Establishing the safety and security of medical device software is critical to protect patients. The IEC 62304 standard provides a framework for establishing the safety of medical devices, including software. One of the most important aspects of creating safe software is to define a high-quality development process. A high-quality developmental process takes on three basic tenets: say what you do, do what you say, and be able to show a third party that you did the first two tenets. Following these tenets will help ensure that medical device software is safe and secure for patients.
Software is an essential component of medical device technology, and establishing its functional safety is critical to ensure proper operation and protect patients. The IEC 62304 standard provides a framework for establishing the safety of medical devices, including software. Additionally, it is crucial to establish that a device is secure, and the procedures to make a medical device secure should be considered in the same lifecycle as safety.
The safety development process for software has common themes across industries, and a high-quality software development process is a prerequisite for a safety development process. The IEC 62304 standard does not specify the software development process but defers to other standards like IEC 61508-3, as well as quality process standards such as ISO 9001 which pertains to software development for industrial devices.
The standard requires the specification of software safety requirements to a level of specificity and completeness so that they can be unambiguously implemented. Verification planning should ensure the verification of these safety requirements without regard to how they are implemented. There needs to be a complete documentation of the design that describes the data flow, timing, exception handling, etc., in a clear, unambiguous way. The software should be implemented based on the requirements, architecture, and design, and the code should be reviewed by manual and/or automated means. The software units should be unit tested, and once the modules are integrated, they should be tested together.
A high-quality developmental process takes on three basic tenets.
- First, the developmental process must state how and when each activity will be performed, what tools will be used, what the expected outcomes are, etc.
- Second, the development, verification, quality, and testing teams should follow those processes.
- Third, to be able to show that the development was done in accordance with these processes.
The results of each step of the process should naturally leave some collection of artifacts that shows that you did what you said you’d do; the point is not to create unnecessary paperwork, but to maintain information that can be later used to prove that you did what you said you did.