IEC 62304 Edition 1 1 201 5 06 CONSOLIDATED VERSION Medical device software – Software l ife cycle processes IE C 6 2 3 0 4 2 0 0 6 0 5 + A M D 1 2 0 1 5 0 6 C S V (e n ) colour inside Copyright Inter[.]
I E C 62 Edition 1 201 5-06 C ON S OLI D ATE D VE RS I ON colour i n sid e IEC 62304:2006-05+AMD1 :201 5-06 CSV(en) M ed i cal d evi ce s oftware – S oftware l i fe cycl e proce ss es T H I S P U B L I C AT I O N I S C O P YRI G H T P RO T E C T E D C o p yri g h t © I E C , G e n e v a , S wi tz e rl a n d All rights reserved Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IEC's member National Committee in the country of the requester If you have any questions about I EC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local I EC member National Committee for further information IEC Central Office 3, rue de Varembé CH-1 21 Geneva 20 Switzerland Tel.: +41 22 91 02 1 Fax: +41 22 91 03 00 info@iec.ch www.iec.ch Ab ou t th e I E C The I nternational Electrotechnical Commission (I EC) is the leading global organization that prepares and publishes I nternational Standards for all electrical, electronic and related technologies Ab o u t I E C p u b l i ca ti o n s The technical content of IEC publications is kept under constant review by the IEC Please make sure that you have the latest edition, a corrigenda or an amendment might have been published I E C Catal og u e - webstore i ec ch /catal og u e The stand-alone application for consulting the entire bibliographical information on IEC International Standards, Technical Specifications, Technical Reports and other documents Available for PC, Mac OS, Android Tablets and iPad I E C pu bl i cati on s s earch - www i ec ch /search pu b The advanced search enables to find IEC publications by a variety of criteria (reference number, text, technical committee,…) It also gives information on projects, replaced and withdrawn publications E l ectroped i a - www el ectroped i a org The world's leading online dictionary of electronic and electrical terms containing more than 30 000 terms and definitions in English and French, with equivalent terms in additional languages Also known as the International Electrotechnical Vocabulary (IEV) online I E C G l os sary - s td i ec ch /g l oss ary More than 60 000 electrotechnical terminology entries in English and French extracted from the Terms and Definitions clause of IEC publications issued since 2002 Some entries have been collected from earlier publications of IEC TC 37, 77, 86 and CISPR I E C J u st Pu bl i s h ed - webstore i ec ch /j u stpu bl i sh ed Stay up to date on all new IEC publications Just Published details all new publications released Available online and also once a month by email I E C C u stom er S ervi ce C en tre - webstore i ec ch /csc If you wish to give us your feedback on this publication or need further assistance, please contact the Customer Service Centre: csc@iec.ch I E C 62 Edition 1 201 5-06 C ON S OLI D ATE D VE RS I ON colour i n sid e M ed i cal d e vi ce s oftware – S oftware l i fe cycl e proce ss e s INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 1 040 ISBN 978-2-8322-2765-7 Warn i n g ! M ake su re th a t you obtai n ed th i s pu bl i cati on from an au th ori zed d i s tri bu tor I E C 62 Edition 1 201 5-06 RE D LI N E VE RS I ON colour i n sid e IEC 62304:2006-05+AMD1 :201 5-06 CSV(en) M ed i cal d evi ce s oftware – S oftware l i fe cycl e proce ss es –2– I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 CON TEN TS FOREWORD I N TRODU CTI ON I N TRODU CTI ON to Amen d ment Scope * Pu rpose * Fiel d of application Rel ationship to oth er stan d ard s Compl iance * N ormative references * Terms an d d efinitions * Gen eral requ iremen ts * Qu al ity managem en t system * R I SK M AN AG EM EN T * Software safety cl assification 4 * L EG ACY SOFTWARE Software d evelopmen t PROCESS * Software d evel opment pl ann ing * Software req u irem en ts an al ysis 21 * Software ARCH I TECTU RAL d esign 23 * Software d etailed d esign 24 5 * S OFTWARE U N I T implemen tation and verification 25 * Software in tegration and in tegration testing 25 * S OFTWARE SYSTEM testing 27 * Software release 28 Software main tenan ce PROCESS 29 * Establ ish software main tenan ce pl an 29 * Probl em and mod ification an alysis 30 * M od ification impl emen tation 31 * Software RI SK M AN AG EM EN T PROCESS 31 * Analysis of software contribu ti ng to h azard ous situations 31 R I SK CON TROL measu res 32 V ERI FI CATI ON of RI SK CON TROL measures 32 R I SK M AN AG EM EN T of software ch anges 33 * Software configuration man agemen t PROCESS 33 * Configu ration id entification 33 * Ch an ge trol 33 * Configu ration status accou n ting 34 * Software problem resol u tion PROCESS 34 Prepare PROBLEM REPORTS 34 I n vestigate th e probl em 35 Ad vise rel evan t parties 35 U se chan ge trol process 35 M aintain record s 35 An al yse probl ems for tren d s 35 Verify software probl em resolu tion 35 I EC 62304: 2006 –3– +AM D1 : 201 CSV I EC 201 Test d ocumentation tents 36 Ann ex A (in formative) Ration ale for th e req u irements of th is stand ard 37 Ann ex B (in formative) Guid an ce on the provision s of th is stan d ard 40 Ann ex C (in formative) Relati on sh ip to other stan d ard s 58 Ann ex D (informative) I mpl ementation 84 Bibl iography 86 I nd ex of d efined terms 88 Figu re – Overview of software d evel opmen t PROCESSES an d ACTI VI TI ES Figu re – Overview of software