IEC 62304 Compliance - How is compliance to IEC 62304 verified?

R

RickQualityGuy

#1
I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have enquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
 
Elsmar Forum Sponsor

Stijloor

Staff member
Super Moderator
#2
I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have inquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
Can someone help with this?

Thank you!!

Stijloor.
 

sagai

Quite Involved in Discussions
#3
Hi Rick!
Welcome and let me reply quickly.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...
There is no 3rd party audit for IEC62304.
In your described situation, I think your customer will audit it in the course of your customer audit. (you likely will be 1oo% vulnerable, because the evaluation will highly depend on the auditor competency/intent)


Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...
I would not suggest to bind you to a non mandatory standard.
What you can do, is that to have a quality agreement with your customer and if it is inline with your company interest ($$$$ worths to do so) than include that your software developed for them is in accordance with IEC 62304. But again, it will cost you $$$ in creating such quality system and also to fulfill the documentation overload.
If you are ISO9001 certified and that's all, I would consider to calculate with an additional 30-50% continuous additional workload ONLY because of the documentation requirements defined in IEC 62304. The 20% range depends on the expertise has the one creates the new IEC62304 conform QMS.


Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?
I am not sure what do you mean, sorry.

Regards
Szabolcs
 
R

RickQualityGuy

#4
Thank you for your most thorough answer. What I meant by:

'Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304? '

was that we don't want to send proprietary source code for verification of IEC 62304 compliance. We are currently in the process of becoming ISO 9001 certified and now would be the time to fold into our quality program the requirements of IEC 62304. In that case, when ISO 9001 certification is achieved, that would verify IEC 62304 in a backhanded way. In other words, if our documented QMS is in compliance with IEC 62304 and we pass our initial audit process, that would verify compliance with IEC 62304.

As I think about it however it sounds like the extra overhead, i.e., additional documentation requirements, may be too burdensome. I think I saw somewhere that it required 300+ procedures, documents, records, etc.

Thanks again for your time and attention Szabolcs.
 
R

RickQualityGuy

#5
Szaboics...Could you tell me what you mean by

"(you likely will be 1oo% vulnerable, because the evaluation will highly depend on the auditor competency/intent)"

...vulnerable to what. Thanks again.
 

sagai

Quite Involved in Discussions
#6
was that we don't want to send proprietary source code for verification of IEC 62304 compliance.
Based on the source code I tend to say nobody can determine IEC62304 compliance, because the source code does not reflects to it.

if our documented QMS is in compliance with IEC 62304 and we pass our initial audit process, that would verify compliance with IEC 62304.
Actually, I do not think so.
ISO9001 certificate certifies that you fulfill the requirements of ISO9001.
This certificate neither a proof nor necessarily means you did a good job for IEC62304 compliance (sorry to say this ... :eek:).

I think I saw somewhere that it required 300+ procedures, documents, records, etc.
Well, this is really depends on the expertise involved during the implementation of IEC62304 into your QMS.

...vulnerable to what.
in the determination of IEC62304 compliance with a customer can turn to an intellectual masturbation (sorry, but really) when two parties based on their hypothetical interpretation of a complex standard quarreling with each other forgetting the original intent of such investigation.
With other words, they can have any finding and they could claim you harmed your contract.

and, well, I would not suggest to take such binding, IEC62304, without getting a well pre-calculated extra pay, but its far not my business I know.

Regards
Szabolcs
 

sagai

Quite Involved in Discussions
#8
One more idea came into my mind.

Your customer expectation may origin from the following.
When you deliver your software to your Customer, they have to validate it in order to fulfill their regulatory requirement. It includes all patches, all new sub and main version, bug fixings, etc. .
So all the time they have work with your software deliveries.

I guess they think, in case you comply with IEC62304, than they do not have to do so, because your processes comply with this recognized standard and as such, you can comply with 21CFR820.
But this is not the case, because IEC32604 relates only to the majority (not all) of the design control requirements given in 21CFR820, and there are other areas also in order to claim your company is 21CFR820 conform and as such they do not have to validate your delivery (in case you would be, than they are right, they do not have do that validation, only proof their supplier, your company, is 21CFR820 conform).

So, if my assumption is correct and their intent origins from this direction, than the usual way is that the finished medical device manufacturer (your customer) defines in a quality agreement that you have to tailor the relevant part of their QMS and in case it is well implemented, yes, they can claim that your deliveries should not be validated.

Regards
Szabolcs
 
J

JSambrook

#10
I am a project manager for a company that produces wi-fi radios that are integrated into medical devices, i.e., IV infusion pumps, portable cardiac monitors. These wi-fi radios have embedded software such as, device drivers and configuration utilities that we develop and supply to the medical device manufacturers. This software interfaces with the medical devices software developed by the medical device manufacturer.

The medical device manufacturers that are our customers have enquired if we develop our SW to the IEC 62304 standard. We do not need FDA approval but our customers require it.

My question is how is compliance to IEC 62304 verified? Is it done by 3rd party auditor (similiar to ISO 9001) and you are awarded a certificate of approval/compliance? Or...

Do we provide the medical device manufacturers a statement stating the SW was developed IAW IEC 62304. Or...

Send the medical device manufacturers a copy of our ISO 9001 Quality Manual that has factored into it the requirements of IEC 62304?

I know this was a little wordy; but I wanted to be thorough. Thanks in advance.
Hello,

So, it sounds like you make a component, which contains software, that your customers embed in their products.

