On June 15, 2015, the International Electrotechnical Commission, IEC, published Amendment 1:2015 to the IEC 62304 standard “Medical device software – software life cycle processes”. The amendment complements the 1st edition from 2006 by adding various requirements, particularly requirements regarding safety classification and the handling of legacy software. Harmonization of Amendment 1:2015 is expected to follow in 2016.
Risk-based safety classification
One crucial change concerns the new risk-based approach to the safety classification of medical device software. The previous concept was based exclusively on the severity of the resulting harm. Downgrading of the safety classification of medical device software from C to B or B to A used to be possible by adopting hardware-based risk mitigation measures external to the software. The new amendment now replaces this concept, with the safety classification as shown in the decision tree below (see figure).
Safety classification according to IEC 62304 – Amendment 1:2015
Amendment 1: 2015 defines the following safety classes
The software system cannot contribute to a hazardous situation or the software system can contribute to a hazardous situation which does not result in unacceptable risk after consideration of risk control measures external to the software system.
The software system can contribute to a hazardous situation which results in unacceptable risk after consideration of risk control measures external to the software system but the resulting possible harm is non-serious injury.
The software system can contribute to a hazardous situation which results in unacceptable risk after consideration of risk control measures external to the software system, and the resulting possible harm is death or serious injury.
New processes for legacy software
Amendment 1:2015 also includes requirements for the handling of software designed prior to the existence of the IEC 62304 standard for which manufacturers are unable to provide sufficient evidence of compliance with the current standard. IEC 62304 previously covered legacy software as software of unknown provenance (SOUP). The current changes include detailed and various requirements regarding the handling of legacy software based on risk assessment.
In addition, work on the second, updated edition of IEC 62304 is ongoing. The 2nd edition will possibly be published in 2018. It can be assumed that the changed requirements included in Amendment 1:2015 will be integrated into the updated edition.