main ten ance PROCESSES an d ACTI VI TI ES Figu re – Assign in g software safety classification Figu re B – Pictorial representation of th e rel ation sh ip of H AZARD , seq u en ce of even ts, H AZARDOU S SI TU ATI ON , and H ARM – from I SO 4971 : 2007 Annex E 44 Figure B – Exampl e of partition ing of SOFTWARE I TEM S 46 Figu re C – Rel ation ship of key M EDI CAL DEVI CE stand ard s to I EC 62304 59 Figu re C – Software as part of the V-mod el 62 Figu re C – Appl ication of I EC 62304 with I EC 61 01 0-1 72 Table Tabl e Tabl e Tabl e Tabl e Tabl e Tabl e Tabl e A B C C C C C D – Su mmary of requ irements by software safety cl ass 39 – Developmen t (mod el) strategies as d efined in I SO/I EC 2207 41 – Rel ation sh ip to I SO 3485: 2003 60 – Rel ation ship to I SO 4971 : 2000 2007 61 – Rel ation sh ip to I EC 60601 -1 64 – Rel ationsh ip to I EC 60601 -4 – Rel ation sh ip to I SO/I EC 2207 74 – Ch eckl ist for smal l com panies withou t a certified QM S 85 –4– I EC 62304: 2006 +AMD1 : 201 CSV I EC 201 INTERNATI ONAL ELECTROTECHNICAL COMMISSION M E D I C AL D E VI C E S O F T WARE – S O F T WARE L I F E C YC L E P RO C E S S E S FOREWORD ) The I nternational Electrotechnical Com m ission (I EC) is a worldwide organization for standardization com prising all national electrotechnical com m ittees (I EC National Com m ittees) The object of I EC is to prom ote international co-operation on all questions concerning standardization in the electrical and electronic fields To this end and in addition to other activities, I EC publishes I nternational Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “I EC Publication(s)”) Their preparation is entrusted to technical com m ittees; any I EC National Com m ittee interested in the subject dealt with m ay participate in this preparatory work I nternational, governm ental and nongovernm ental organizations liaising with the I EC also participate in this preparation I EC collaborates cl osely with the I nternational Organization for Standardization (I SO) in accordance with conditions determ ined by agreem ent between the two organizations 2) The form al decisions or agreem ents of I EC on technical m atters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical com m ittee has representation from all interested I EC National Com m ittees 3) I EC Publications have the form of recom m endations for international use and are accepted by I EC National Com m ittees in that sense While all reasonable efforts are m ade to ensure that the technical content of I EC Publications is accurate, I EC cannot be held responsible for the way in which they are used or for any m isinterpretation by any end user 4) I n order to prom ote international uniform ity, I EC National Com m ittees undertake to appl y I EC Publications transparently to the m axim um extent possible in their national and regional publications Any divergence between any I EC Publication and the corresponding national or regional publication shall be clearl y indicated in the latter 5) I EC itself does not provide any attestation of conform ity I ndependent certification bodies provide conform ity assessm ent services and, in som e areas, access to I EC m arks of conform ity I EC is not responsible for any services carried out by independent certification bodies 6) All users should ensure that they have the l atest edition of this publication 7) No l iability shall attach to I EC or its directors, em ployees, servants or agents including individual experts and m em bers of its technical com m ittees and I EC National Com m ittees for any personal injury, property dam age or other dam age of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this I EC Publication or any other I EC Publications 8) Attention is drawn to the Norm ative references cited in this publication Use of the referenced publications is indispensable for the correct application of this publ ication 9) Attention is drawn to the possibility that som e of the elem ents of this I EC Publication m ay be the subject of patent rights I EC shall not be held responsible for identifying any or all such patent rights D I S C L AI M E R Th i s C o n s o l i d ated u s er co n ven i en ce v e rs i o n is n ot an o ffi c i a l IEC S t a n d a rd an d O n l y t h e c u rre n t v e rs i o n s o f t h e s t a n d a rd h as an d been p re p a re d fo r i t s a m e n d m e n t ( s ) a re t o b e c o n s i d e re d t h e o ffi c i a l d o c u m e n t s Th i s fi rs t C o n s o l i d a te d e d i ti o n ( 5-0 ) v e rs i o n ( 0 -0 ) of I EC 62304 [d o cu m e n ts [d o cu m e n ts b e a rs th e A/5 /F D I S A/1 0 /F D I S an d ed i ti o n an d n u m ber A/5 /R VD ] A/1 /R VD ] Th e an d It co n s i s ts i ts o f th e am en d m en t te ch n i cal co n te n t is i d e n ti ca l to th e b a s e e d i ti o n an d i ts am e n d m e n t In t h i s R e d l i n e v e rs i o n , m o d i fi e d bei n g by s t ru c k a v e rt i c a l am en d m en t t h ro u g h line in Ad d i t i o n s A s e p a t e t h e m a rg i n s h o w s w h e re t h e t e c h n i c a l c o n t e n t i s an d F i n al d e l e ti o n s v e rs i o n wi th a re al l d i s p l a ye d ch an g es in re d , acce p te d wi th is d e l e ti o n s avai l ab l e in th i s p u b l i ca ti o n I nternational Standard I EC 62304 has been prepared by a joint working group of subcomm ittee 62A: Comm on aspects of electrical equipment used in m edical practice, of I EC technical I EC 62304:2006 –5– +AMD1 :201 CSV I EC 201 com mittee 62: Electrical equipment in m edical practice and I SO Technical Comm ittee 21 0, Quality managem ent and corresponding general aspects for MEDI CAL DEVI CES Table C.5 was prepared by I SO/I EC JTC /SC 7, Software and system engineering I t is published as a dual logo standard This publication has been drafted in accordance with the I SO/I EC Directives, Part I n this standard the following print types are used: • • • requirem ents and definitions: in roman type; inform ative m aterial appearing outside of tables, such as notes, exam ples and references: in smaller type Norm ative text of tables is also in a smaller type; terms used throughout this standard that have been defined in Clause and also given in the index: in sm all capitals An asterisk (*) as the first character of a title or at the beginning of a paragraph indicates that there is guidance related to that item in Annex B The com mittee has decided that the contents of the base publication and its am endm ent will remain unchanged until the stability date indicated on the I EC web site under "http: //webstore iec.ch" in the data related to the specific publication At this date, the publication will be • reconfirm ed, • withdrawn, • replaced by a revised edition, or • amended NOTE The attention of National Com m ittees is drawn to the fact that equipm ent M AN U FACTU RERS and testing organizations m ay need a transitional period following publication of a new, am ended or revised I EC or I SO publication in which to m ake products in accordance with the new requirem ents and to equip them selves for conducting new or revised tests I t is the recom m endation of the com m ittee that the content of this publication be adopted for m andatory im plem entation nationally not earlier than years from the date of publication I M P O RT AN T – Th e ' col ou r i n si d e' t h a t i t c o n t a i n s c o l o u rs w h i c h l og o on th e a re c o n s i d e re d cover pag e t o b e u s e fu l of th i s p u b l i cati o n i n d i ca te s fo r t h e c o rre c t u n d e rs t a n d i n g o f i t s c o n t e n t s U s e rs s h o u l d t h e re fo re p ri n t t h i s d o c u m e n t u s i n g a c o l o u r p ri n t e r –6– INTRODUCTION I EC 62304: 2006 +AMD1 : 201 CSV I EC 201 Software is often an integral part of MEDI CAL DEVI CE technology Establishing the SAFETY and effectiveness of a MEDI CAL DEVI CE containing software requires knowledge of what the software is intended to and dem onstration that the use of the software fulfils those intentions without causing any unacceptable RI SKS This standard provides a framework of life cycle PROCESSES with ACTI VI TI ES and TASKS necessary for the safe design and m aintenance of MEDI CAL DEVI CE SOFTWARE This standard provides requirements for each life cycle PROCESS Each life cycle PROCESS is further divided into consists of a set of ACTI VI TI ES , with most ACTI VI TI ES further divided into consisting of a set of TASKS As a basic foundation it is assumed that MEDI CAL DEVI CE SOFTWARE is developed and maintained within a quality m anagement system (see ) and a RI SK MANAGEMENT system (see 4.2) The RI SK MANAGEMENT PROCESS is already very well addressed by the I nternational Standard I SO 4971 Therefore I EC 62304 m akes use of this advantage sim ply by a norm ative reference to I SO 4971 Som e minor additional RI SK MANAGEMENT requirements are needed for software, especially in the area of identification of contributing software factors related to HAZARDS These requirements are summ arized and captured in Clause as the software RI SK MANAGEMENT PROCESS Whether software is a contributing factor to a HAZARD HAZARDOUS SI TUATI ON is determ ined during the HAZARD identification ACTI VI TY of the RI SK MANAGEMENT PROCESS H AZARDS H AZARDOUS SI TUATI ONS that could be indirectly caused by software (for example, by providing m isleading inform ation that could cause inappropriate treatment to be administered) need to be considered when determining whether software is a contributing factor The decision to use software to control RI SK is m ade during the RI SK CONTROL ACTI VI TY of the RI SK MANAGEMENT PROCESS The software RI SK MANAGEMENT PROCESS required in this standard has to be embedded in the device RI SK MANAGEMENT PROCESS according to I SO 4971 The software developm ent PROCESS consists of a num ber of ACTI VI TI ES These ACTI VI TI ES are shown in Figure and described in Clause Because many incidents in the field are related to service or maintenance of MEDI CAL DEVI CE SYSTEMS including inappropriate software updates and upgrades, the software maintenance PROCESS is considered to be as important as the software development PROCESS The software maintenance PROCESS is very sim ilar to the software developm ent PROCESS I t is shown in Figure and described in Clause – 68 – C I EC 62304: 2006 +AMD1 : 201 CSV I EC 201 Re l a t i o n s h i p t o I S O /I E C 2 This standard has been derived from the approach and concepts of I SO/I EC 2207 [9], which defines requirements for software life cycle PROCESSES in general, i e not restricted to MEDI CAL DEVI CES This standard differs from I SO/I EC 2207 m ainly with respect to the following I t: • • • • • • • excludes SYSTEM aspects, such as SYSTEM requirements, SYSTEM ARCHI TECTURE and validation; omits som e PROCESSES seen as duplicating ACTI VI TI ES documented elsewhere for MEDI CAL DEVI CES ; adds the ( SAFETY ) RI SK MANAGEMENT PROCESS and the software release PROCESS ; incorporates the documentation and the VERI FI CATI ON supporting PROCESSES into the development and m aintenance PROCESSES ; merges the PROCESS im plementation and planning ACTI VI TI ES of each PROCESS into a single ACTI VI TY in the developm ent and maintenance PROCESSES ; classifies the requirements with respect to SAFETY needs; and does not explicitly classify PROCESSES as primary or supporting, nor group PROCESSES as I SO/I EC 2207 does Most of these changes were driven by the desire to tailor the standard to the need of the sector by: MEDI CAL DEVI CE • • • • focusing on SAFETY aspects and the MEDI CAL DEVI CE RI SK MANAGEMENT standard I SO 4971 ; selecting the appropriate PROCESSES useful in a regulated environment; taking into account that software development is embedded in a quality system (which covers some of the PROCESSES and requirem ents of I SO/I EC 2207); and lowering the level of abstraction to make it easier to use This standard is not contradictory to I SO/I EC 2207 I SO/I EC 2207 can be useful as an aide in setting up a well structured SOFTWARE DEVELOPMENT LI FE CYCLE MODEL that includes the requirements of this standard Table C.5, which was prepared by I SO/I EC JTC1 /SC7, shows the relationship between I EC 62304 and I SO/I EC 2207 I EC 62304: 2006 +AM D1 : 201 CSV – 69 – I EC 201 Table C.5 – Relationship to ISO/IEC 2207:2008 ISO/IEC 62304 PROCESSES ACTIVITY T ASK Software d evel opm en t PROCE S S Software d evel opm en t pl an n i n g Software d evel opm en t pl an Keep software d evel opm en t pl an u pd ated Software d evel opm en t pl an referen ce to S YS TE M d esi g n an d d evel opmen t Software d evel opm en t stan d ard s, m eth od s an d tool s pl an n i n g Software i n teg rati on an d i n teg rati on testi n g pl an n i n g Software VE RI FI CATI ON pl an n i n g ISO/IEC 2207: 2008 PROCESSES Software I m pl em en tati on Proj ect Assesm en t an d Con trol System Arch i tectu ral Desi g n System I n teg rati on Software Val i d ati on Process Software I m pl em en tati on Software Veri fi cati on Software Con stru cti on Software I n teg rati on Software Qu al i fi cati on Testi n g Process i m pl em en tati on Software stru ti on Software i n teg rati on Software q u al i fi cati on testi n g Software fi g u rati on m an ag em en t pl an n i n g 2 Software Con fi g u rati on M an ag em en t Software Probl em Resol u ti on Su pporti n g i tem s to be trol l ed 2 I n frastru ctu re M an ag em en t 2 I n frastru ctu re M an ag em en t 1 2 Software Con fi g u rati on M an ag em en t Software trol before VE RI FI CATI ON 3 Establ i sh i n g arch i tectu re 3 I n teg rati on Process i m pl em en tati on Software i m pl em en tati on strateg y Software i n teg rati on Ri sk M an ag em en t Process Software Docu m en tati on M an ag em en t CON FI G U RATI ON I TE M Software i m pl em en tati on strateg y Proj ect pl an n i n g 3 Proj ect trol 3 Software I n teg rati on Software RI S K pl an n i n g Docu men tati on pl an n i n g M AN AG E M E N T ACTIVITY / TASK Process i m pl em en tati on 2 Process i m pl em en tati on Process i m pl em en tati on 2 Establ i sh m en t of th e i n frastru ctu re 2 3 M n ten an ce of th e i n frastru ctu re 3 Con fi g u rati on i d en ti fi cati on – 70 – ISO/IEC 62304 PROCESSES ACTIVITY T ASK Software req u i rem en ts an al ysi s Defi n e an d d ocu m en t software req u i rem en ts from SYS TE M req u i rem en ts 2 Software req u i remen ts ten t I n cl u d e RI S K CO N TROL m easu res i n software req u i rem en ts Re- E VALU ATE Software d esi g n ISO/IEC 2207: 2008 ACTIVITY / TASK PROCESSES System Arch i tectu ral Desi g n 3 Establ i sh i n g arch i tectu re 3 Software Req u i rem en ts An al ysi s Software req u i rem en ts an al ysi s N on e N on e 5 U pd ate S YS TE M req u i rem en ts Software Req u i rem en ts An al ysi s Veri fy software req u i rem en ts Software Veri fi cati on Software req u i rem en ts an al ysi s a) & b) Veri fi cati on Tran sform software req u i rem en ts i n to an ARCH I TE CTU RE Software Arch i tectu ral Desi g n 3 Software arch i tectu ral d esi g n 3 3 Software arch i tectu ral d esi g n 3 N on e n on e N on e n on e N on e n on e Veri fy software Software Arch i tectu ral Desi g n Software Detai l ed Desi g n 3 Software arch i tectu ral d esi g n 3 Software d etai l ed d esi g n M E D I CAL D E VI CE RI SK AN ALYS I S ARCH I TE CTU RAL I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 5 Devel op an ARCH I TE CTU RE for th e i n terfaces of S OFTWARE I TE M S 3 Speci fy fu n cti on al an d perform an ce req u i rem en ts of SOU P i tem Speci fy S YS TE M h ard ware an d software req u i red by S OU P i tem 5 I d en ti fy seg reg ati on n ecessary for RI S K CO N TROL ARCH I TE CTU RE Software d etai l ed d esi g n Refi n e S OFTWARE ARCH I TE CTU RE i n to S OFTWARE U N I TS Devel op d etai l ed d esi g n for each S OFTWARE U N I T Devel op d etai l ed d esi g n for i n terfaces 5 S OFTWARE U N I T i m pl em en tati on an d veri fi cati on 4 Veri fy d etai l ed d esi g n Software Detai l ed Desi g n 5 I m pl em en t each Software Con stru cti on S OFTWARE U N I T VE RI FI CATI ON PROCE S S 5 Establ i sh Software Detai l ed Desi g n Software Con stru cti on 5 S OFTWARE U N I T acceptan ce cri teri a Software Con stru cti on S OFTWARE U N I T Software d etai l ed d esi g n Software d etai l ed d esi g n 7 Software