Language:
 

Software development in accordance with IEC 62304

Software development in accordance with DIN IEC 62304

The international standard IEC 62304 ("Medical Device Software - Software Life Cycle Processes") describes how software is to be developed for medical devices in accordance with DIN EN ISO 14971 and what role is played by risk management. As an international standard, the IEC 62304 norm is relevant to all manufacturers using software in medical devices - irrespective of whether the software is embedded or whether the medical device itself is stand-alone software.
IEC 62304: 2006 (German version EN 62304: 2006) does not describe all activities that are carried out in the development of medical software, but lays down a general framework for lifecycle processes of medical device software, through defining requirements concerning the collection of processes , activities and tasks.
Specifically, five areas are addressed, referred to as "processes" in the parlance of the standard:

  • Software Development
  • Software Maintenance
  • Software Risk Management
  • Software Configuration Management
  • Troubleshooting for Software

Above all, DIN EN 62304 stipulates that the risk analysis is an integral part of the development process and that it must be documented accordingly. Compliance with the normative specifications is to be verified by inspection of the entire documentation, including risk management files as well as the assessment of processes, activities, and tasks which are required for the appropriate software safety class.
The standard applies to the development and maintenance of medical device software when the software is itself a medical device or is an embedded or integral part of a complete medical device. As a prerequisite, it is assumed that the medical software is developed and maintained within a quality management system and within a risk management system. IEC/EN 62304, however, does not cover the validation (verification of suitability in relation to the intended use) and the final release of the medical device. The standard is therefore alone is not always sufficient to demonstrate compliance with the essential requirements of Directives 90/385/EEC and 93/42/EEC. According to these guidelines, the software must be validated according to the "state of the art".
In general, software development follows the principles other than those for the development of mechanical or electronic systems. For example, there is no waiting for the delivery of components and changes can be made until shortly before delivery. This flexibility also harbors increased risks because changes "just at the last minute" often lead to critical errors which lie undiscovered until after release.
In this context, in order to remain conformant to the applicable regulatory requirements, a development process must be defined. Although DIN EN 62304 prescribes no development method, it does lay down for example which activities are to be covered for risk management. The software development process according to IEC / EN 62304 § 5 is:

  1. Software Development Planning
  2. Software Requirements Analysis
  3. Software Architecture Design
  4. Creation of Software Designs
  5. Implementation and Verification of Software Units
  6. Software Integration and Integration Tests
  7. Software System Test
  8. Software Release

The risk management process according to IEC / EN 62304 § 5 is:

  1. Analysis of hazardous situations
  2. Risk control measures
  3. Verification of risk control measures
  4. Risk management for changes in the software


Agile Software Development with Scrum Methodology

Agile software development with scrum methodology is a modern method of software development. It supports the current market demands for quick, dynamic and efficient development processes. However it does seem that some of the principles of agile software development go against the demands of the relevant normative requirements for medical devices:

  • Individuals and interactions over processes and tools
  • Working software over comprehensive documentation
  • Customer collaboration over contract negotiation
  • Responding to change over following a plan

It might appear that the demands of the normative requirements for the development of medical software are contrary to the values of the agile manifesto, but this is a frequent misunderstanding from too superficial a reading of the manifesto. Agile software development using scrum methodology is not a carte blanche for chaotic development. On the contrary, it is precisely through the interaction of several defined methods and processes that higher software quality is often achieved, which corresponds indeed to the underlying intention to create safe and trouble-free medical devices.
What is necessary, however, in the context of standard-compliant development of medical software or medical apps with scrum methodology, is the required technical documentation for the development process.
There are different approaches and procedures as to how these two worlds can be united. At BAYOOMED we have implemented an extension of the scrum development process, in which the requirements are revised and expanded in each iteration.
Through a finely defined process, we ensure that the (implicit) dependencies between individual activities are taken into account and the tasks are executed in the correct order. Through the "Definition of Done" and individual development sprints we ensure complete and traceable technical documentation complying with standards. We at BAYOOMED have incorporated all of these into the appropriate standard operating procedures (SOP), forms, and templates within an integrated quality management system in accordance with ISO 9001 and ISO 13485, and into the company-wide quality management handbook.

Anmeldung

Forgot password?

If you forgot your credentials, please click here to request new ones.