The IEC 62304 standard is one of the many regulations applicable to the healthcare industry, which addresses medical devices, specifically, software development and maintenance. Introduced in 2006, the IEC 62304 standard has continuously been revised to enhance its application and reflect current realities on the definitions of medical devices, medical device software, and software safety classification. This article will first review the requirements of the IEC 62304 medical device software standard. After that, we will focus on the risk you assume by ignoring those requirements and guidelines before starting software development.
Introduction
The fundamental activity that constitutes the scope of the IEC 62304 standard which requires following processes informing about fair market value and its execution in practice and process is attached to a software configuration management system. Also includes risk, requirements, and other elements crucial for their management.
In order to address and ensure all the activities involved in bugs and change requests, this very process is at the same time incorporated into a wider release and test management system. The final target is to implement such a system, which will enable full traceability, starting from the customers’ demand and ending with full compliance with the industry’s requirements, and everything in between.
It is important to note the absence of the necessity to implement stringent testing and verification processes, or for that matter, any universal process that suits all businesses, as prescribed by the IEC 62304 standard. As it is however necessary to prove effective standards for the purpose of audit, each corporation within its jurisdiction should specify and maintain a methodology throughout the medical software development process. Deducing this is why it is very important to create a Software Quality Assurance Plan (SQAP) which describes all the project requirements in advance to ensure compliance of the products delivered and ultimately reduce the risks left to a level that is “tolerable”.
The Disastrous Impact of Non-Compliance
AUDITS AND DEFECTS
Medical device software manufacturers are subject to several compliance audits. External auditors from a Notified Body conduct these audits, which may be either performed on-site or off-site depending on the specific details and scope of the audits. Consequently, a simplified form of the types of audits is presented:
• Audits for CE marking meant for the introduction of a new product in the market
• Recertification or surveillance audits conducted once every three years
• Follow-up audits conducted on an annual basis
• These audits are the standard three-year certification cycle plus an additional one that is unannounced and has to be done at least once in every three-year period.
When non-conformities are discovered in the course of the audits, they are differentiated into two aspects of non-conformities:
• Minor non-conformity: This is not a major issue mainly because the organization will be expected to fix the problem before the next audit to avoid it becoming a major non-conformity problem.
• Major non-conformity: A re-audit of the organization will take effect three months from the time the organization will be addressing this concern. The resolution of the concerned organismal defect, however, will result in the company being incapable of selling the implicated device until the problem is resolved.
OVERALL RISKS OF AN UNOPTIMIZED PRODUCT SOFTWARE PROJECT MANAGEMENT SYSTEM
NON-COMPLIANCE RISK (MALPRACTICE RISK)
• Ban on product commercialization
• Delayed product availability
• Reduced product presence in the market
LOWER DEMAND SATISFACTION CAPACITY
• Damage to corporate image
• Erosion of customer and supplier confidence
• Sooner or later, all this leads to the need for more effective control over defects and their elimination
Conclusion
Over and above all this, the ability to structure, adjust, and, which is of primary importance, act in a proactive manner is crucial not only for the purpose of proving the conformance of software and products to the auditors but also for the management of transitions in a fast-changing environment that has become consisting of strict market conditions among others.
Frequently Asked Questions (FAQs)
What is IEC 62304?
IEC 62304 is a functional safety standard that includes safe design and maintenance of software.
What is required in IEC 62304?
The implementation of a software lifecycle includes several processes: risk management, development, maintenance, configuration, and software-related problem-solving.
What is the certification procedure for IEC 62304?
Reviewing the quality management system documentation in compliance with the IEC 62304 standard and evaluating the life-cycle documentation of the applicable software product (either embedded or stand-alone software) are prerequisites for a product’s initial certification.
Digninatives is a top-notch software development company. If you want similar services for yourself please contact us.