stru cti on Software d etai l ed d esi g n Software Con stru cti on Software stru cti on I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 – 71 – ISO/IEC 62304 PROCESSES ACTIVITY T ASK 5 Ad d i ti on al S OFTWARE U N I T acceptan ce cri teri a 5 SOF TWARE U N I T VE RI FI CATI ON Software i n teg rati on an d i n teg rati on testi n g I n teg rate S OFTWARE U N I TS Software I n teg rati on Software I n teg rati on System I n teg rati on Test i n tegrated software Software Qu al i fi cati on Testi n g I n teg rati on testi n g ten t Software Qu al i fi cati on Testi n g Veri fy i n teg rati on tests proced u res 6 Con d u ct reg ressi on tests N on e I n teg rati on test record ten ts Software I n teg rati on U se software probl em resol u ti on Software Veri fi cati on Establ i sh tests for each software req u i rem en t Software I n teg rati on Software Qu al i fi cati on Testi n g U se software probl em resol u ti on Software Veri fi cati on Retest after ch an g es Software Probl em Resol u ti on SYS TE M Veri fy SOF TWARE testi n g Software Qu al i fi cati on Testi n g S OFTWARE S YS TE M test record ten ts Software Qu al i fi cati on Testi n g Software Operati on 2 Software Con fi g u rati on M an ag em en t PROCE S S Software rel ease PROCESSES Software Con stru cti on Software Veri fi cati on Software Con stru cti on Veri fy software i n teg rati on PROCE S S S OFTWARE S YS TE M testi n g ISO/IEC 2207: 2008 En su re software i s com pl ete VE RI FI CATI ON Docu men t kn own resi d u al AN OM ALI E S E VALU ATE kn own resi d u al AN OM ALI E S Software I n teg rati on Software Con fi g u rati on M an ag em en t Software Qu al i fi cati on Testi n g ACTIVITY / TASK Software stru cti on Software stru cti on Software i n teg rati on Software i n teg rati on I n teg rati on Software q u al i fi cati on testi n g Software q u al i fi cati on testi n g N on e Software i n teg rati on Software i n teg rati on Process i m pl em en tati on Software i n teg rati on Software q u al i fi cati on testi n g Process i m pl em en tati on Process i m pl em en tati on Software q u al i fi cati on testi n g Software q u al i fi cati on testi n g Operati on acti vati on an d ch eck-ou t 9 2 Rel ease m an ag em en t an d d el i very 2 Con fi g u rati on eval u ati on 2 Software q u al i fi cati on testi n g – 72 – ISO/IEC 62304 PROCESSES ACTIVITY T ASK Docu m en t rel eased VE RS I ON S Docu m en t h ow rel eased software was created En su re ACTI VI TI E S an d TAS KS are com pl ete Arch i ve software 8 Assu re repeatabi l ity of software rel ease Software m n ten an ce PRO CE S S Establ i sh software m n ten an ce pl an Probl em an d Docu m en t an d E VALU ATE feed back m od i fi cati on an al ysi s M on i tor feed back Docu m en t an d E VALU ATE feed back E VALU ATE PROB LE M RE PORT ’ S effects on S AF E TY 2 U se software probl em resol u ti on PROCE S S An al yse CH AN G E RE QU E S TS CH AN G E RE QU E S T approval Com m u n i cate to u sers an d reg u l ators M od i fi cati on i m pl em en tati on U se establ i sh ed to i m pl em en t m od i fi cati on Re-rel ease m od i fi ed S OFTWARE PROCE S S S YS TE M Software RI S K M AN AG E M E N T PROCE S S Software fi g u rati on m an ag em en t PROCE S S Con fi g u rati on Establ i sh m ean s i d en ti fi cati on to i d en ti fy CON FI G U RATI ON I TE M S Ch an g e trol I d en ti fy S OU P I d en ti fy S YSTE M fi g u rati on d ocu m en tati on Approve CH AN G E RE QU E S TS I m pl em en t ch an g es Veri fy ch an g es Provi d e m ean s for TRACE AB I LI TY of ch an g e I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 ISO/IEC 2207: 2008 ACTIVITY / TASK PROCESSES Software Con fi g u rati on M an ag em en t Process 2 Rel ease m an ag em en t an d d el i very 2 6 Software M n ten an ce Process Software N on e M n ten an ce N on e N on e Software M n ten an ce N on e Software M n ten an ce N on e Software M n ten an ce N on e Software M n ten an ce Software M n ten an ce Software M n ten an ce N on e N on e Software M n ten an ce N on e N on e N on e N on e N on e 2 Software Con fi g u rati on M an ag em en t Ri sk M an ag em en t Process Th i s i s based on I SO/I EC 6085 Wh i l e th ere i s som e com m on al i ty i t d oes n ot ad d ress th e speci fi c req u i rem en ts for m ed i cal d evi ce software d evel opm en t wi th reg ard to ri sk m an ag em en t 2 Software Con fi g u rati on M an ag em en t N on e Software Con fi g u rati on M an ag em en t 2 Software Con fi g u rati on M an ag em en t Software M n ten an ce 2 Software Con fi g u rati on M an ag em en t N on e N on e N on e N on e N on e N on e I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 ISO/IEC 62304 PROCESSES ACTIVITY T ASK Con fi g u rati on statu s accou n ti n g – 73 – ISO/IEC 2207: 2008 ACTIVITY / TASK PROCESSES 2 Software Con fi g u rati on M an ag em en t N on e Software probl em resol u ti on PROCE S S Prepare PROB LE M RE PO RTS I n vesti g ate th e probl em Ad vi se rel evan t parti es U se ch an g e trol process M ain tai n record s An al yse probl em s for tren d s Veri fy software probl em resol u ti on Test d ocu m en tati on ten ts C.7 Software Probl em Resol u ti on Software Probl em Resol u ti on Software Probl em Resol u ti on 2 Software Con fi g u rati on M an ag em en t Software M n ten an ce Software Probl em Resol u ti on Software Probl em Resol u ti on Software Probl em Resol u ti on Al l testi n g TAS KS i n I SO 207 req u i re d ocu