Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485
- Thread starter Talja
- Start date
Re: Is there any requirement to be compliant with IEC 62304 while implementing ISO 13
That's pretty much a trick question.
The short answer is no.
But let me relate my experience. I cited compliance to it in my Technical File. My NB at the time, then, required that I have an independent lab assess compliance (the NB said they could do it but it would delay the review and cost substantially more).
Another client with a different NB cited compliance in their Technical File and the NB accepted it without the added review. So I don't know what the best approach is.
It *is* a harmonized standard (although only the :2006 version, not the :2015) so compliance is, well, expected to be the best route. In the US, FDA cites the :2015 version (and the :2006) version as consensus standards.
Since you mention outsourcing, let me relate one more bit. Two NBs that I worked with have both cited software development as a critical process. If the software developer is NOT registered to 13485, the NB will likely require that the developer be audited (at your expense). So if you're outsourcing software development, it's probably best that a) they be registered to 13485; and b) they comply with 62304.
That's pretty much a trick question.
The short answer is no.
But let me relate my experience. I cited compliance to it in my Technical File. My NB at the time, then, required that I have an independent lab assess compliance (the NB said they could do it but it would delay the review and cost substantially more).
Another client with a different NB cited compliance in their Technical File and the NB accepted it without the added review. So I don't know what the best approach is.
It *is* a harmonized standard (although only the :2006 version, not the :2015) so compliance is, well, expected to be the best route. In the US, FDA cites the :2015 version (and the :2006) version as consensus standards.
Since you mention outsourcing, let me relate one more bit. Two NBs that I worked with have both cited software development as a critical process. If the software developer is NOT registered to 13485, the NB will likely require that the developer be audited (at your expense). So if you're outsourcing software development, it's probably best that a) they be registered to 13485; and b) they comply with 62304.
E
EthanLoh
Re: Is there any requirement to be compliant with IEC 62304 while implementing ISO 13
IEC 62304 is a software standard. Related to product.
ISO 13485 is a QMS standard.
There are no requirements to have these 2 standards implemented together.
I believed your product is an active medical device with software and the software is developed by this outsourcing development company. (Please correct me if I am wrong.) You need to ensure they follow clause 7.3 design and development requirements.
My experiences with software developer - they are software engineer, not QA/QMS engineer. Documentation (design inputs, outputs, etc) is always a big headache.:mg:
IEC 62304 is a software standard. Related to product.
ISO 13485 is a QMS standard.
There are no requirements to have these 2 standards implemented together.
I believed your product is an active medical device with software and the software is developed by this outsourcing development company. (Please correct me if I am wrong.) You need to ensure they follow clause 7.3 design and development requirements.
My experiences with software developer - they are software engineer, not QA/QMS engineer. Documentation (design inputs, outputs, etc) is always a big headache.:mg:
A
Access2hc
Re: Is there any requirement to be compliant with IEC 62304 while implementing ISO 13
if the outsourcing company chooses to go towards 13485 certification, or perhaps is in your supplier agreement. that is what it is.
IEC62304 comes in when your software product is marketed in countries that adopts the IEC standard. you can have that in your supplier agreement too.
feel free to ask
Cheers,
Ee Bin
Access2hc
if the outsourcing company chooses to go towards 13485 certification, or perhaps is in your supplier agreement. that is what it is.
IEC62304 comes in when your software product is marketed in countries that adopts the IEC standard. you can have that in your supplier agreement too.
feel free to ask
Cheers,
Ee Bin
Access2hc
B
BhupinderSinghPawa
Re: Is there any requirement to be compliant with IEC 62304 while implementing ISO 13
The outsourcing company need not be 13485 compliant / certified.
Between the manufacturer and 'software' supplier - the software development process should be in place to produce the documents/records as required by 62304. Based on the extent of outsourcing (entire software engineering life-cycle or a subset), the supplier should have the requisite processes and produce documentation inline with 62304 requirements. The software safety classification drives the activities and documentation required.
Ultimately manufacturer is responsible and should be control of 'software' supplier - with a quality agreement and tracking of deliverable's.
The NB/CB are providing services for - 62304 compliance Test Certificate - based on software audit driven by 62304 checklist - that provides a mapping to the 'software' QMS and software deliverables/records. There is no accreditation for providing 62304 certificate.
A pure play software development house may not be interested in going for ISO 13485 certification - if medical software is not their focus area. With a quality agreement they should be able to support you with process and documentation requirements of 62304.
The outsourcing company need not be 13485 compliant / certified.
Between the manufacturer and 'software' supplier - the software development process should be in place to produce the documents/records as required by 62304. Based on the extent of outsourcing (entire software engineering life-cycle or a subset), the supplier should have the requisite processes and produce documentation inline with 62304 requirements. The software safety classification drives the activities and documentation required.
Ultimately manufacturer is responsible and should be control of 'software' supplier - with a quality agreement and tracking of deliverable's.
The NB/CB are providing services for - 62304 compliance Test Certificate - based on software audit driven by 62304 checklist - that provides a mapping to the 'software' QMS and software deliverables/records. There is no accreditation for providing 62304 certificate.
A pure play software development house may not be interested in going for ISO 13485 certification - if medical software is not their focus area. With a quality agreement they should be able to support you with process and documentation requirements of 62304.
So, if the software development is outsourced then besides having IEC 62304 certification, what else do you include in your agreement? Do you include that the outsourced company provide PRS document, design review summary, Test traceability report, test summary report? What should be specified in the agreement?
I don't think you can get 62304 certification (at least I've not heard of anyone but I may be wrong).
A blanket statement would be that they comply with IEC 62304 - all the required deliverables are outlined there. There's a good bit of baggage with that; e.g., having a defined software lifecycle. (Side note: FDA has changed course a bit and has slightly different requirements from 62304 so if you're planning on submitting for clearance from FDA, you want to ensure they will comply with the latest FDA guidance for software submissions.)
One thing to note is that the contract shop cannot just be compliant in isolation. First, there's risk management to consider. They aren't going to / shouldn't define all the risk acceptability criteria or know severity levels so you still have to drive that. There's also postmarket considerations - who receives feedback and how that folds into the software maintenance procedures.
And aside from 'just' 62304, there are cybersecurity considerations - both in terms of pre- and post-market, and again, they can't do it all.
A blanket statement would be that they comply with IEC 62304 - all the required deliverables are outlined there. There's a good bit of baggage with that; e.g., having a defined software lifecycle. (Side note: FDA has changed course a bit and has slightly different requirements from 62304 so if you're planning on submitting for clearance from FDA, you want to ensure they will comply with the latest FDA guidance for software submissions.)
One thing to note is that the contract shop cannot just be compliant in isolation. First, there's risk management to consider. They aren't going to / shouldn't define all the risk acceptability criteria or know severity levels so you still have to drive that. There's also postmarket considerations - who receives feedback and how that folds into the software maintenance procedures.
And aside from 'just' 62304, there are cybersecurity considerations - both in terms of pre- and post-market, and again, they can't do it all.
Thank you. Also, this is a SiMD so, there is the integration testing, but that that too is outsourced to the same company that develops the software.
Similar threads
