ISO 14971: 2012 and IEC 62304: 2006 mitigate risks in medical device software

ISO 14971:2012 and IEC 62304:2006 are related but different global standards for risk management pertaining to software used in medical devices. Judicious application of these two standards is the way to go for medical device companies.

ISO 14971 and IEC 62304:2006 are global standards that govern risk management and lay out regulations and guidelines for software used in medical devices. The need for regulation of software in medical devices arises from the fact that software is the heart of a medical device. It is the medical device’s software that ensures that the device performs its intended purposes. Hence regulation is of utmost importance to enable medical device and software organizations facilitate this in their products.

The ISO 14971: 2012 -a brief understanding

  • The primary aim of ISO 14971, the global regulatory compliance standard is to ensure that a medical device carries medical safety into it
  • This standard requires medical device manufacturers to undertake steps and measures by which they can foresee and eliminate risks in a medical device in the optimal manner
  • Taking off from the above point, ISO 14971 requires medical devices to take steps to at least mitigate risks to the best extent. The ISO 14971standard prescribes the processes necessary for enabling this.

The ISO 14971’s update in 2012

In 2012, the ISO carried out an update to the application of this standard within the European regulatory framework. This amendment to ISO 14971: 2012 is at the periphery and not at the core. Annex ZA is the main area in which this standard has been updated:

The use of the “As Low as Reasonably Practicable” (ALARP) approach is from now excluded in the risk acceptance process. This standard proscribes labelling as a risk control measure that can play a role in decreasing risk occurrence.

The IEC 62304:2006

The requirements for medical device software’s life cycle are stated in IEC 62304:2006. This standard’s group of activities, processes and tasks creates a common basis for the software life cycle processes in a medical device.

When it comes to the risk management aspect, IEC 62304:2006 supplements and strengthens ISO 14971. If ISO 14971 is the global standard for the development of medical software; IEC 62304:2006 standard is concerned with medical device software and their software lifecycle processes.

The following tripod of software-related issues forms the IEC 62304:2006’s foundation:

These three attributes form the backbone of the test of a medical device company’s successful compliance with the regulatory requirements. For a medical device company to be successful in applying ISO 14971:2012 and IEC 62304:2006; it has to implement a cross-standard and resourceful way of integrating activities covering these requirements documents.

Read More

Risk Management in IEC 60601-1 Third Edition

Risk Management in IEC 60601-1 Third Edition

Risk Management is a critical factor in IEC 60601-1 Third Edition. This is one of the important additions that have been made to this edition from the previous one. The new legislation requires that Risk Management be implemented in the product lifecycle throughout the standard.

Risk Management at the core of the standard

ISO 14971, which deals with application of Risk Management to medical devices, is deeply embedded into IEC 60601-1 Third Edition. Full application of ISO 14971 is mandated for all medical equipment complying with IEC 60601-1. Also, as many as 85 additional references are made to Risk Management throughout this document. These are a culmination of discussions the IEC’s Subcommittee initiated as far back as 1996.  The scope of this committee was to revise the IEC 60601-1 Standard’s general requirements for safety.

Safety as an “Essential Performance”

The outstanding feature of this standard is that it takes a new look at safety. It makes safety an “Essential Performance”, a change from its predecessor’s scope that required only “Basic Safety”. By “Essential Performance” is meant that aspect of the electromedical device’s performance that can affect safety directly, and requires this aspect to be evaluated according to ISO 14971.

Risk Management at all stages

Risk Management requirements ofIEC 60601-1 Third Edition fall under these four categories:

–        Apart from general requirements set out in 14971; Risk Management must be used to determine whether additional hazards beyond those addressed in IEC 60601-1 Third Edition exist

–        Risk Management is used to determine equivalent safety for alternative compliance

–        Risk Management is used to determine compliance criteria

–        Risk Management is also used to determine or refine test methods.

Thus, Risk Management is incorporated into this standard, while it was vague and subjective in the 2nd edition of this standard.


Contact Detail

Phone: 800-447-9407
Fax: 302-288-6884

1000 N West Street | Suite 1200 | Wilmington | DE | USA | 19801