Is IEC 62304 mandatory?

The standard is not mandatory, it’s voluntary. However, the FDA has acknowledged that the use of IEC 62304 helps assure safety in medical devices and recognizes that it can be used to submit a declaration of conformity, which is a premarket (such as 510(k)) submission requirement.

What is the latest version of IEC 62304?

The first edition of the international standard was released back in May of 2006. It’s an adaptation of IEC 61508. The standard has had one update in 2015. Amendment 1 added a few regulatory requirements. Others were amended, particularly those related to safety classification. Also, the handling of legacy code and software item separation is discussed. The latest version remains IEC 62304:2006/Amd 1:2015.

What is PEMS validation?

As defined, Programmable Electrical Medical Systems (PEMS) validation determines that the requirements for intended use are satisfied. In other words, performance requirements need to be tested by way of execution. A pass result validates the requirement. Verification of the requirement ensures that a test case exists for every requirement.

What Is the IEC 62304 standard?

Q: What Is the IEC 62304 Standard?

The ISO/IEC 62304 standard is a software safety classification that provides a framework for medical device software lifecycle processes with activities and tasks necessary for the safe design and maintenance of medical device software.

See what API testing solution came out on top in the GigaOm Radar Report. Get your free analyst report >>

IEC 62304

What Is IEC 62304?

Created by the International Organization for Standardization (ISO) through an international electrotechnical commission, IEC 62304 is the standard that specifies the process and needed objectives to develop medical device software safely.

The U.S. FDA accepts IEC 62304 compliance as evidence that the software has been designed according to the required regulations/standards and risk control measures.

Reaching Every Phase of the SDLC

These guidelines touch every phase of the software development life cycle (SDLC), covering everything from initial software development planning, requirement analysis, software detailed design, unit implementation, and all the way through to software test validation and device deployment.

This standard covers the development of medical software. By contrast, ISO 13485 sets functional safety standards for medical device manufacturers to use for medical device development—for the design and manufacture of the devices themselves.

Software Risk Management Categories

Whether it’s a doctor, a specialist, or a nurse, healthcare providers depend on medical devices to treat their patients. As part of the software risk management process, those safety-critical systems need to be secure and reliable to ensure everything has been done to prevent any catastrophic failure that could cause death or serious injury.

To assess the risk, the U.S. Food and Drug Administration (FDA) has created a classification system to help with the development of these safety-critical systems.

Medical devices can be sorted into three categories as part of a risk management software process.

Class I. Low-risk devices are not intended to support or sustain life. These could include items like a bandage, a crutch, or a non-electric wheelchair.
Class II. Intermediate-risk devices come into sustained contact with a patient and the practitioner needs training to use them. These devices could include catheters, blood pressure cuffs, or intravenous infusion pumps.
Class III. High-risk devices designed to sustain or support life. Class III devices are life-saving tools like defibrillators, pacemakers, or high-frequency ventilators.

Although IEC 62304 is filled with highly detailed documentation that tells you what should be done to create compliant software and to guard against software failure and hazardous situations, the caveat is that it doesn’t really tell you how it should be done. These guidelines were intentionally created that way to account for evolutionary software changes, changes in software development processes and practices, and the introduction of new technologies.

Talk to an Expert

Benefits of Test Automation to Satisfy IEC 62304

Satisfy IEC 62304 compliance objectives by automating verification and validation methods like the following, while also reducing the amount of labor costs and time to market.

Code reviews
Requirements traceability
Static analysis
Unit testing
Code coverage and more

This can be all part of the software configuration management process, software problem resolution process, software maintenance process, and software maintenance plan.

Learn more about developing software for medical devices compliant with the FDA’s quality system regulations.

Download Whitepaper

Compliance Solutions Parasoft Brings to IEC 62304

Satisfy Compliance Walkthroughs & Inspections

Parasoft’s walkthroughs or code review module is designed to make peer reviews more practical and productive by automating preparation, notification, and tracking. It automatically identifies updated code, matches it with designated reviewers, and tracks the progress of each review item until closure.

Satisfy Compliance Control Flow Analysis

Parasoft technology uses several analysis techniques, including simulation of application execution paths to identify paths that could trigger runtime defects. Defects detected include the use of uninitialized memory, null pointer dereferencing, division by zero, memory, and resource leaks.

Satisfy Compliance Data Flow Analysis

Parasoft’s data flow analysis finds potentially crash-causing defects like exceptions and resource leaks without having to create, execute, or maintain test cases. It allows you to determine whether actual application execution paths could lead to injection vulnerabilities, XSS, exposure of sensitive data, and other weaknesses. This provides a fast and easy way to identify reliability and performance problems without executing the application.

Satisfy Compliance Static Code Analysis

Achieve compliance with safety coding standards such as MISRA, AUTOSAR C++14, and more. Or, as part of a quality management system (QMS), create your own custom coding standards configuration for your organization and suppliers using our RuleWizard.

Satisfy Static Analysis Security Testing (SAST)

Weave compliance with security coding standards like SEI CERT, CWE, OWASP, and UL 2900 into the SA testing set of processes and ensure your code meets stringent cybersecurity standards.

Satisfy Code Coverage Compliance General Requirements

Fulfill all IEC 62304 code coverage requirements. All code coverage types (statement, branch, MC/DC and more) are supported and help ensure code safety, security, and reliability by exposing untested code, dead code, and flushing out defects.

Satisfy Unit Testing

Isolate the software unit to be tested with Parasoft’s automated stubbing framework and mocks in cases where the dependent code is unavailable, cannot be easily controlled, or in instances where fault injection is difficult.

