise from a software failure or defect to classify the risk of a medical device properly.

Why Corpbiz

(We make technical compliance certifications effortless and convenient.)

100,000+ Clients Worldwide

Clients Worldwide

4.9 Customer Rating

Customer Rating

1000+ Team CA/CS/Lawyers

1000+ Team
CA/CS/Lawyers & Engineers

24X7 Customer care

Among 1% of
Industry Professionals

Go for all services

Get started?

We also help you market your products through an online marketplace.

Fill up Application Form

Fill up Application Form

Make Online Payment

Make Online Payment

Executive will Process Application

Executive will Process Application

Get Confirmation Mail

Get Confirmation Mail

100,000 Customers and Counting!

Get Started Live ChatLive Chat

Subhendu Mandal

From Mountain View Recently Purchased @FSSAI Basic