m en tati on N on e N on e N on e N on e N on e N on e N on e N on e Relationship to IEC 61 508 The q u estion has been raised wh eth er th is stan d ard , being concerned with th e d esign of SAFETY -critical software, shou l d fol l ow th e prin cipl es of I EC 61 508 Th e approach to safety in I EC 62304 is fu nd amental l y d ifferent than th e on e in I EC 61 508 I EC 62304 takes into accou nt that th e effectiven ess of med ical d evices j ustifies resid u al risks rel ated to their u se The following expl ain s th e stan ce of th is stan d ard I EC 61 508 ad d resses main issues: ) RI SK M AN AG EM EN T l ife cycl e an d l ife cycl e PROCESSES ; 2) d efinition of Safety I n tegrity Level s; 3) recommen d ation of tech niq u es, tool s an d meth od s for software d evelopment an d l evel s of ind epen d en ce of person n el respon sibl e for performing d ifferen t TASKS I ssu e ) is covered in th is stan d ard by a normative referen ce to I SO 4971 (the M EDI CAL DEVI CE sector stan d ard for RI SK M AN AG EM EN T ) The effect of this referen ce is to ad opt I SO 4971 ’s approach to RI SK M AN AG EM EN T as an in tegral part of th e software PROCESS for M EDI CAL DEVI CE SOFTWARE For issu e 2), th is stand ard takes a simpl er approach than I EC 61 508 Th e l atter cl assifies software in to “Safety I n tegrity Level s” d efi n ed in terms of rel iabil ity objectives Th e rel iabil ity obj ectives are id entified after RI SK AN ALYSI S , which qu antifies both th e severity and th e probabil ity of H ARM cau sed by a fail ure of th e software Th is stand ard simpl ifies issu e 2) by d efin in g th e cl assification in to software safety cl asses based on th e RI SK cau sed by a fail ure After cl assification, d ifferen t PROCESSES are req u ired for d ifferen t software safety cl asses: the in ten tion is to further red u ce th e probabil ity (an d /or th e severity) of fail ure of the software I ssue 3) is not ad d ressed by th is stan d ard Read ers of the stan d ard are encouraged to use I EC 61 508 as a sou rce for good software meth od s, tech n iqu es an d tool s, whil e recognisin g – 74 – I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 th at oth er approach es, both presen t and future, can provid e eq ual l y good resul ts Th is stan d ard makes no recommend ation cern ing in d epen d en ce of peopl e responsibl e for on e software ACTI VI TY (for exampl e VERI FI CATI ON ) from those respon sibl e for an oth er (for exampl e d esign) I n particu lar, this stan d ard makes no req u irement for an ind epend ent safety assessor, sin ce this is a matter for I SO 4971 I EC 62304: 2006 +AM D1 : 201 CSV – 75 – I EC 201 Annex D (informative) Implementation D.1 Introduction This ann ex gives an overview of h ow th is stan d ard can be impl emented into M AN U FACTU RERS ’ PROCESSES I t al so consid ers th at oth er stan d ard s l ike I SO 3485 [8] requ ire ad eq uate and com parabl e PROCESSES D.2 Quality management system For M AN U FACTU RERS of M EDI CAL DEVI CES , in cl ud ing M EDI CAL DEVI CE SOFTWARE in the context of this stan d ard , th e establ ishmen t of a qu al ity m an agement system (QM S) is requ ired in Th is stand ard d oes not req uire th at th e QM S n ecessaril y h as to be certified D.3 E VALUATE quality management PROCESSES I t is recommen d ed to EVALU ATE how wel l the establ ish ed an d d ocu men ted PROCESSES of th e QM S al read y cover the PROCESSES of the software l ife cycl e, by mean s of au d its, in spection s, or an al yses u n d er th e respon sibility of the M AN U FACTU RER An y id en tified gaps can be accommod ated by exten d in g th e QM PROCESSES , or can be separatel y d escribed I f th e M AN U FACTU RER al read y h as PROCESS d escription s avail abl e wh ich regu l ate the d evel opment, VERI FI CATI ON an d val id ation of software, th en these shou ld also be EVALU ATED to d etermin e h ow wel l th ey agree with th is stand ard D.4 Integrating requirements of this standard into the MANUFACTURER ’ S quality management PROCESSES This stand ard can be impl emented by ad apting or extend ing th e PROCESSES al read y instal l ed in th e QM S system, or integratin g n ew PROCESSES Th is stan d ard d oes n ot specify h ow th is is to be d on e; th e M AN U FACTU RER is free to d o this in an y suitable way The M AN U FACTU RER is responsibl e for ensu ring th at th e PROCESSES d escribed in th is stan d ard are suitabl y pu t in to action wh en th e M EDI CAL DEVI CE SOFTWARE is d eveloped by Original Equ ipmen t M an u factu rers (OEM ) or su b-contractors not h avin g their own d ocu mented QM S D.5 Checklist for small MANUFACTURERS without a certified QMS The M AN U FACTU RER sh oul d d etermin e the h igh est software safety cl assification (A, B or C) of the software Tabl e D l ists al l ACTI VI TI ES d escribed in th is stan d ard The referen ce to I SO 3485 sh oul d hel p to d efin e th e pl ace in th e QM S Based on th e req u ired software safety cl ass, th e M AN U FACTU RER sh oul d assess each req u ired ACTI VI TY again st th e existin g PROCESSES I f th e req uiremen t is alread y covered , a referen ce to th e rel evan t PROCESS d escription s shou ld be given I f there is d iscrepancy, an acti on is n eed ed to improve the PROCESS The l ist can al so be u sed for an performed EVALU ATI ON of th e PROCESSES after th e action h as been – 76 – I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 Table D.1 – Checklist