標準簡介
IEC 62304:2006+A1:2015 是定義醫療器材軟體生命週期要求的國際標準。該標準最初於 2006 年發布,2015 年新增修正案 1,為獨立軟體醫療器材(SaMD)、醫療器材的軟體元件以及用於器材生產的軟體建立了統一的軟體開發、維護和風險管理框架。
此標準引入了基於軟體故障潛在危害的三級安全分類系統(A、B、C 類),對較高風險等級的軟體提出更嚴格的開發要求。它定義了涵蓋規劃、需求、設計、實施、驗證、確認、發布和維護的結構化流程。IEC 62304 與 ISO 14971 風險管理緊密整合,獲 FDA 認可,並作為歐盟醫療器材法規(MDR 2017/745)下的協調標準引用。
Software Safety Classification
Classifies medical device software into three safety classes (A, B, C) based on potential harm, with increasingly rigorous requirements for higher-risk software.
Lifecycle Process Framework
Defines structured processes for planning, requirements analysis, design, implementation, verification, validation, release, and maintenance of medical device software.
Risk-Integrated Development
Integrates with ISO 14971 risk management, requiring systematic identification and mitigation of software-related hazards throughout the entire development lifecycle.
list_alt Software Lifecycle Processes
- Software development planning
- Software requirements analysis
- Software architectural and detailed design
- Software unit implementation and verification
- Software integration and integration testing
- Software system testing and release
- Software maintenance process
- Software risk management (integrated with ISO 14971)
Who Needs to Comply?
Manufacturers of medical devices that include software, software that is itself a medical device (SaMD), and software used in the production or maintenance of medical devices. Required for regulatory submissions to FDA, EU MDR, and most global medical device regulators.
Key Requirements
Software Safety Classification
Classify software systems and items into safety classes A (no injury possible), B (non-serious injury possible), or C (death or serious injury possible). Apply class-appropriate rigor throughout development.
Software Development Plan
Create a comprehensive software development plan covering lifecycle model, deliverables, traceability, configuration management, and verification/validation strategies before development begins.
Requirements & Traceability
Define complete software requirements including functional, performance, interface, and safety requirements. Maintain bidirectional traceability from requirements through design, implementation, and testing.
Verification & Validation
Perform unit testing, integration testing, and system testing appropriate to the software safety class. Validate that the software meets user needs and intended uses in the target environment.
Software Maintenance
Establish a maintenance process to track and evaluate feedback, implement modifications (corrections, enhancements, adaptations), and manage the impact of changes on safety and performance.
Penalties & Enforcement
No direct penalties for non-compliance with IEC 62304 itself. However, regulatory authorities (FDA, EU Notified Bodies) require conformity to IEC 62304 for medical device market access. Non-compliance can result in rejection of regulatory submissions, product recalls, and market withdrawal.