IEC 62304
Lifecycle requirements for medical device software.
Definition
IEC 62304:2006 (with Amendment 1:2015) defines the lifecycle requirements for medical device software, including software development planning, requirements analysis, architectural design, implementation, integration, testing, release, and maintenance - scaled by software safety classification (Class A, B, C).What this means in practice
IEC 62304 is a recognized consensus standard by FDA and a harmonized standard under EU MDR. It is foundational for SaMD and software-containing devices. The standard scales its expectations by software safety class: Class A (no injury possible) requires the lightest process, Class B (non-serious injury) adds detailed design and integration testing, and Class C (death or serious injury) adds unit testing, more rigorous architecture, and stronger SOUP controls.Examples
- A Class C infusion pump control application with unit tests, formal architectural design records, and full SOUP evaluation for the RTOS and TLS stack.
- A Class B mobile SaMD dose calculator with documented software requirements, integration tests, and a maintained anomaly list.
Use cases
1 scenarioLegacy infusion pump firmware refresh
Software leadA team refactoring 10-year-old C firmware classifies the safety class as C, retrofits a software development plan, traces requirements to unit tests, and documents SOUP for the RTOS and TCP/IP stack.
- •Under-classifying software to avoid Class C obligations. Auditors and reviewers actively challenge classifications that do not align with the device's hazard analysis.
- •Skipping SOUP (Software of Unknown Provenance) requirements for open-source libraries and third-party components.
- •Treating IEC 62304 as an alternative to ISO 14971. It complements risk management; it does not replace it.
- •Losing traceability between software requirements, architecture items, unit tests, and integration tests.
Frequently asked questions
Cross-references
Related terms
Shared paths + categoryIEC 62304 classes A, B, C reflecting potential harm from software failure.
Software intended for medical purposes that performs without being part of a hardware device.
Software not developed for medical device use, or lacking adequate development records, incorporated into a device.
International standard for the application of risk management to medical devices.
International standard defining secure-product-lifecycle activities for health software, including medical devices.
Software embedded in or required to operate a hardware medical device.
Latest in MedTech
Primary references
3 sources- 1IEC 62304:2006/AMD1:2015VerifiedISOiso.org
- 2FDA Recognized Consensus StandardsUncheckedFDAaccessdata.fda.gov
- 3IEC Webstore - Medical EquipmentVerifiedIECwebstore.iec.ch
Inline markers like [1] jump to the matching reference above.