Send us an email:
info@mdrc-services.com

Or use the contact form below

 

ISO and IEC standards for medical device software

The ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) have established a set of standards governing the development, quality, and safety of medical device software (MDSW). These standards provide a structured framework for manufacturers to ensure that their software meets the standards of reliability, safety, and performance.


General medical device standards

Two ISO standards play a crucial role in the realm of software medical devices: ISO 13485 and ISO 14971. Considered as the cornerstone standards for medical devices, they hold relevance across the entire spectrum of healthcare products, from basic plasters to intricate surgical robots. Despite their comprehensive nature, they don't specifically address software. This necessitates the consideration of other standards tailored to software-specific requirements.

Specific medical software standards

The main standard about software in medical devices is IEC 62304. It deals with the software lifecycle, i.e. almost everything about what software engineers do.

The other important standards that apply to software:

  • IEC 82304-1 is applicable to standalone software, also known as Software as a Medical Device (SaMD)
  • IEC 81001-5-1 adds requirements about cybersecurity
  • IEC 62366-1 adds requirements about man-machine interface ergonomics

IEC 62304 - Medical device software — Software life cycle processes

IEC 62304 is an international standard that provides a framework for the development and lifecycle management of medical device software. Published by the International Electrotechnical Commission (IEC), this standard is titled "Medical device software - Software life cycle processes." It is specifically tailored to ensure the safety, effectiveness, and quality of software used in medical devices. IEC 62304 outlines processes, activities, and documentation requirements necessary for the development, maintenance, and post-production phases of medical device software, and it is an essential guideline for manufacturers to achieve compliance with medical device regulations and the CE-marking requirements in Europe.

IEC 82304-1 - Health software — Part 1: General requirements for product safety

IEC 82304-1 covers a wide range of health software, including software that directly influences patient care, wellness, and health management. It outlines processes, activities, and documentation requirements throughout the software's entire lifecycle, from development to post-production.

Manufacturers and developers in the health software industry use IEC 82304-1 to comply with regulatory requirements and ensure that their products meet the highest standards of safety and efficacy. It is a critical guideline for achieving certification and regulatory approval for health software applications.

IEC 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle

IEC 81001-5-1 outlines the life cycle requirements for the development and maintenance of health software, tailored to meet the specific demands of health-related applications and to support compliance with IEC 62443-4-1. The defined processes, activities, and tasks in this standard establish a unified framework for ensuring secure life cycle processes of health software.

The primary goal is to enhance the cybersecurity of health software by implementing specific activities and tasks within the life cycle processes, and by bolstering the security of software life cycle processes themselves. Striking a suitable balance between safety, effectiveness, and security, as outlined in ISO 81001-1, remains of paramount importance.

Notably, this document does not specify the contents of accompanying documentation.

IEC 62366-1 - Medical devices — Part 1: Application of usability engineering to medical devices

IEC 62366-1:2015 establishes a structured process for manufacturers to analyze, specify, develop, and assess the usability of a medical device in relation to safety. This Usability Engineering (Human Factors Engineering) process enables manufacturers to identify and mitigate risks associated with both correct use and use errors during normal operation, while not addressing risks linked to abnormal use. This updated edition, along with IEC 62366-2, supersedes the original 2007 edition and its 2014 Amendment, incorporating contemporary usability engineering concepts and refining the process. It also strengthens the connection to ISO 14971:2007 and its risk management methods for safety-related aspects of medical device user interfaces. Part 2 provides additional guidance for compliance with Part 1 and offers more detailed descriptions of usability engineering methods applicable to a broader range of medical devices beyond user interface safety considerations.

Here is what you need to get your medical device software CE-marked:

Technical documentation
Learn more >>

Quality
management
system
Learn more >>

PRRC

Learn more >>

Authorized
representative
Learn more >>

UDI

Learn more >>

EUDAMED
registration
Learn more >>

Notified
body
Learn more >>

We will help you obtain all the necessary certificates.

Learn more >>

ISO and IEC standards for medical device software

The ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) have established a set of standards governing the development, quality, and safety of medical device software (MDSW). These standards provide a structured framework for manufacturers to ensure that their software meets the standards of reliability, safety, and performance.


General medical device standards

Two ISO standards play a crucial role in the realm of software medical devices: ISO 13485 and ISO 14971. Considered as the cornerstone standards for medical devices, they hold relevance across the entire spectrum of healthcare products, from basic plasters to intricate surgical robots. Despite their comprehensive nature, they don't specifically address software. This necessitates the consideration of other standards tailored to software-specific requirements.