for small companies without a certified QMS ACTIVITY Related clause of ISO 3485: 2003 Covered by existing procedure? Software d evel opm en t pl an n i n g Desi g n an d d evel opm en t pl an n i n g Yes/N o Software req u i rem en ts an al ysi s Desi g n an d d evel opm en t i n pu ts Yes/N o Software ARCH I TE CTU RAL Yes/N o d esi g n Software d etai l ed d esi g n Yes/N o 5 S OFTWARE U N I T i m pl em en tati on an d veri fi cati on Yes/N o Software i n teg rati on an d i n teg rati on testi n g Yes/N o S OFTWARE S YSTE M testi n g 3 Desi g n d evel opm en t Desi g n d evel opm en t an d ou tpu ts an d revi ew Yes/N o Software rel ease Desi g n d evel opm en t Desi g n d evel opm en t an d veri fi cati on an d val i d ati on Yes/N o Establ i sh software m n ten an ce pl an 7 Con trol of d esi g n an d d evel opm en t ch an g es Probl em an d m od i fi cati on an al ysi s M od i fi cati on i m pl em en tati on Yes/N o Yes/N o Desi g n d evel opm en t Desi g n d evel opm en t an d veri fi cati on an d val i d ati on Yes/N o An al ysi s of software tri bu ti n g to h azard ou s si tu ati on s Yes/N o R I SK CON TROL m easu res Yes/N o V E RI F I CATI ON of RI SK CON TROL m easu res Yes/N o R I SK M AN AG E M E N T of software ch an g es Yes/N o Con fi g u rati on i d en ti fi cati on I d en ti fi cati on an d traceabi l i ty Yes/N o Ch an g e trol I d en ti fi cati on an d traceabi l i ty Yes/N o Con fi g u rati on statu s accou n ti n g Yes/N o Software probl em resol u ti on PRO CE S S Yes/N o If yes: Reference Actions to be taken I EC 62304: 2006 +AM D1 : 201 CSV – 77 – I EC 201 Bibliography [1 ] I EC 60601 -1 : 2005, Me dica l e le ctrica l e q u ip m e n t – Pa rt 1: G e n e l re q u ire m e n ts fo r re q u ire m e n ts fo r b a s ic s a fe ty a n d e s s e n tia l p e rfo rm a n ce I EC 60601 -1 : 2005/AM D1 : 201 [2] I EC 60601 -1 -4: 996, s a fe ty – Me dica l e le ctrica l Co lla te l s ta n da rd: e q u ip m e n t Pro gra m m a b le I EC 60601 -1 -4: 996/AM D1 : 999 [3] I EC 60601 -1 -6, Me dica l e le ctrica l e q u ip m e n t – s a fe ty a n d e s s e n tia l p e rfo rm a n ce [4] I EC 61 508-3, Fu n ctio n a l re la te d s ys te m s [5] – I EC 61 01 0-1 : 201 0, co n tro l, S a fe ty I SO 9000: 2005, [7] I SO 9001 : 2008, Pa rt - 6: Co lla te l s ta n da rd: 1: G e n e l G e n e l re q u ire m e n ts Pa rt : fo r e le ctrica l e q u ip m e n t Fu n da m e n ta ls Q u a lity m a n a g e m e n t s ys te m s – Re q u ire m e n ts de vice s e le ctro n ic s a fe ty- – fo r m e a s u re m e n t, G e n e l re q u ire m e n ts – Me dica l fo r b a s ic Us a b ility Q u a lity m a n a ge m e n t s ys te m s I SO 3485: 2003, (with d rawn ) re q u ire m e n ts re q u ire m e n ts – Pa rt o f e le ctrica l/e le ctro n ic/p ro gra m m a b le S o ftwa re a n d la b o to ry u s e [6] [8] s a fe ty Pa rt : – – e le ctrica l m e dica l s ys te m s Q u a lity m a n a ge m e n t a n d vo ca b u la ry s ys te m s – Re q u ire m e n ts fo r re g u la to ry p u rp o s e s [9] I SO/I EC 2207: 2008, S ys te m s and s o ftwa re e n g in e e rin g – So ftwa re life cycle p ro ce s s e s [1 0] I SO/I EC 4764: 999, S o ftwa re En g in e e rin g – S o ftwa re L ife Cycle Pro ce s s e s – Ma in te n a n ce [1 ] I SO/I EC 5504-5: 201 2, e xe m p la r s o ftwa re [1 2] I SO/I EC 2501 0: 201 , Re q u ire m e n ts [1 3] life In fo rm a tio n cycle p ro ce s s S ys te m s a n d Eva lu a tio n I SO/I EC 33001 : — 2) , te ch n o lo g y a n d s o ftwa re (S Q u a RE) In fo rm a tio n – Pro ce s s a sse ssm e n t – Pa rt 5: An a s s e s s m e n t m o de l – e n g in e e rin g S ys te m te ch n o lo g y – – S ys te m a n d s o ftwa re Pro ce s s a n d s o ftwa re Q u a lity q u a lity m o de ls a sse ssm e n t – Co n ce p ts and te rm in o lo g y [1 4] I SO/I EC 33004: — 2) , p ro ce s s [1 5] re fe re n ce , In fo rm a tio n p ro ce s s I SO/I EC 90003: 201 4, ISO 001 : 2008 to I SO/I EC Gu id e 51 : 201 4, [1 7] I EEE 61 2: 990, [1 8] I EEE 044: 2009, To be pu bl i sh ed – Pro ce s s a sse ssm e n t – Re q u ire m e n ts S o ftwa re e n g in e e rin g – G u ide lin e s fo r th e a p p lica tio n co m p u te r s o ftwa re [1 6] _ te ch n o lo g y fo r a s s e s s m e n t a n d m a tu rity m o de ls Sa fe ty a s p e cts – G u ide lin e s fo r th e ir in clu s io n IEEE s ta n da rd g lo s s a ry o f s o ftwa re IEEE s ta n da rd cla s s ifica tio n e n gin e e rin g fo r s o ftwa re in s ta n da rds te rm in o lo gy a n o m a lie s of – 78 – I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 [1 9] U S Department Of H eal th and H u man Services, Food an d Dru g Ad istration, Guid ance for th e Con ten t of Premarket Su bmission s for Software Con tain ed in M ed ical Devices, M ay 1 , 2005, [20] U S Department Of H eal th and H u man Services, Food an d Dru g Ad istration, General Principles of Software Validation; Final Guidance for Industry and FDA Staff, J anu ary 1 , 2002, [21 ] I EC 62366-1 : 201 5, medical devices [22] I EC 82304-1 : — 3), _ I n preparati on Medical devices – Part 1: Application of usability engineering to Healthcare Software Systems – Part 1: General requirements I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 – 79 – Index of defined terms A CTI VI TY , 5, 7, 23, 25, 27, 31 , 33, 43, 59, 65, 67, 69, 73, 79, 81 , 83, 87, 89, 95, 1 3, 33, 45 Ch ange trol , 01 Ch ange req uest, 61 Compl etion of, 49 Configuration id en tification, 01 Configuration management, 35 Con figu