You might wish to look at section B.1.2 of the IEC 62304 standard. Here's a sentence that I think applies to your case: "Therefore, when the MEDICAL DEVICE SYSTEM ARCHITECTURE includes an acquired component (this could be a purchased component or a component of unknown provenance), such as a printer/plotter that includes SOUP, the acquired component becomes the responsibility of the MANUFACTURER and must be included in the RISK MANAGEMENT of the MEDICAL DEVICE."

(Note, the IEC 62304 standard capitalizes words that it defines -- I'm not shouting at you. :) )

Based on this, I don't believe you have to follow the IEC 62304 in order for a customer that is IEC 62304 to use your component(s). I think there are likely many things you can do to make using your component(s) in IEC 62304 compliant situations that will make life easier for your customers and hence make it easier for you to get design wins.

My two cents -- I hope this helpful to you.
 
Thread starter Similar threads Forum Replies Date
E Test report to certify compliance with IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 1
G Adopting old product - compliance with IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 9
K IEC 62304 compliance - Code reviews as part of verification strategy IEC 62304 - Medical Device Software Life Cycle Processes 5
D Required Checklist Showing Compliance to IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 11
C Software for Medical Devices - Requirements Content for compliance with IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 1
K IEC 62304 - Compliance steps IEC 62304 - Medical Device Software Life Cycle Processes 5
M IEC 62304 Compliance Status - Is it mandatory for IVD device? IEC 62304 - Medical Device Software Life Cycle Processes 7
W IEC 62304 compliance status - Is it mandatory for 510(k) submittal? IEC 62304 - Medical Device Software Life Cycle Processes 4
E Any sample of a full software life cycle IEC 62304 report ( any class )? IEC 62304 - Medical Device Software Life Cycle Processes 1
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
S IEC 62304 software costs and time Medical Device and FDA Regulations and Standards News 3
S IEC 62304 - Software verification cost IEC 62304 - Medical Device Software Life Cycle Processes 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
M IEC 62304 Software changes - Minor labeling changes on the GUI IEC 62304 - Medical Device Software Life Cycle Processes 3
K IEC 62304 - Testing Independance IEC 62304 - Medical Device Software Life Cycle Processes 5
K IEC 62304 - Functional and performance requirements for SOUP items IEC 62304 - Medical Device Software Life Cycle Processes 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
M IEC 62304 Class A Project IEC 62304 - Medical Device Software Life Cycle Processes 15
B Clause 5.1.12 of Technical Standard IEC 62304/A1 IEC 62304 - Medical Device Software Life Cycle Processes 5
P SOUP anomaly evaluation for MMA (Mobile Medical Application) IEC 62304 clause 7.1.3 IEC 62304 - Medical Device Software Life Cycle Processes 6
P IEC 62304 - evaluation of integration and system testing IEC 62304 - Medical Device Software Life Cycle Processes 4
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
P Proposed revision of IEC 62304 - 2019 IEC 62304 - Medical Device Software Life Cycle Processes 6
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
P IEC 62304:2006 A1:2015 - Software from the early 1990s IEC 62304 - Medical Device Software Life Cycle Processes 4
B IEC 62304:2015 vs IEC 62304:2006 + AMD1 IEC 62304 - Medical Device Software Life Cycle Processes 4
F IEC 62304 - Segregation and communication between software items IEC 62304 - Medical Device Software Life Cycle Processes 1
B Class IIB Device - IEC 62304 Software Classification IEC 62304 - Medical Device Software Life Cycle Processes 13
B IEC 62304 - Update Checklist IEC 62304 - Medical Device Software Life Cycle Processes 2
L Connection between IEC 62304 and Chapter 14 of IEC 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
M IEC 62304 - Develop an Architecture for the Interfaces of Software Items IEC 62304 - Medical Device Software Life Cycle Processes 8
S Does IEC 62304 require documenting unresolved anomalies for all safety classes? IEC 62304 - Medical Device Software Life Cycle Processes 4
A SOP for software validation of software in medical device IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 5
T I need to make test reports according IEC 62304 & IEC 62366 IEC 62366 - Medical Device Usability Engineering 2
D Changing software classification via software - IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 3
D Software as risk control - Confused on one aspect of IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 20
K Trying to figure out what satisfies a few aspects of IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 2
Y IEC 62304 Section 4.3(a) - 100% probability of failure IEC 62304 - Medical Device Software Life Cycle Processes 3
Y Application of IEC/EN 62304 at an advanced stage of software development IEC 62304 - Medical Device Software Life Cycle Processes 4
T Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
L Documentation Planning - IEC 62304 Clause 5.1.8 IEC 62304 - Medical Device Software Life Cycle Processes 2
W CPU BIST IEC 62304 - Embedded code has CPU instruction tests IEC 62304 - Medical Device Software Life Cycle Processes 2
K IEC 62304 Amd 1 2015 - Figure 3 – Assigning Software Safety Classification IEC 62304 - Medical Device Software Life Cycle Processes 11
K Risk Reduction by Risk Control: IEC:62304-Class C ISO 14971 - Medical Device Risk Management 15
C Per IEC 62304, are DHF documents Configuration Items? IEC 62304 - Medical Device Software Life Cycle Processes 8
P IEC 62304 AMD1:2015: What's new vs.the 2006 Edition? IEC 62304 - Medical Device Software Life Cycle Processes 4
F FDA PMK 510(k) - IEC 62304 Software Components Segregation Other US Medical Device Regulations 3
M IEC 62304 Applicability - GUI Control Software IEC 62304 - Medical Device Software Life Cycle Processes 3
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1

Similar threads

Top Bottom