IEC 82304-1 and its Application for Stand-Alone Software

IEC 82304, in conjunction with IEC 62304, plays a critical role in the realm of software-based medical devices. While these two standards may appear similar at first glance, they actually differ in terms of requirements and application.

Our previous discussions have delved extensively into IEC 62304 and the essential documentation necessary for a comprehensive software development lifecycle. Documents such as the software development plan, software architecture, and software test protocols and reports are just a few examples of what IEC 62304 specifically mandates.

In this article, our focus will shift towards the requirements outlined in IEC 82304, emphasizing its connection to IEC 62304 and exploring in-depth the documents required to achieve compliance with this standard.

It is important to note that currently, IEC 82304 is not a harmonized standard under the EU MDR and IVDR. Consequently, its application is not strictly mandatory. However, it should still be regarded as the state-of-the-art standard. In practice, compliance with IEC 82304 for stand-alone medical device software is indirectly expected and likely requested by notified bodies.

Now, let’s delve into the scope of IEC 82304.

IEC 82304 specifically pertains to health software, which is defined as software intended for the purpose of maintaining or improving the health of individuals or facilitating the delivery of care.

While IEC 62304 focuses exclusively on medical device software, encompassing medical products with clearly defined medical-related purposes, IEC 82304 applies to a broader range of software. However, IEC 82304 specifically addresses stand-alone software, regardless of whether that software is regulated as a medical device or not. On the other hand, IEC 62304 encompasses all types of medical software, including both stand-alone software and software embedded within specific hardware devices.

Software life cycle according to IEC 82304

In summary, IEC 82304 expands upon the requirements set forth by IEC 62304. While IEC 62304 focuses solely on verification activities to confirm that a device has been appropriately designed in accordance with its intended function, it does not encompass the requirements for software validation.

This is where IEC 82304 comes into play, introducing specific requirements for software validation. Validation activities become an integral part of the process outlined in IEC 82304, and they encompass elements such as Product Use Requirements, Product Validation Plans, and Reports.

By including these additional requirements, IEC 82304 ensures a more comprehensive approach to software development, taking into account the validation of software performance in real-world scenarios. It emphasizes the need to assess how the software functions within its intended context of use and validates its performance accordingly.

Software validation is crucial as it enables manufacturers to assess the overall performance, safety, and effectiveness of their software-based medical devices. Through validation activities, they can ensure that the software meets the intended use requirements and operates reliably within the desired healthcare environment.

In essence, while IEC 62304 focuses primarily on the design and verification aspects of software-based medical devices, IEC 82304 complements it by providing guidance and requirements for the critical process of software validation. This expansion allows for a more thorough evaluation of software performance, enhancing overall product quality and patient safety.

Product Use Requirements for Health Software

Section 4.2 of the IEC 82304 standard provides valuable insights into the specific types of use requirements that are essential to specify for health software. Let’s delve into these requirements in more detail:

1. Requirements Addressing the Intended Use: This category encompasses the requirements that directly pertain to the intended use of the health software. It ensures that the software meets the necessary functionality and performance criteria to achieve its intended purpose in maintaining or improving individual health or delivering care.
2. Interface/User Interface Requirements: These requirements focus on the design and usability aspects of the software’s interface. They ensure that the user interface is intuitive, user-friendly, and facilitates effective interaction between users and the software.
3. Requirements for Immunity from or Susceptibility to Unintended Influence: This set of requirements addresses the software’s ability to withstand unintended interference or influence from other software that shares the same hardware resources. It ensures that the health software operates independently and reliably without being compromised by external factors.
4. Privacy and Security Requirements: In an era where data privacy and security are paramount, this category of requirements focuses on safeguarding sensitive patient information and ensuring the security of the health software. It includes measures to protect data confidentiality, integrity, and availability, as well as compliance with relevant privacy regulations.
5. Requirements for Accompanying Documents: These requirements pertain to the necessary supporting documents that accompany the health software. This includes instructions for use, user manuals, documentation of system requirements, and any other relevant documents that provide guidance on the proper utilization and deployment of the software.
6. Requirements for Support: This category encompasses various aspects of software support throughout its lifecycle. It includes considerations for upgrades from previous versions, the ability to rollback to the previous version after an upgrade if necessary, timely provision of security patches and updates, proper decommissioning procedures, irreversible deletion of data, and appropriate data transfer and retention policies.

