Overview of IEC 62304 Certification
IEC 62304 gives the requirements for the lifecycle of medical device software. It defines the processes, activities, and tasks for improving the safety and effectiveness of any medical device by taking a comprehensive, risk-based approach for software development.
The first edition of IEC 62304 was published in 20o6. Then the Second version, which is amended, came into 2015, intending to add requirements to deal with the LEGACY SOFTWARE, where the software design is prior to the existence of this latest version, to assist manufacturers in showing compliance to Standard to meet European Directives. Software safety classification changes required for the amendment include clarifying the requirements and updating the software safety classification to include the risk-based approach. It is applied to the development and maintenance of medical device software in the following cases:
It is an international standard for all medical device software development and life cycle processes. The safety of patients and efficacy of medical device software used in the care of the patient are paramount, and so all caution is required. IEC 62304 provides guard rails that enhance the quality of medical device software reaching patients. Its principles are rigorous planning, documentation, testing and verification of everything and then traceability, combinedly with a transparent mechanism to verify the compliance of all parts of this Standard.
In IEC 62304, the process specifications are based on the following classes of medical device software's safety:
The higher the safety classification of medical device software, the more stringent the process requirement on such medical device software. Class C medical device software is required to comply with all the specifications in the Second version of the Standard; Class B medical device software is exempted from some, and Class A are exempted from even more.
Medical Software device is not defined in a quite vague manner under IEC 62304, and so it is difficult to identify which piece of software needs to adhere to the medical device standard. The following functions are used to classify the software as a medical device:
Benefits of obtaining IEC 62304 Certification
Following are the benefits of having an IEC 62304 Certification:
Prerequisites for IEC 62304 Certification
Following are the requirements one should comply with before applying for the IEC 62304 Certification:
- Quality Management System
- Risk Management
- Legacy Software
- Software Development Process
- Software maintenance process
- Software risk management process
- Software configuration management process
- Software problem resolution process
Documents Required for IEC 62304 Certification
Following are the documents required while obtaining IEC 62304 Certification:
Book a Free Consultation
Get response within 24 hours
Procedure required for IEC 62304 Certification
There are four essential steps to be followed while obtaining IEC 62304 Certification:
- Optional Preliminary Audit
A voluntary Site inspection is conducted, and the issuing authority reviews quality management documents to assess the organisation's readiness for scale I and II Auditing Phase.
- Audit: Stage I
Assessment of the eligibility for Certification is understood as well as determined by results of on-site Auditing, business assessment and IEC 62304 standard documents analysis.
- Audit: Stage II
On-site evaluation of the compliance of the IEC 62304 standard for excellence in areas where practice and efficiency are applied.
An official confirmation certifies the IEC 62304 standard's integrity and compliance and thus issues the IEC 62304 Certification.
Frequently Asked Questions
The manufacturer follows the following steps while choosing to incorporate legacy software:
- Risk management activities
- Gap analysis
- Gap closure
- The rationale for the use of legacy software
The following comes under one of the IEC 62304 requirements, i.e., Risk Control:
- Risk control option analysis
- Implementation of risk control measures
- Residual risk evaluation
- Benefit-risk analysis
- Risks arising from risk control measures
- Completeness of risk control
Following are some key regulatory standards for medical devices:
- ISO 13485 for Quality Management
- ISO 14971 for Risk Management
- European Union (EU) Medical Device Regulation, EU standard which replaced Medical Devices Directive in 2020
- FDA Regulations, US standard for medical device compliance.