Medical Standards for FPGA

Developer_FPGA

Registered
We are currently developing a safety critical medical device. It has a power management board which has an FPGA to detect the supply rail voltages. The FPGA we are planning to use is standalone and is Purley based on RTL.

Please clarify the following questions.

1. Is IEC 62304 applicable for this FPGA?
2. What medical safety standards will apply to this FPGA? Please list them all.
3. Is functional safety package necessary to design the FPGA?


Also, please give any other information related to this.
 

yodon

Leader
Super Moderator
1. Is IEC 62304 applicable for this FPGA?
Generally speaking, yes, you should plan on compliance to 62304 FOR YOUR APPLICATION. You are, I assume, programming it (or outsourcing the programming) so it falls in scope. I emphasize 'for your application' because 62304 is effectively written for higher level applications and you need to frame up your processes appropriate to your work.

2. What medical safety standards will apply to this FPGA? Please list them all.
I'm not clear as to what you're asking. Safety standards are generally at the system level. 62304 has the concept of a software safety class and it's likely going to be equivalent to the device class.

3. Is functional safety package necessary to design the FPGA?
Not understanding this one, either. Functional (etc.) requirements for the FPGA programming will need to be established and you'll need to demonstrate they are met. You'll need a risk analysis for your system and for the code. The risk analysis may drive requirements for your FPGA programming. Any risk controls implemented in the FPGA programming would need to be verified for implementation AND effectiveness.
 

Tidge

Trusted Information Resource
I like the @yodon reply, but I think this is more of a gray area, depending on the provenance of the FPGA program and the function the FPGA performs in the system.

From a sustainability perspective, a developer probably wants the full details of the FPGA "code".

... but I can imagine a relatively simply piece of commercially available code to make an FPGA act like a relatively simple one-upon-a-time-discrete component that can't be purchased any more. Random example: maybe something like an old-timey UART? In 62304 parlance, this might look like a SOUP component, but since if it is completely and discretely located within a single FPGA, the necessary (system) testing would be indistinguishable from just testing a discrete UART.

I can construct a 62304-like development/configuration/testing process to govern this sort of application, but the external reviewers might roll their eyes.

FPGA's are much more powerful and flexible of course! Personally, if the FPGA is implementing anything other than what could be achieved by a discrete component(*1), it probably would be worth implementing a 62304-like process for the design/configuration management/testing/fixing of the FPGA program. I would just assume class C, unless the program is "SOUPy" in which case you probably can't do all of what you would do for the class C. It depends on what the "unit" is.

(*1) possible examples: State machines, signal processing.
 

Developer_FPGA

Registered
Thanks for your responses. I shall ask my questions more clearly.
We are developing a safety-critical medical device that includes a power management board.
This board is responsible for selecting power sources between the mains supply and a battery.
An FPGA is used on this board to monitor the supply rail voltages, select power source and communicate with main processor.
Given that the board may be classified under Safety Class B or C, I have a few questions:
  • Does the FPGA (both the silicon and the development tool used to design it) need to be functional safety compliant?
  • If the FPGA is not functional safety certified, can it still provide any benefit for compliance with IEC 62304, especially regarding unit verification?
  • Does the Xilinx Vivado development tool require a safety certification for this project?
  • If the FPGA is implemented purely using RTL code, does the FPGA still need to comply with IEC 62304, or should it instead undergo testing under IEC 60601?
  • Does it require two FPGAs to make the design fail safe according to IEC 60601 and ISO 14971?
 
Top Bottom