IEC 62304 – Medical Device Software Life Cycle Process Standard – Overview and Summary of Requirements for Software Development

  • By: Staff Editor
  • Date: September 23, 2011


IEC/EN 62304 has been adopted by the FDA and EU agencies as the standard by which they audit software used for medical devices. IEC 62304 outlines requirements for the following steps in the software life cycle process:
  • Software development
  • Software maintenance
  • Software risk management
  • Software configuration management
  • Software problem resolution
Complying with IEC 62304 ensures fulfilling requirements of the FDA Quality System Regulations, 21 CFR Part 820. Below are some of the most important points regarding software development detailed in the IEC 62304 standard.
Important Definitions:
SOUP of Software of Unknown Provenance is a software   that is already developed and generally available and that has not been developed for the purpose of being incorporated into the medical device. This is also known as off-the-shelf   software or   software   previously developed   for   which   adequate   records   of   the development processes are not available.
Software safety classification
The manufacturer should assign a software safety class to each software system. These classes, according to IEC 62304 are:
  • Class A: No injury or damage to health is possible
  • Class B: Non-serious injury is possible
  • Class C: Death or serious injury is possible
Summary of IEC 62304 Requirements
IEC 62304 does not:
  • Specify an organizational structure for device manufacturers or roles and responsibilities
  • Prescribe the name, format, or explicit content of the documentation to be produced
  • Prescribe a specific lifecycle model
Software development plan
The medical device manufacturer should establish a software development plan for conducting software development activities. The software development life cycle model should be fully detailed and referenced in the plans.
The plan should include:
  • The processes to be used in the development of the software system 
  • The deliverables (includes documentation) of the activities and tasks
  • Traceability between system requirements, software requirements, software system test, and risk control measures implemented software
Buy the standard, checklists and templates for complying with IEC 62304:


Or attend a ComplianceOnline webinar to learn more about IEC 62304:


The plan should be updated regularly.
For the Class C category, the manufacturer should include standards, methods and tools for developing software in the plan.
The software development plan should also include information on verification:
  • Deliverables requiring verification
  • The required verification tasks for each life cycle activity
  • Milestones at which the deliverables are verified
  • The acceptance criteria for verification of the deliverables
Software risk management
The software development plan should include a plan to conduct risk management processes for all categories – A, B and C.
Software documentation
The software development plan should include details for all software related documentation. The plan should include the following for all documents:
  • Title, name or naming convention
  • Purpose
  • Intended audience for the document
  • Procedures and responsibilities for development, review, approval and modification
Software configuration management
The software development plan should include information about software configuration management. This should include or reference:
  • The classes, types, categories or lists of items to be controlled
  • The software configuration management activities and tasks
  • The organization(s) responsible for performing software configuration management and activities
  • Their relationship with other organizations, such as software development or maintenance
  • When the items are to be placed under configuration control
  • When the problem resolution process is to be used

Best Sellers
You Recently Viewed