The software development life cycle is one of the key methodology used to manage software. 

In recent years, there has been a huge increase of software applications and, specifically, in the applications of software products to the medical field. This new trend substantially change the regulatory environment for SW applications where the regulations have to be properly adapted to this type of SW products. 

We have already been talking specifically about the regulations and the approaches for SW medical devices, such as for example the IEC 62304, the concept of Software As Medical Devices and cybersecurity requirements for medical devices containing software. 

In this article, we will go through the concepts of Software Development Life Cycle (SDLC), we will explain what actually is a SDLC and the main steps defining a specific cycle. 

Introduction to Software Development Life Cycle (SDLC)

A Software Development Life Cycle is a model that defines the methodology that can be used to manage a software product during all the stages, from its inception to retirement. 

In other words, a software development lifecycle can be considered a project management tool, used to define all the different steps needed to bring a project from its initial concept until deployment and maintenance. 

The purpose of the SDLC (Software DevelopmentLife Cycle) is always to ensure quality, safety and efficacy of the devices on the market, of course in this case with a particular focus on SW products. 

The SDLC methodologies include different steps that we are now going to discuss in detail.

Software Development Life Cycle: The Different Steps

1° STEP :  Requirements Analysis

The requirements analysis includes the definition and identification of all the inputs needed to properly define the software application. Once the inputs have been properly identified, the subsequent phase is the planning phase. This includes the planning of the main milestones to be reached in order to properly develop the product and the identification of all the possible risks associated to the project.

2° STEP: Definition of the Requirements

This is the step where the requirements associated to the product are defined and documented. Specifically, this would mean the identification and the documentation of the so-called Software Requirement Specification (SRS), as defined as well in the IEC 62304

In fact the section 5.5.2 of the IEC 62304 the standard defines the type of software requirement specification that is necessary to define. Specifically, the standard requires to have requirements on the following aspects: 

  • functional and capability requirements
  • inputs and outputs from the software application
  • interfaces between the software and other systems, it is deemed applicable
  • software-driven alarms, warnings, and operator messages
  • security requirements, such as end to end encryption or other type of measures
  • usability engineering requirements that are sensitive to human errors and training, considering as well the requirements of IEC 62366 
  • data definition and database requirements
  • installation and acceptance requirements in case the products needs to be installed before use at the specific site. 
  • requirements related to methods of operation and maintenance
  • user documentation to be developed, such as user manual or other type of user-related guideline
  • user maintenance requirements
  • regulatory requirements

3° STEP: Design Phase

This is the phase where the design and development and the related documentation are prepared. Usually there are different levels of requirements and related documentation needed. 

In fact we may have: 

  1. High Level Description, that may include the modules of the software application, the functionalities associated to each module, the database tables with their key elements and an overall description of the architecture system of the SW application. 
  2. Low Level Description, that refers to a detailed description of the sw application. For medical device software, the necessity to document a detailed description of the SW will basically depend from the risks associated to the software in terms of potential effect on patient, user or any other person involved. 

The low level description includes, for example, the functional logic of the modules, the details of the interfaces and listing all the error messages associated to the software product. 

4° STEP : Software Development 

In this phase, based on the software requirements defined in the previous phase, the actual product is going to be developed. In other words, this is the actual writing of the code of the specific software product. 

Nowadays, particular attention shall be given, during development, to the implementation of security requirements, since cybersecurity nowadays plays a foundational role. 

5° STEP : Testing Phase

The testing phase is definitely critical for the Software Development Life Cycle. Sometimes the tests can be performed in an automated way whereas other testing can only be performed in a specific environment. Testing should ensure that each function works correctly.

6° STEP : Deployment Phase

This is the phase when the final version of the software product is released to the market. Maintenance is performed over time to change the system architecture according to future needs. 

For SW used for medical devices, changes of SW have a direct impact on the testing phase and deployment. When a SW is already deployed, any subsequent changes shall be properly tested before to make it available to users. Changes to existing software applications shall be managed through a change control process, where the impact of the changes are going to be properly evaluated. 

SDLC Models

There are different model that could be used as Software Development Life Cycle. The classic one it is called WaterFall model. It is basically based on the follow of the subsequent activities of the SDLC that we have been describing in the previous section. It means that requirements are identified, analyzed, tested and deployed and all these activities are performed in a sequential manner. 

The main drawback of the system is the difficulties in identifying errors or bugs at the early stage of the process, and this can have a direct impact on the costs associated to the project. 

ANother possibility it is to used the so-called agile model. It is a method with a high focus on user experience and usability. The goal is to release small modifications software cycles quickly, using a periodic frequency of release than vary from organization to organization. 

For medical devices development, the IEC 62304 applies independently from the methodology used for software development. Even if the application of the IEC 62304 is somehow straightforward when using the waterfall model, it can easily be applied to the agile development system. 

Software Development and Validation Toolkit

The Software Development and Validation Toolkit can be used to support the preparation of documentation related to software development and validation according to IEC 62304.

The toolkit contains the following templates, very useful to prepare documentation on medical device software development and validation:

  • Software Development Plan Template
  • Software Architecture Template
  • Requirements Traceability Matrix Template
  • Software Release Records Template
  • Software Verification Protocol Template
  • Software Verification Report Template

Subscribe to 4EasyReg Newsletter

4EasyReg is an online platform dedicated to Regulatory matters within the medical device, information security and AI-Based business.

We offer a wide range of documentation kits to support your compliance efforts towards a wide range of standards and regulations, such as ISO 13485, EU MDR, ISO 27001, ISO 42001 and much more. . Specifically, in our webshop you will find:

Within our sister platform QualityMedDev Academy, a wide range of online & self-paced training courses is available, such as for example:

As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.

Do not hesitate to subscribe to our Newsletter!

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

4EasyReg will use the information you provide on this form to be in touch with you and to provide updates and marketing.