Table of Compliance
IEC 62304:2006 Reference Table
| Classes | IEC 62304:2006 Section | Document Section |
|---|---|---|
| A, B, C | 5.1.2 | 4 |
| A, B, C | 5.2.1 | 4 |
| A, B, C | 5.2.4 | 3, 7, 10 |
| A, B, C | 5.2.5 | 4 |
| A, B, C | 5.2.6 | 5 |
| B, C | 5.3.1 | 6 |
| B, C | 5.3.2 | 6 |
| C | 5.3.5 | |
| B, C | 5.3.6 | 6 |
| B, C | 5.4.1 | 6 |
| C | 5.4.2 | |
| C | 5.4.3 | |
| C | 5.4.4 | |
| A, B, C | 5.5.1 | 6 |
| B, C | 5.5.2 | 7 |
| B, C | 5.5.3 | 7 |
| C | 5.5.4 | |
| B, C | 5.5.5 | 7 |
| B, C | 5.6.1 | 7 |
| B, C | 5.6.2 | 7 |
| B, C | 5.6.3 | 8 |
| B, C | 5.6.4 | 8 |
| B, C | 5.6.5 | 8 |
| B, C | 5.6.6 | 8 |
| B, C | 5.6.7 | 8 |
| A, B, C | 5.7.3 | 8 |
| A, B, C | 5.7.4 | 8 |
| A, B, C | 5.7.5 | 8 |
| A, B, C | 5.8.1 | 7 |
| A, B, C | 5.8.2 | 11 |
| A, B, C | 5.8.4 | 11 |
| B, C | 5.8.5 | 11 |
| B, C | 5.8.6 | 11 |
| A, B, C | 5.8.7 | 11 |
| A, B, C | 5.8.8 | 11 |
| A, B, C | 6.1 | 4 |
| B, C | 7.1.1 | 2, 3, 6, 8, 10 |
| B, C | 7.1.2 | 2, 3, 6, 8, 10 |
| B, C | 7.1.3 | 6, 12 |
| B, C | 7.1.4 | 2, 3, 6, 8, 10 |
| B, C | 7.2.1 | 2, 3, 6, 8, 10 |
| B, C | 7.2.2 | 2, 3, 6, 8, 10 |
| B, C | 7.3.1 | 7 |
| B, C | 7.3.3 | 9 |
| A, B, C | 8.1.2 | 4, 6, 8 |
| A, B, C | 8.1.3 | 11 |
| A, B, C | 9.8 | 8 |
ISO 14971:2019 Reference Table
| ISO 14971:2019 Section | Document Section |
|---|---|
| 4.1 | 3, 4, 5, 6, 8, 9, 10, 11 |
| 5.1 | 3, 4, 5, 6, 8, 9, 10, 11 |
| 5.3 | 3, 4 |
| 5.4 | 3, 4 |
| 5.5 | 3, 4 |
| 6 | 3, 4 |
| 7.1 | 3, 4, 5 |
| 7.2 | 6 |
| 7.3 | 6, 10 |
| 7.4 | 10 |
| 7.5 | 6 |
| 7.6 | 10 |
| 8 | 10 |
| 9 | 10 |
IEC 62366-1:2015 Reference Table
| IEC 62366-1:2015 Section | Title | Document Section |
|---|---|---|
| 4.1.1 | Usability Engineering Process | (All) |
| 5.1 | Prepare Use Specification | 4 |
| 5.8 | Conduct User Interface design, implementation, and Formative Evaluation | 4, 5, 6, 7 |
Summary
This SOP outlines the process for developing software as a medical device, integrating risk management and usability engineering practices.
Key Information
| Process Owner | \<enter process owner’s role> |
| Key Performance Indicators | \ |
General Notes
Integrated and Evolutionary Process Strategy
The process merges risk management and usability activities within software development, aligning with IEC 62304, ISO 14971, and IEC 62366 standards. There are no separate risk management or usability processes.
This SOP follows an “evolutionary” strategy (IEC 62304:2006, Annex B), recognizing the evolving nature of user needs and requirements. Adjustments to earlier steps and outputs are made when requirements change to maintain thorough documentation.
Process Steps
1. Design Input
Initial product concept discussions and market research initiate the process, leading to a preliminary device description, including medical and software safety classifications. Technical feasibility assessments are also conducted.
Business input examples:
- Customer feedback
- Market analysis
- Internal concepts
Product changes are processed as change requests in alignment with the SOP for Change Management.
| Participants | Management (CEO, CTO, CPO) |
|---|---|
| Input | Business and technical input, product concepts, change requests |
| Output | Intended use, preliminary device classification, software safety classification |
2. Risk Management Planning
The risk management plan is established, setting criteria for risk acceptability and defining a risk acceptance matrix. This matrix incorporates:
- Product use estimation
- Harm severity categorization
- Probability classification
- Matrix creation with color-coded risk levels (red for unacceptable risks, yellow for acceptable)
No fields are marked green as all risks must be mitigated to the greatest extent possible.
| Participants | CPO, subject matter experts (e.g., physicians) |
|---|---|
| Input | Device description |
| Output | Risk Management Plan, Usability Evaluation Plan |
3. Initial Risk Assessment and Usability Evaluation Planning
A preliminary hazard analysis and initial risk table are drafted using Failure Mode and Effects Analysis (FMEA), identifying potential failure modes, hazards, and harms.
If risks are deemed unacceptable, mitigation follows these steps:
- Inherently safe design
- Protective measures
- Safety information/training
A usability evaluation plan is created, detailing formative and summative evaluation activities.
| Participants | CPO, subject matter experts (e.g., physicians) |
|---|---|
| Input | Device description, risk management plan |
| Output | Preliminary hazard analysis, risk table draft, usability plan |
4. Software Planning
The software requirements are defined based on the device description, user needs, and preliminary risk analysis, including user interface specifications. The development plan follows our template, using semantic versioning.
The software system test plan is prepared and updated as needed.
| Participants | CTO, Software Engineer, Risk Manager, Usability Engineer |
|---|---|
| Input | Device description, vision document, change request, risk table draft |
| Output | Development and maintenance plan, requirements, test plan |
5. Software Planning Review
Software requirements undergo review using the checklist for Software Requirements Review. If successful, the process proceeds; otherwise, revisions are made.
| Participants | CTO, CPO, Risk Manager, Usability Engineer, subject experts |
|---|---|