ISO 14971:2012 and IEC 62304:2006 are related but different global standards for risk management pertaining to software used in medical devices. Judicious application of these two standards is the way to go for medical device companies.
ISO 14971 and IEC 62304:2006 are global standards that govern risk management and lay out regulations and guidelines for software used in medical devices. The need for regulation of software in medical devices arises from the fact that software is the heart of a medical device. It is the medical device’s software that ensures that the device performs its intended purposes. Hence regulation is of utmost importance to enable medical device and software organizations facilitate this in their products.
The ISO 14971: 2012 -a brief understanding
- The primary aim of ISO 14971, the global regulatory compliance standard is to ensure that a medical device carries medical safety into it
- This standard requires medical device manufacturers to undertake steps and measures by which they can foresee and eliminate risks in a medical device in the optimal manner
- Taking off from the above point, ISO 14971 requires medical devices to take steps to at least mitigate risks to the best extent. The ISO 14971standard prescribes the processes necessary for enabling this.
The ISO 14971’s update in 2012
In 2012, the ISO carried out an update to the application of this standard within the European regulatory framework. This amendment to ISO 14971: 2012 is at the periphery and not at the core. Annex ZA is the main area in which this standard has been updated:
The use of the “As Low as Reasonably Practicable” (ALARP) approach is from now excluded in the risk acceptance process. This standard proscribes labelling as a risk control measure that can play a role in decreasing risk occurrence.
The IEC 62304:2006
The requirements for medical device software’s life cycle are stated in IEC 62304:2006. This standard’s group of activities, processes and tasks creates a common basis for the software life cycle processes in a medical device.
When it comes to the risk management aspect, IEC 62304:2006 supplements and strengthens ISO 14971. If ISO 14971 is the global standard for the development of medical software; IEC 62304:2006 standard is concerned with medical device software and their software lifecycle processes.
The following tripod of software-related issues forms the IEC 62304:2006’s foundation:
These three attributes form the backbone of the test of a medical device company’s successful compliance with the regulatory requirements. For a medical device company to be successful in applying ISO 14971:2012 and IEC 62304:2006; it has to implement a cross-standard and resourceful way of integrating activities covering these requirements documents.