标准简介
IEC 62304:2006+A1:2015 是医疗器械软件生命周期过程的国际标准,定义了医疗设备软件开发和维护的生命周期要求。该标准由国际电工委员会(IEC)发布,是医疗器械软件监管合规的基础标准,被美国 FDA、欧盟 MDR、日本 PMDA 等全球主要监管机构认可和引用。IEC 62304 根据软件对患者安全的潜在影响将软件分为三个安全等级:A 级(无伤害或轻微伤害)、B 级(非严重伤害)和 C 级(死亡或严重伤害),不同等级有不同的文档和过程要求。
IEC 62304 规定了软件开发生命周期的关键过程,包括软件开发规划、软件需求分析、软件架构设计、软件详细设计、软件单元实施和验证、软件集成和集成测试、软件系统测试、软件发布以及软件维护。2015 年修订(Amendment 1)的重大变化是引入了「遗留软件」的处理路径,允许对已部署的软件通过风险分析确定安全等级,而无需追溯完整的开发文档。该标准与 ISO 14971(风险管理)和 IEC 62366(可用性工程)紧密关联,共同构成了医疗器械软件的完整监管框架。合规通常需要建立完整的软件质量管理体系,包括配置管理、问题解决和变更控制过程。
Software Safety Classification
Classifies medical device software into three safety classes (A, B, C) based on potential harm, with increasingly rigorous requirements for higher-risk software.
Lifecycle Process Framework
Defines structured processes for planning, requirements analysis, design, implementation, verification, validation, release, and maintenance of medical device software.
Risk-Integrated Development
Integrates with ISO 14971 risk management, requiring systematic identification and mitigation of software-related hazards throughout the entire development lifecycle.
list_alt Software Lifecycle Processes
- Software development planning
- Software requirements analysis
- Software architectural and detailed design
- Software unit implementation and verification
- Software integration and integration testing
- Software system testing and release
- Software maintenance process
- Software risk management (integrated with ISO 14971)
Who Needs to Comply?
Manufacturers of medical devices that include software, software that is itself a medical device (SaMD), and software used in the production or maintenance of medical devices. Required for regulatory submissions to FDA, EU MDR, and most global medical device regulators.
Key Requirements
Software Safety Classification
Classify software systems and items into safety classes A (no injury possible), B (non-serious injury possible), or C (death or serious injury possible). Apply class-appropriate rigor throughout development.
Software Development Plan
Create a comprehensive software development plan covering lifecycle model, deliverables, traceability, configuration management, and verification/validation strategies before development begins.
Requirements & Traceability
Define complete software requirements including functional, performance, interface, and safety requirements. Maintain bidirectional traceability from requirements through design, implementation, and testing.
Verification & Validation
Perform unit testing, integration testing, and system testing appropriate to the software safety class. Validate that the software meets user needs and intended uses in the target environment.
Software Maintenance
Establish a maintenance process to track and evaluate feedback, implement modifications (corrections, enhancements, adaptations), and manage the impact of changes on safety and performance.
Penalties & Enforcement
No direct penalties for non-compliance with IEC 62304 itself. However, regulatory authorities (FDA, EU Notified Bodies) require conformity to IEC 62304 for medical device market access. Non-compliance can result in rejection of regulatory submissions, product recalls, and market withdrawal.