Specific medical software standards

The main standard about software in medical devices is IEC 62304. It deals with the software lifecycle, i.e. almost everything about what software engineers do.

The other important standards that apply to software:

  • IEC 82304-1 is applicable to standalone software, also known as Software as a Medical Device (SaMD)
  • IEC 81001-5-1 adds requirements about cybersecurity
  • IEC 62366-1 adds requirements about man-machine interface ergonomics

IEC 62304 - Medical device software — Software life cycle processes

IEC 62304 is an international standard that provides a framework for the development and lifecycle management of medical device software. Published by the International Electrotechnical Commission (IEC), this standard is titled "Medical device software - Software life cycle processes." It is specifically tailored to ensure the safety, effectiveness, and quality of software used in medical devices. IEC 62304 outlines processes, activities, and documentation requirements necessary for the development, maintenance, and post-production phases of medical device software, and it is an essential guideline for manufacturers to achieve compliance with medical device regulations and the CE-marking requirements in Europe.

IEC 82304-1 - Health software — Part 1: General requirements for product safety

IEC 82304-1 covers a wide range of health software, including software that directly influences patient care, wellness, and health management. It outlines processes, activities, and documentation requirements throughout the software's entire lifecycle, from development to post-production.

Manufacturers and developers in the health software industry use IEC 82304-1 to comply with regulatory requirements and ensure that their products meet the highest standards of safety and efficacy. It is a critical guideline for achieving certification and regulatory approval for health software applications.

IEC 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle

IEC 81001-5-1 outlines the life cycle requirements for the development and maintenance of health software, tailored to meet the specific demands of health-related applications and to support compliance with IEC 62443-4-1. The defined processes, activities, and tasks in this standard establish a unified framework for ensuring secure life cycle processes of health software.

The primary goal is to enhance the cybersecurity of health software by implementing specific activities and tasks within the life cycle processes, and by bolstering the security of software life cycle processes themselves. Striking a suitable balance between safety, effectiveness, and security, as outlined in ISO 81001-1, remains of paramount importance.

Notably, this document does not specify the contents of accompanying documentation.

IEC 62366-1 - Medical devices — Part 1: Application of usability engineering to medical devices

IEC 62366-1:2015 establishes a structured process for manufacturers to analyze, specify, develop, and assess the usability of a medical device in relation to safety. This Usability Engineering (Human Factors Engineering) process enables manufacturers to identify and mitigate risks associated with both correct use and use errors during normal operation, while not addressing risks linked to abnormal use. This updated edition, along with IEC 62366-2, supersedes the original 2007 edition and its 2014 Amendment, incorporating contemporary usability engineering concepts and refining the process. It also strengthens the connection to ISO 14971:2007 and its risk management methods for safety-related aspects of medical device user interfaces. Part 2 provides additional guidance for compliance with Part 1 and offers more detailed descriptions of usability engineering methods applicable to a broader range of medical devices beyond user interface safety considerations.

Further reading

CE-Certificate vs. EC-Certificate

Basic UDI-DI (bUDI) - what is it, where to obtain it, and what to do with it

EUDAMED registration - a brief guide

Contract with the Authorised Representative in the European Union (Authorised Representative Mandate)

GSPR – General Safety and Performance Requirements for medical devices in the European Union

How to obtain CE marking for medical software under the EU MDR or IVDR?

Technical documentation for Medical Device Software in the EU

IEC 62304 - the pivotal standard for software medical devices

Medical Device Regulation (MDR) - basics

ISO and IEC standards for medical device software

Clinical Evaluation, PMCF, and PMS in Medical Device Lifecycle

Notified Bodies and their role in certification of medical devices

What is NANDO and why medical device companies should know about it?

Labeling and UDI requirements for medical devices in the EU

Understanding the roles of Authorised Representatives and Importers under MDR/IVDR

MDR implementation - challenges and solutions

Post-market surveillance under MDR and IVDR - requirements and best practices

Notified Body audit - a manufacturer's guide

Risk management plan - guide for medical device companies

Should my medical device comply with GDPR?

EC-certificate for a medical device - Q&A

How long does it take to CE-mark a medical device?

What is a PRRC?

Essential requirements for importers and distributors under MDR and IVDR

Language requirements for IFUs and labels under the MDR and IVDR

Legal Manufacturer and Original Equipment Manufacturer in medical devices

How to structure a PRRC contract for effective compliance

How to Create a Declaration of Conformity According to MDR or IVDR

All articles >>

Send us an email:
info@mdrc-services.com

Or use the contact form below