By defining these diverse types of use requirements, the IEC 82304 standard ensures that health software is developed and deployed in a manner that addresses crucial aspects such as functionality, usability, data security, and compliance. These requirements serve as a guideline for manufacturers, helping them meet the necessary quality and safety standards while delivering reliable and efficient health software solutions.

Health Software Product Validation 

As mentioned earlier, the validation requirements for stand-alone software were not encompassed within the IEC 62304 standard. However, these vital requirements are explicitly stipulated in the framework of IEC 82304. It is essential to develop a comprehensive validation plan that addresses the user requirements pertaining to the product.

The validation plan should include the following key elements:

1. Identification of Validation Scope and Activities: Clearly define the scope of validation and outline the specific activities that need to be undertaken to validate the software. This ensures that the validation process encompasses all the necessary aspects and functionalities of the product.
2. Consideration of Constraints: Identify any potential constraints that may pose challenges or limitations to the feasibility of the validation activities. This helps in proactively addressing any obstacles and finding suitable solutions to overcome them.
3. Selection of Validation Methods and Criteria: Choose appropriate validation methods that align with the nature of the software and its intended use. Determine the necessary input information and establish associated acceptance criteria that must be met for successful validation.
4. Identification of Enabling Systems or Services: Identify any supporting systems or services that are required to facilitate the validation process effectively. This includes any infrastructure, tools, or resources needed to carry out the validation activities.
5. Specification of Validation Personnel Qualification: Define the required qualifications and expertise of the personnel involved in the validation process. This ensures that the validation team possesses the necessary skills and knowledge to conduct thorough and reliable validations.
6. Establishment of Validation Team Independence: Clearly define the appropriate level of independence of the validation team from the design team. This ensures an unbiased and objective assessment of the software’s performance, reducing the potential for conflicts of interest.

By incorporating these elements into the validation plan, manufacturers can ensure that the stand-alone software undergoes a rigorous and robust validation process, demonstrating its compliance with the necessary standards and regulations. The validation plan serves as a roadmap, guiding the validation activities and ensuring the software’s reliability, safety, and effectiveness in its intended use.

Instructions for Use for Health Software as per IEC 82304

In the concluding section of IEC 82304, there are requirements specifically addressing the instructions for use of health (stand-alone) software. While we won’t delve into the intricacies of each requirement, we will provide a brief overview of the most significant ones.

Firstly, there is a dedicated section that pertains to the description of the health software. This description should encompass the following elements:

• The intended use of the Health Software Product.
• A concise overview of the Health Software Product, highlighting its essential functions.
• Any operational security options associated with the utilization of the Health Software.
• Any known technical issues, limitations, disclaimers, or contraindications.

These requirements bear resemblance to the requirements specified in Annex II of the EU MDR and IVDR, which are relevant to the preparation of technical documentation.

Another noteworthy section pertains to the requirements to be included in the instructions for use (IFU) concerning the software installation. In this context, the following elements should be taken into consideration:

• A statement indicating whether the installation can be performed by the user or necessitates the involvement of the manufacturer or assistance.
• The system requirements for both the software and hardware platforms required to execute the Health Software.
• Operational security options that need to be configured during the installation of the Health Software.
• Any critical dependencies on other applications that need to be considered.
• The configuration requirements for optimal functioning.
• The system interface requirements to ensure seamless integration.
• Detailed information regarding the supported software platforms.
• Clear installation instructions or a reference to the location of the installation instructions.

By adhering to these requirements, manufacturers can provide comprehensive and user-friendly instructions for the installation and utilization of the health software. This aids in promoting proper and efficient usage while ensuring the safety, reliability, and compatibility of the software with the intended hardware platforms.

Subscribe to 4EasyReg Newsletter

4EasyReg is an online platform dedicated to Quality & Regulatory matters within the medical device industry. Have a look to all the services that we provide: we are very transparent in the pricing associated to these consulting services.

Within our WebShop, a wide range of procedures, templates, checklists are available, all of them focused on regulatory topics for medical device compliance to applicable regulations. Within the webshop, a dedicated section related to cybersecurity and compliance to ISO 27001 for medical device organizations is also present.

As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.

Do not hesitate to subscribe to our Newsletter!