DESIGN
Developing Medical Device
Software to ISO 62304
Medical software design standard ISO 62304 has just come into force.
This article describes how it will impact the software development
process for medical device manufacturers.
Ken Hall, Triteq, Stype, UK
Standards for medical device design
Until recently, safety regulations for
medical device software, at least formally,
were not exceptionally rigorous across
the board. In addition, software was not
formally classified as a medical product
by the Medical Devices Directive. This
has now changed. A new regime is in force
governing all medical device software
development for all classes of device.
Previous software safety standards
were best suited to medical devices with
low levels of risk, as opposed to products
where software failure could be extremely
serious and result in death. As more electronic products have become dependent on
embedded software, the focus has shifted
to the reliability of software systems
within the devices and the associated risks
at all levels of usage. As a result, the new
EN/ISO 62304 standard has emerged as a
global benchmark for management of the
software development lifecycle (Figure 1).
Risk analysis for hardware and
software design
Medical product designers have used risk
management techniques to help reduce
the risks associated with device hardware.
BS/EN/ISO 14971 has traditionally been
adopted as the base standard for risk man-
agement for medical devices. The 2007
version of this standard is considerably
extended from its previous version, and
the techniques described are now intended
to be applied to both software and hard-
ware systems.
A harmonised standard
ISO 62304 is a harmonised standard
for software design in medical products
adopted by the European Union and the
United States. Because the standard is
“harmonised,” medical device manufacturers adopting it will satisfy the essential requirements contained in Medical
Devices Directive 93/42/EEC (MDD) with
amendment M5 (2007/47/EC) as related
to software development. This is the least
onerous route to ensuring compliance with
the MDD. US FDA will also accept ANSI/
AAMI/IEC 62304:2006 as evidence that
medical device software has been designed
to an acceptable standard. This standard
is identical to the EN/ISO variant in all
essential details.
Designing to ISO 62304 ensures that
quality software is produced by means
of a defined and controlled process of
software development. This process must
contain a set of requirements based on the
safety class of the software that is being
developed.
Software safety classification
Initially the ISO 62304 standard expects
the manufacturer to assign a safety class to
the software system as a whole. This classification is based on the potential to create a
hazard that could result in an injury to the
user, the patient or other people.
The software is classified into three
simple classes, as follows:
■ Class A: No injury or damage to health
is possible
■ Class B: Nonserious injury is possible
■ Class C: Death or serious injury is
possible
Defining “serious injury,” “nonseri-
ous injury,” “injury” and “damage to
health” is important to apply this clas-
sification effectively. It may at first appear
to be obvious what constitutes an injury;
however, this can be a far more complex
question when the context of the device
is taken into account. Unfortunately the
standard only defines “serious injury,”
and this is as follows:
Serious Injury
Injury or illness that directly or indirectly
a) is life threatening,
b) results in permanent impairment of a
body function or permanent damage to a
body structure, or
c) necessitates medical or surgical intervention to prevent permanent impairment of a
body function or permanent damage to a
body structure.
Note: Permanent impairment means an
