IEC 62304 is becoming a hot topic amongst medical device software professionals. We asked Bruce Swope, VP Engineering at SterlingTech Software for his views on this standard and what it all means for medical device companies. Bruce has extensive experience in medical device software development and he is an expert in...
IEC 62304 is becoming a hot topic amongst medical device software professionals. We asked Bruce Swope, VP Engineering at SterlingTech Software for his views on this standard and what it all means for medical device companies. Bruce has extensive experience in medical device software development and he is an expert in leading Class III medical software products to commercial release. His depth of experience also spans the development of enterprise solutions, security applications, internal applications, and process control systems. He has been an early adopter of quality practices including ISO 9000 processes, Common Criteria Certification and Capability Maturity Model implementation.
[Brendan] At a high-level, what is IEC 62304 and how does it relate to medical device software?
[Bruce] IEC 62304 (and EN 62304) is a recognized software life cycle standard. Conformance with this standard provides evidence of having a software development process in place, and fulfills the requirements of 21CFR820 as well as the Medical Device Directive 93/42/EEC.
[Brendan] Does the FDA & EC require companies to follow IEC 62304 or is it optional?
[Bruce] The FDA and EC both require that you have a documented software development process in place. You must have evidence that the software development process chosen is as good as, or better than, the process presented in IEC 62304.
[Brendan] What kind of software verification and validation activities do you recommend to clients who are implementing IEC 62304?
[Bruce] The verification and validation activities must include; requirements traceability, integrated risk management process, independent code reviews, module/integration testing, and system testing. Required V&V activities are reflective of the level of risk associated with the software system. The suggested V&V activities are given in the FDA Guidance for the Content of Premarket Submisisons for Software Contained in Medical Devices. Classification of risk is slightly different in the IEC 62304 standard, but similar enough that major changes in V&V activities should not be necessary.
[Brendan] What role can software development tools play when implementing this standard?
[Bruce] Assist in traceability management, configuration management, requirements management, code reviews, unit/module testing, integration testing, test protocol management.
[Brendan] Any other good online resources people can check out?
[Brendan] Thanks Bruce.