ration statu s accou ntin g, 01 Defin ition, Del iverable, Design and main tenan ce, 1 H azard id en tification, 1 M ainten an ce, 51 M apping, M od ification implemen tation, 97 Pl an ning, 83, 85 Probl em an d mod ification anal ysis, 95 Probl em resolu tion , 31 , 53, 03 Requ ired , 5, 47 Req uiremen ts, Req uirements an alysis, 39 Risk anal ysis, 55 Risk managemen t, 33, 47, 59, 79, 81 , 99 Software arch itectu ral d esign , 87 Software d etail ed d esign, 89 Software d evel opmen t, 1 Software integration , 93 Software in tegration and in tegration testin g, 91 Software main ten an ce, 95 Software release, 95 Software requ iremen ts anal ysis, 85 Software system testing, 93 S OFTWARE U N I T impl ementation and verification, 89 Testin g, 45, 47 Verification , 33 A N OM ALY , 45, 47, 49, 55, 65, 93 Definition, A RCH I TECTU RE , 39, 41 , 73, 75, 79, 81 , 83, 85, 87, 89, 99, 1 3, 33 Definition, C H AN G E REQU EST , 53, 61 , 63, 65, 97, 01 Defin ition, C ON FI G U RATI ON I TEM , 27, 35, 49, 59, 61 , 97, 01 Definition , S OU P , 31 , 59 D ELI VERABLE , 25, 31 , 33 Defin ition, E VALU ATI ON , 41 , 45, 49, 51 , 53, 55, 57, 87, 89, 93, 95, 99, 47, 49 Re-, 39 H ARM , 21 , 23, 73, 81 , 45 Definition , 21 H AZARD , 1 , 23, 29, 57, 67, 69, 79, 83, 93, 97, 99, 29 Defin ition, 21 U n foreseen, 87 M AN U FACTU RER , 5, 21 , 23, 25, 27, 29, 31 , 33, 35, 37, 39, 41 , 43, 45, 47, 49, 51 , 53, 55, 57, 59, 61 , 63, 65, 75, 77, 79, 81 , 83, 85, 87, 89, 91 , 93, 95, 97, 01 , 03, 07, 47 Defin ition, 21 M EDI CAL DEVI CE , 1 , 7, 21 , 27, 35, 39, 41 , 55, 69, 75, 77, 79, 85, 87, 91 , 93, 95, 97, 99, 05, 29, 33, 45, 47 Defin ition, 21 M EDI CAL DEVI CE SOFTWARE , 1 , 3, 7, 27, 35, 37, 39, 51 , 67, 73, 75, 77, 79, 83, 85, 91 , 93, 95, 97, 01 , 05, 45, 47 Change, 59 Definition, 21 P ROBLEM REPORT , 51 , 53, 61 , 63, 65, 95, 97 Classification, 61 Definition , 21 P ROCESS , 3, 5, 7, 23, 25, 27, 31 , 67, 69, 73, 75, 79, 81 , 85, 87, 89, 97, 01 , 03, 1 3, 33, 45, 47 Acceptan ce, 61 Ch an ge control , 61 , 63 Cl assification, 33 Configuration man agement, 51 , 89, 1 Decision-m aking, 77 Defin ition, 23 Devel opmen t, 27, 81 , 95, 1 Existing, 31 I mprovemen t, 49 Life cycl e, 1 , 33, 43 M aintenance, 51 , 53, 1 M apping, M od ification, 97 Omission of, 81 Ou tput, 75 Ph ysiological , 21 Problem resol ution , 35, 45, 47, 51 , 53, 63, 97, 01 , 03, 1 Qu al ity managemen t, 47 Requ ired , 5, 47 Requ iremen ts, 7, 29 Risk anal ysis, 73 Risk management, 1 , 23, 29, 33, 51 , 63, 79, 81 , 85, 89, 99, 09, 1 3, 29, 33 Software, 79, 45 Software d evel opmen t, 1 , 27, 31 , 53, 73 Software main ten an ce, 1 , 95, 97 Software rel ease, 33 System req uiremen ts, 87 Verification , 27 R EG RESSI ON TESTI N G , 45, 65, 93 Defin ition, 23 R I SK , 23, 67, 75, 79, 81 , 83, 85, 91 , 97, 99 Defin ition, 23 N on -seriou s inj u ry, 29 Reasonably foreseeabl e, 79 – 80 – Risk trol , 23 Seriou s inj u ry, 29 S OU P , 33 U n acceptabl e, 1 , 25, 49 R I SK AN ALYSI S , 39, 55, 67, 73, 79, 87, 99, 45 Definition, 23 R I SK CON TROL Activity, 1 Defin ition, 23 H ard ware measu re, 29 M easure, 29, 31 , 37, 43, 45, 55, 57, 59, 79, 81 , 85, 87, 89, 93, 97, 99 Requ irements, 39, 41 , 57, 99 Segregation, 41 R I SK M AN AG EM EN T , 1 , 23, 29, 33, 47, 51 , 53, 59, 63, 67, 75, 77, 79, 81 , 85, 87, 89, 99, 09, 1 3, 29, 33, 45 Defin ition, 23 M ed ical d evice, 75 Report, 57 R I SK M AN AG EM EN T FI LE , 7, 29, 55, 57, 63, 87, 89, 97 Defin ition, 23 S AFETY , 1 , 51 , 63, 69, 77, 81 , 89, 91 , 93, 95, 97, 03, 33, 43 Defin ition, 25 S ECU RI TY , 63 Definition, 25 Req uirements, 37 S ERI OU S I N J U RY , 29, 83 Definition , 25 N on -, 29, 83 S OFTWARE DEVELOPM EN T LI FE CYCLE M ODEL , 31 , 73, 33 Defin ition, 25 S OFTWARE I TEM , 25, 27, 29, 31 , 33, 39, 41 , 43, 53, 55, 57, 61 , 65, 67, 69, 75, 77, 79, 81 , 83, 87, 89, 91 , 93, 97, 01 , 1 Chan ged , 53 Definition , 25 I ntegration, 43, 45 Partitioning, 81 Performance, 45 Segregation, 41 S OU P , 27, 33, 39 Software Of U n kn own Provenan ce See SOU P , 27 S OFTWARE PRODU CT , 9, 21 , 23, 25, 27, 31 , 49, 51 , 53, 59, 61 , 65, 73, 77, 85, 89, 91 , 97 Definition, 25 Rel eased , 51 , 53 I EC 62304: 2006 +AM D1 : 201 CSV I EC 201 S OFTWARE SYSTEM , 21 , 25, 29, 31 , 33, 37, 43, 53, 59, 61 , 69, 73, 77, 79, 81 , 83, 85, 89, 93, 95, 1 Definition , 25 I n tegration , 43 Requ iremen ts, 35 Testin g, 45, 47 S OFTWARE U N I T , 25, 41 , 43, 73, 77, 89, 91 Defin ition, 27 I n tegration , 43 Verification , 43 S OFTWARE U N I T Verification, 41 S OU P , 33, 35, 39, 41 , 51 , 55, 59, 75, 85 Ch ange, 59 Configuration item, 31 Defin ition, 27 Design ator, 59 Software item, 33 S YSTEM , 1 , 9, 21 , 23, 25, 31 , 37, 39, 65, 73, 75, 79, 83, 85, 87, 01 , 33 Con figu ration, 61 Definition , 27 Developmen t pl an , 31 Existing, 51 Rel eased , 53 Req uirements, 33, 35, 39, 41 T ASK , 5, 7, 9, 23, 25, 29, 31 , 73, 83, 93, 95, 97, 43 Compl etion of, 49 Configu ration man agemen t, 35 Defin ition, 27 Deliverable, Design and main ten ance, 1 M ainten an ce, 51 M apping, Required , Requiremen ts, Risk man agemen t, 33 Verification , 33 T RACEABI LI TY , 31 , 57, 85, 87 Definition , 27 Verification, 25, 33, 35, 41 , 43, 47, 49, 57, 61 , 63, 69, 73, 75, 87, 91 , 93, 97, 01 , 1 3, 33, 45, 47 Definition , 27 V ERSI ON , 49, 55, 59, 65, 95, 01 Definition , 27 INTERNATIONAL ELECTROTECHNICAL COMMISSI ON 3, rue de Varembé PO Box 31 CH-1 21 Geneva 20 Switzerland Tel: + 41 22 91 02 1 Fax: + 41 22 91 03 00 info@iec.ch www.iec.ch