General medical device standards
Two ISO standards play a crucial role in the realm of software medical devices: ISO 13485 and ISO 14971. Considered as the cornerstone standards for medical devices, they hold relevance across the entire spectrum of healthcare products, from basic plasters to intricate surgical robots. Despite their comprehensive nature, they don't specifically address software. This necessitates the consideration of other standards tailored to software-specific requirements.
Specific medical software standards
The main standard about software in medical devices is IEC 62304. It deals with the software lifecycle, i.e. almost everything about what software engineers do.
The other important standards that apply to software:
- IEC 82304-1 is applicable to standalone software, also known as Software as a Medical Device (SaMD)
- IEC 81001-5-1 adds requirements about cybersecurity
- IEC 62366-1 adds requirements about man-machine interface ergonomics
IEC 62304 - Medical device software — Software life cycle processes
IEC 62304 is an international standard that provides a framework for the development and lifecycle management of medical device software. Published by the International Electrotechnical Commission (IEC), this standard is titled "Medical device software - Software life cycle processes." It is specifically tailored to ensure the safety, effectiveness, and quality of software used in medical devices. IEC 62304 outlines processes, activities, and documentation requirements necessary for the development, maintenance, and post-production phases of medical device software, and it is an essential guideline for manufacturers to achieve compliance with medical device regulations and the CE-marking requirements in Europe.
IEC 82304-1 - Health software — Part 1: General requirements for product safety
IEC 82304-1 covers a wide range of health software, including software that directly influences patient care, wellness, and health management. It outlines processes, activities, and documentation requirements throughout the software's entire lifecycle, from development to post-production.
Manufacturers and developers in the health software industry use IEC 82304-1 to comply with regulatory requirements and ensure that their products meet the highest standards of safety and efficacy. It is a critical guideline for achieving certification and regulatory approval for health software applications.
IEC 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle
IEC 81001-5-1 outlines the life cycle requirements for the development and maintenance of health software, tailored to meet the specific demands of health-related applications and to support compliance with IEC 62443-4-1. The defined processes, activities, and tasks in this standard establish a unified framework for ensuring secure life cycle processes of health software.
The primary goal is to enhance the cybersecurity of health software by implementing specific activities and tasks within the life cycle processes, and by bolstering the security of software life cycle processes themselves. Striking a suitable balance between safety, effectiveness, and security, as outlined in ISO 81001-1, remains of paramount importance.
Notably, this document does not specify the contents of accompanying documentation.
IEC 62366-1 - Medical devices — Part 1: Application of usability engineering to medical devices
IEC 62366-1:2015 establishes a structured process for manufacturers to analyze, specify, develop, and assess the usability of a medical device in relation to safety. This Usability Engineering (Human Factors Engineering) process enables manufacturers to identify and mitigate risks associated with both correct use and use errors during normal operation, while not addressing risks linked to abnormal use. This updated edition, along with IEC 62366-2, supersedes the original 2007 edition and its 2014 Amendment, incorporating contemporary usability engineering concepts and refining the process. It also strengthens the connection to ISO 14971:2007 and its risk management methods for safety-related aspects of medical device user interfaces. Part 2 provides additional guidance for compliance with Part 1 and offers more detailed descriptions of usability engineering methods applicable to a broader range of medical devices beyond user interface safety considerations.