IEC 62304 outlines the guiding principles for the development of medical software. It is the gold standards for medical device companies, but its importance goes beyond legal manufacturers and established medical software suppliers.
In the vast majority of cases, software embedded in a device (or a device itself) use abundant OTS (Off The Shelf) code, not to mention drivers, libraries or other content available for free on the web. All of these fall under the category of SOUP – Software Of Unknown Provenance (or Pedigree). Although the use of SOUP helps significantly the job of developers, it has the opposite effect on the risk management process. A comprehensive risk analysis has to be carried out for each SOUP item, ensuring its behavior poses no threat to the device; furthermore, published bug lists may not be available at all. A big headache.
If you develop software, standalone or embedded, that is used in Medical Devices but is not a device itself, you can decide to apply IEC 62304 on your process.
Yes, it will increase the overhead, the paperwork and possibly somehow slow down the development, but IEC 62304 compliance will give you a significant competitive advantage over other developers.
Although the definition of SOUP is relatively high level, most corporations consider SOUP anything that is not developed per 62304. Finding a certified product may be the make-or-break in the selection of a supplier.
To continue reading about how to become a trusted software supplier to large medtechs, please read on from our most recent blog post.