Automated Test Case Generation

Creating unit tests manually is tedious. Fortunately, unit tests lend themselves well to automatic unit test creation. Parasoft’s configurable test case generation can build smart test cases that will identify bugs, automate code coverage, collect results and metrics to feed project analytics.

Incorporate Static & Dynamic Analysis Into Your CI/CD Workflow

Parasoft’s static analysis, unit testing, regression testing, and code coverage integrate easily into your CI/CD pipeline. With continuous testing, deliver safe, secure, and high-quality software quickly.

Satisfy Compliance Reporting

Parasoft’s dynamic reporting dashboard automatically tracks compliance and can automatically produce reports. It also enables advanced reporting strategies using historical data, even when working with large codebases and legacy code where visibility into the code is typically challenging.

Reduce the Cost of Defects

Code defects found in production or out in the field are the most expensive. Prevent them from slipping through the cracks by highlighting code that has not been tested before you release your application. This can be performed at the developer’s workstation or automated as part of the continuous integration (CI) pipeline

Satisfy IEC Bidirectional Requirements Traceability

Automate bidirectional traceability between requirements, test cases, test results, code, and code reviews.

Use a TÜV Certified & Proven Solution for Safety- & Security- Critical Systems

Parasoft solutions have been TÜV SÜD certified for IEC 62304 for all SIL levels.

Test Smarter With AI & ML

Parasoft incorporates AI and machine learning to improve productivity in your teams’ static analysis workflow, flagging and prioritizing the violations that need to be fixed first.

Request a Demo

Best Practices for Satisfying IEC 62304

Perform & Understand Your Software Safety Classification (ISO 14971)

Upon completion of the software safety classification your software application will be categorized as class A, B, or C. Software categorized at level C will require a higher level of testing. Know what the expectations are.

Class A: No injury or damage to health is possible.
Class B: Non-SERIOUS INJURY is possible.
Class C: Death or SERIOUS INJURY is possible.

Automate Static Analysis & Unit Testing

To comply with IEC 62304, organizations must implement multiple processes and life cycle requirements, and also techniques like static analysis and unit testing. Test automation activities will significantly improve code safety, security, reliability and will expedite organizations in achieving IEC 62304 compliance.

Ensure Your Tool Is Qualified for Use

Parasoft C/C++test is certified by TÜV SÜD and C/C++test CT is in the process of certification as suitable for use when developing safety-critical systems. The TÜV certification covers C/C++test qualification for all levels of SIL. Parasoft also has a Qualification Kit that automates a significant part of the tool qualification process, if it’s ever needed.

Ensure Bidirectional Integration Between Your ALM & Test Automation Solutions

IEC 62304 recommends bidirectional traceability between requirements and the test cases that verify and validate the software requirements. Parasoft C/C++test and C/C++test CT provide bidirectional integration between ALM tools like Jama, Polarion, codebeamer, and Jira, which fulfill and have extended traceability needs.

Ensure you Can Easily Generate Proof of Compliance

Parasoft C/C++test, C/C++test CT, and DTP cover all the bases in reporting the test verification and validation documentation needed to demonstrate compliance to IEC 62304, including audit purposes.

Talk to an Expert

Manage IEC 62304 Compliance With Efficiency, Visibility, & Ease

Getting Started With an Example

Adopt an automated software testing solution that will support and take you through the entire IEC 62304 software development life cycle. Parasoft’s tools provide a complete verification and validation framework with static analysis, unit testing, integration testing, system testing, structural code coverage, and more, for the delivery of safe, secure, and reliable software architectural designs, compliant to any SIL level, satisfying IEC 62304.

Also, important to note is that C/C++test and C/C++test CT integrates right into your developers’ IDE (integrated development environment). This dramatically shortens the learning curve, simplifies adoption, improves productivity at the same time reduces costs.

Begin by implementing your code to requirements. However, as the code is written, run the static analysis often to identify and fix any coding violation identified. This prevents defects in safety, security, and quality at the earliest and least expensive phase in software development.

As you move into and up the software verification phases (unit, integration, and software system testing), strongly consider integrating your testing into your build process.

Automation into a modern continuous integration and continuous delivery (CI/CD) workflow has shown to be beneficial in many ways. Defects are found quicker and often, the products improve rapidly, more features are introduced, software release cycles are shorter, and much more.

C/C++test and C/C++test CT easily integrates into modern CI/CD development ecosystems, offering the most value and cost-effective automated software testing solution.

Request a Demo

Light blue banner with white connectivity overlay.

Why Parasoft?

There are many unique advantages that Parasoft’s automated software testing solutions bring to IEC 62304 compliance.

Integrations With Embedded IDEs & Debuggers

One key Parasoft C/C++ testing solution benefit is its dedicated integrations with embedded IDEs and debuggers. Supported IDE environments include:

Eclipse
VS Code
Green Hills Multi
Wind River Workbench
IAR EW
ARM MDK
ARM DS-5
TI CCS
Visual Studio and many others

Running Tests on Host & Target

Parasoft C/C++test and C/C++test CT can also be used to execute unit, integration, and system tests on the host platform, target processor simulator, or the embedded target optimized to take minimal additional overhead for the binary footprint or process cycles.

FDA Certification

Another huge benefit Parasoft brings to the table is its unique tool suite offering to address today’s medical industry needs in terms of medical device testing and compliance for FDA new device certification and 510(k) evidence demonstration.

Saving Time & Costs With Test Automation

Parasoft test automation solutions provide considerable time and cost savings. Comprehensive compliance reporting provides granular, dynamic views into the compliance process. A centralized reporting system gives teams insight into code violation analytics by group and category and generates compliance documentation automatically to prove compliance with IEC 62304.