Overview of IEC 62304 Certification

IEC 62304 gives the requirements for the lifecycle of medical device software. It defines the processes, activities, and tasks for improving the safety and effectiveness of any medical device by taking a comprehensive, risk-based approach for software development. 

The first edition of IEC 62304 was published in 20o6. Then the Second version, which is amended, came into 2015, intending to add requirements to deal with the LEGACY SOFTWARE, where the software design is prior to the existence of this latest version, to assist manufacturers in showing compliance to Standard to meet European Directives. Software safety classification changes required for the amendment include clarifying the requirements and updating the software safety classification to include the risk-based approach. It is applied to the development and maintenance of medical device software in the following cases:

• Software is itself a medical device 
• Software is an embedded in or integral part of the medical device 

It is an international standard for all medical device software development and life cycle processes. The safety of patients and efficacy of medical device software used in the care of the patient are paramount, and so all caution is required. IEC 62304 provides guard rails that enhance the quality of medical device software reaching patients. Its principles are rigorous planning, documentation, testing and verification of everything and then traceability, combinedly with a transparent mechanism to verify the compliance of all parts of this Standard. 

In IEC 62304, the process specifications are based on the following classes of medical device software's safety:

• Class A: No injury or damage to individual health possible
• Class B: Injury possible, but not serious 
• Class C: Death or serious injury possible 

The higher the safety classification of medical device software, the more stringent the process requirement on such medical device software. Class C medical device software is required to comply with all the specifications in the Second version of the Standard; Class B medical device software is exempted from some, and Class A are exempted from even more. 

Medical Software device is not defined in a quite vague manner under IEC 62304, and so it is difficult to identify which piece of software needs to adhere to the medical device standard. The following functions are used to classify the software as a medical device:

• Software controls other medical devices 
• Software programs for other medical devices 
• The software calculates anatomical data 
• The software has diagnostic functions 
• Software controls active implants in anybody 
• Software evaluates ECGs
• The software that can evaluate medical risks. 

Benefits of obtaining IEC 62304 Certification 

Following are the benefits of having an IEC 62304 Certification:

• The desired outcome and positive impact of using a software medical device on the health of an individual 
• Positive impact on public health or patient management 
• The positive impact of clinical outcome
• It Impacts the quality of a patient's life 
• Positive outcomes related to diagnosis 
• The positive impact of the diagnostic software devices on clinical outcomes 
• International recognition 
• Efficiently and safely bringing a software medical device to the global market. 
• Implementation of ideal methods for reducing risk
• Development of effective software devices within the industry 

Prerequisites for IEC 62304 Certification

Following are the requirements one should comply with before applying for the IEC 62304 Certification:

1. Quality Management System 
2. Risk Management 
3. Legacy Software 
4. Software Development Process 

• Software development planning 
• Software requirements analysis 
• Software architectural design 
• Software detailed design 
• Software unit implementation and verification
• Software integration and integration testing 
• Software system testing 
• A software release for utilisation at a system level 

5. Software maintenance process 

• Establish a software maintenance plan 
• Analyse identified problems and devise modify them 
• Implement the agreed-on modifications

6. Software risk management process 

• Risk Analysis: Analysis of the software that may contribute to hazardous situations 
• Risk control measures 
• Risk evaluation 
• Verification of such risks control measures 
• Risk management of new software changes

7. Software configuration management process 

• Identifying software configuration 
• Controlling all changes made to the software 
• Recording and reporting 

8. Software problem resolution process 

• Preparing problem reports 
• Investing existing problems 
• Advise internal parties 
• Change control processes 
• Keep updated records of actions taken
• Analyse problem reports and identify the trend
• Verification of software problems resolution 
• Test the documentation's contents

Documents Required for IEC 62304 Certification 

Following are the documents required while obtaining IEC 62304 Certification:

• Development plan 
• Requirements specification 
• Architecture 
• Detailed design 
• Unit implementation 
• Unit verification 
• Software Integration and integration testing 
• System testing 
• Software release
• User requirements 
• System requirements
• Model 
• Source code
• Object code 
• Risk management plan 
• Risk management file
• Import details, in case of import 
• Information for the user the accountable for the installation, use, maintenance, decommissioning and disposal of medical device software 
• Information related to safe use 
• Technical description 
• Installation manual 
• Quick reference guide 
• Documents with results achieved or providing evidence of all activities performed, including records. 

Procedure required for IEC 62304 Certification

 There are four essential steps to be followed while obtaining IEC 62304 Certification:

• Optional Preliminary Audit

A voluntary Site inspection is conducted, and the issuing authority reviews quality management documents to assess the organisation's readiness for scale I and II Auditing Phase.

• Audit: Stage I

Assessment of the eligibility for Certification is understood as well as determined by results of on-site Auditing, business assessment and IEC 62304 standard documents analysis.

• Audit: Stage II

On-site evaluation of the compliance of the IEC 62304 standard for excellence in areas where practice and efficiency are applied. 

• Certification 

An official confirmation certifies the IEC 62304 standard's integrity and compliance and thus issues the IEC 62304 Certification.