Overview of IEC 82304 Certification

IEC 82304 is applicable to the safety and security of all health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware and focus on manufacturers' requirements. It is applicable to the entire lifecycle, including design, development, validation, installation, maintenance, and disposal of health software products. 

IEC 82304 fills the gap between the IEC 62304 and software medical device validation required by regulations. It contains a set of clauses defining the need at the system level, and it references existing state-of-the-art standards, i.e., ISO 14971 and IEC 62304 for the software level. IEC 82304 aims to provide the requirement for the safety and security of health software products. 

Health Software products are software-only products. Such products are intended to be used with computing equipment not explicitly developed for running software. Such products are intended by their manufacturer for managing, maintaining or improving the health of individual persons or for delivery of care. IEC 82304 does not apply to health software that intends to become part of specific hardware designed for health use; however, the IEC 82304 does not apply to the followings:

• Medical electrical equipment or systems 
• In vitro diagnostic equipment 
• Implantable devices 

Benefits of IEC 82304 Certification 

The following are the benefits of having an IEC 82304 Certification:

• Establishing the intended use of health software and performing an initial risk assessment 
• Determining requirements and validation plan 
• Identifying system requirements 
• Follow IEC 62304 for the development and release of verified health software
• Finalising accompanying documents 
• Validating health software products 
• Designing software maintenance 
• Maintaining health software.

Perquisites for IEC 82304 Certification

IEC 82304 take reference from IEC 62304 in requirements, and sometimes it refers to the requirements from ISO 14971, but not mandatorily. The main requirements of IEC 82304 are as follows:  

1. Risk Management 
2. Legacy Software 
3. Software Development Process 

• Development planning 
• Requirements analysis 
• Architectural design 
• Detailed design 
• Software unit implementation and verification
• Software integration and integration testing 
• System testing 
• A software release for utilisation at a system level 

4. Software maintenance process 

• Software maintenance plan 
• Analyse identified problems and modify them 
• Implement modifications

5. Software risk management process 

• Analysis of the software that may contribute to hazardous situations 
• Control measures 
• Evaluation 
• Verification of such risks control measures 
• Risk management of new software changes

6. Software configuration management process 

• Identifying software configuration 
• Controlling changes made to the software 
• Recording and reporting 

7. Software problem resolution process 

• Problem reports 
• Existing problems 
• Advise internal parties 
• Change control processes 
• Updated records of actions taken
• Problem reports and identification of the trend
• Verification of software problems resolution 
• Test the documentation's contents

8. Risk Assessment of Health Software Product and Risk Mitigation actions (referred from ISO 14971)

Documents Section 

Documents required for IEC 82304 Certification

Followings are the top most required documents and information for obtaining IEC 82304 Certification:

• User requirement 
• System requirements, including technical requirements 
• Validation 
• Identification 
• Software maintenance
• Development plan
• Requirements specification 
• Architecture and Detailed design 
• Unit implementation and verification 
• Software Integration and integration testing 
• Software System testing 
• Software release
• Model 
• Source code
• Object code 
• Risk management plan 
• Risk management file
• In the case of import, import details,
• Information for the user the accountable for the installation, use, maintenance, decommissioning and disposal of health software 
• Information related to safe use 
• Installation manual 
• Quick reference guide

Procedure required for IEC 82304 Certification

 These are the essential steps to be followed while obtaining IEC 82304 Certification:

• Optional Preliminary Audit

A voluntary Site inspection and review of quality management documents to assess the Organisation's readiness for the scale I and II Auditing Phase is done by the issuing authority.

• Audit: Stage I

Assessment of the eligibility for Certification is understood as well as determined by results of on-site Auditing, IEC 82304 standard documents analysis.

• Audit: Stage II

On-site evaluation of the compliance of the IEC 82304 standard for excellence in areas where practice and efficiency are applied completely. 

• Certification 

After completing all the above-mentioned steps, the Issuing authority certifies the IEC 82304 standard's integrity and compliance on the part of the Organisation and thus issues the IEC 82304 Certification.