IEC 62304 Compliance - How is compliance to IEC 62304 verified?

R

RickQualityGuy

I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have enquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
 
Stijloor

Stijloor

Leader
Super Moderator
RickQualityGuy said:
I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have inquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
Click to expand...

Can someone help with this?

Thank you!!

Stijloor.
 
sagai

sagai

Quite Involved in Discussions
Hi Rick!
Welcome and let me reply quickly.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...
Click to expand...
There is no 3rd party audit for IEC62304.
In your described situation, I think your customer will audit it in the course of your customer audit. (you likely will be 1oo% vulnerable, because the evaluation will highly depend on the auditor competency/intent)


Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...
Click to expand...
I would not suggest to bind you to a non mandatory standard.
What you can do, is that to have a quality agreement with your customer and if it is inline with your company interest ($$$$ worths to do so) than include that your software developed for them is in accordance with IEC 62304. But again, it will cost you $$$ in creating such quality system and also to fulfill the documentation overload.
If you are ISO9001 certified and that's all, I would consider to calculate with an additional 30-50% continuous additional workload ONLY because of the documentation requirements defined in IEC 62304. The 20% range depends on the expertise has the one creates the new IEC62304 conform QMS.


Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?
Click to expand...
I am not sure what do you mean, sorry.

Regards
Szabolcs
 
R

RickQualityGuy

Thank you for your most thorough answer. What I meant by:

'Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304? '

was that we don't want to send proprietary source code for verification of IEC 62304 compliance. We are currently in the process of becoming ISO 9001 certified and now would be the time to fold into our quality program the requirements of IEC 62304. In that case, when ISO 9001 certification is achieved, that would verify IEC 62304 in a backhanded way. In other words, if our documented QMS is in compliance with IEC 62304 and we pass our initial audit process, that would verify compliance with IEC 62304.

As I think about it however it sounds like the extra overhead, i.e., additional documentation requirements, may be too burdensome. I think I saw somewhere that it required 300+ procedures, documents, records, etc.

Thanks again for your time and attention Szabolcs.
 
R

RickQualityGuy

Szaboics...Could you tell me what you mean by

"(you likely will be 1oo% vulnerable, because the evaluation will highly depend on the auditor competency/intent)"

...vulnerable to what. Thanks again.
 
sagai

sagai

Quite Involved in Discussions
was that we don't want to send proprietary source code for verification of IEC 62304 compliance.
Click to expand...
Based on the source code I tend to say nobody can determine IEC62304 compliance, because the source code does not reflects to it.

if our documented QMS is in compliance with IEC 62304 and we pass our initial audit process, that would verify compliance with IEC 62304.
Click to expand...
Actually, I do not think so.
ISO9001 certificate certifies that you fulfill the requirements of ISO9001.
This certificate neither a proof nor necessarily means you did a good job for IEC62304 compliance (sorry to say this ... :eek:).

I think I saw somewhere that it required 300+ procedures, documents, records, etc.
Click to expand...
Well, this is really depends on the expertise involved during the implementation of IEC62304 into your QMS.

...vulnerable to what.
Click to expand...
in the determination of IEC62304 compliance with a customer can turn to an intellectual masturbation (sorry, but really) when two parties based on their hypothetical interpretation of a complex standard quarreling with each other forgetting the original intent of such investigation.
With other words, they can have any finding and they could claim you harmed your contract.

and, well, I would not suggest to take such binding, IEC62304, without getting a well pre-calculated extra pay, but its far not my business I know.

Regards
Szabolcs
 
sagai

sagai

Quite Involved in Discussions
One more idea came into my mind.

Your customer expectation may origin from the following.
When you deliver your software to your Customer, they have to validate it in order to fulfill their regulatory requirement. It includes all patches, all new sub and main version, bug fixings, etc. .
So all the time they have work with your software deliveries.

I guess they think, in case you comply with IEC62304, than they do not have to do so, because your processes comply with this recognized standard and as such, you can comply with 21CFR820.
But this is not the case, because IEC32604 relates only to the majority (not all) of the design control requirements given in 21CFR820, and there are other areas also in order to claim your company is 21CFR820 conform and as such they do not have to validate your delivery (in case you would be, than they are right, they do not have do that validation, only proof their supplier, your company, is 21CFR820 conform).

So, if my assumption is correct and their intent origins from this direction, than the usual way is that the finished medical device manufacturer (your customer) defines in a quality agreement that you have to tailor the relevant part of their QMS and in case it is well implemented, yes, they can claim that your deliveries should not be validated.

Regards
Szabolcs
 
J

JSambrook

RickQualityGuy said:
I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have enquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
Click to expand...
Hello,

So, it sounds like you make a component, which contains software, that your customers embed in their products.

You might wish to look at section B.1.2 of the IEC 62304 standard. Here's a sentence that I think applies to your case: "Therefore, when the MEDICAL DEVICE SYSTEM ARCHITECTURE includes an acquired component (this could be a purchased component or a component of unknown provenance), such as a printer/plotter that includes SOUP, the acquired component becomes the responsibility of the MANUFACTURER and must be included in the RISK MANAGEMENT of the MEDICAL DEVICE."

(Note, the IEC 62304 standard capitalizes words that it defines -- I'm not shouting at you. :) )

Based on this, I don't believe you have to follow the IEC 62304 in order for a customer that is IEC 62304 to use your component(s). I think there are likely many things you can do to make using your component(s) in IEC 62304 compliant situations that will make life easier for your customers and hence make it easier for you to get design wins.

My two cents -- I hope this helpful to you.
 
You must log in or register to reply here.

Similar threads

A
Software validation with IEC 60601-1, 61508-3 or 62304?
Replies
5
Views
308
Tidge
T
T
IEC 62304 - Integration Plan, what is it?
Replies
3
Views
530
Tidge
T
A
Design validation for an embedded software ? 62304 or 82304 or what?
Replies
6
Views
218
Ed Panek
Ed Panek
T
Class B IEC 62304 - 5.4 Software Detailed Design
Replies
7
Views
809
yodon
Y
J
IEC 62304, Multiple software systems in one medical device
Replies
6
Views
603
DanMann
D
Top Bottom