BRITISH STANDARD BS EENN
6230044::22000066
Medical device +InAco1rp:o2r0at1in5g
software — Software
life-cycle processes Icnocrorrigpeonradtuinmg
cNororviegmenbdeur m2008
November 2008

ICS 11.040.01; 35.080; 35.240.80
12 &23<,1* :,7+287 %6, 3(50,66,21 (;&(37 $6 3(50,77(' %< &23<5,*+7 /$:

BS EN 62304:2006+A1:2015

National foreword

This British Standard is the UK implementation of EN 62304:2006+A1:2015,
incorporating corrigendum November 2008. It is identical to IEC 62304:2006,
incorporating amendment 1:2015. It supersedes BS EN 62304:2006, which will
be withdrawn on 31 July 2018.
The start and finish of text introduced or altered by amendment is indicated
in the text by tags. Tags indicating changes to IEC text carry the number
of the IEC amendment. For example, text altered by IEC amendment 1 is
indicated by .
The UK participation in its preparation was entrusted by Technical Committee
CH/62, Electrical Equipment in Medical Practice, to Subcommittee CH/62/1,
Common aspects of Electrical Equipment used in Medical Practice.
A list of organizations represented on this subcommittee can be obtained on
request to its secretary.
This publication does not purport to include all the necessary provisions of a
contract. Users are responsible for its correct application.
Compliance with a British Standard cannot confer immunity from

legal obligations.

This British Standard was Amendments/corrigenda issued since publication
published under the authority
of the Standards Policy and Date Comments
Strategy Committee 31 May 2011
on 30 November 2006 Implementation of CENELEC corrigendum
30 November 2015 November 2008; modification of CENELEC Foreword
© The British Standards and addition of Annex ZZ
Institution 2015.
Published by BSI Standards Implementation of IEC amendment 1:2015 with
Limited 2015 CENELEC endorsement A1:2015.

ISBN 978 0 580 83868 2

EUROPEAN STANDARD EN 622330044:2006+A1
NORME EUROPÉENNE
EUROPÄISCHE NORM OJuclyto2b0e0r62015

ICS 11.040 Incorporating corrigendum November 2008

English version

Medical device software -
Software life-cycle processes

(IEC 62304:2006)

Logiciels de dispositifs médicaux - Medizingeräte-Software -
Processus du cycle de vie du logiciel Software-Lebenszyklus-Prozesse

(CEI 62304:2006) (IEC 62304:2006)

This European Standard was approved by CENELEC on 2006-06-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, the Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: Avenue Marnix 17, B - 1000 Brussels

© 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62304:2006 E

BS EN 62304:2006+A1:2015 - 2 -

EBNS6E2N3046:22300046+:2A010:26015 (E) – 2 –
EN 62304:2006 (E)
Foreword

The text of document 62A/523/FDIS, future edition 1 of IEC 62304, prepared by a joint working group of
SC 62A, Common aspects of electrical equipment used in medical practice, of IEC technical committee 62,
Electrical equipment in medical practice, and ISO Technical Committee 210, Quality management and
corresponding general aspects for medical devices, was submitted to the IEC-CENELEC parallel vote and was
approved by CENELEC as EN 62304 on 2006-06-01.

The following dates were fixed: (dop) 2007-03-01
(dow) 2009-06-01
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement

– latest date by which the national standards conflicting
with the EN have to be withdrawn

In this standard the following print types are used:

– requirements and definitions: in roman type;

– informative material appearing outside of tables, such as notes, examples and references: in smaller type.
Normative text of tables is also in a smaller type;

– terms used throughout this standard that have been defined in Clause 3 and also given in the index: IN SMALL
CAPITALS.

An asterisk (*) as the first character of a title or at the beginning of a paragraph indicates that there is guidance

related to that item in Annex B.

Table C.5 was prepared by ISO/IEC JTC 1/SC 7, Software and system engineering.

This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and covers essential requirements of EC
Directives 93/42/EEC, 90/385/EC and 98/79/EC. See Annex ZZ.

Annexes ZA and ZZ have been added by CENELEC.

The contents of the corrigendum of November 2008 have been included in this copy.

__________

Endorsement notice

The text of the International Standard IEC 62304:2006 was approved by CENELEC as a European Standard
without any modification.

EN 62304:2006/A1:2015 BS EN 62304:2006+A1:2015
EN 62304:2006/A1:2015 EN 62304:2006+A1:2015 (E)
EN 62304:2006/A1:2015 - 3 -

European Foreword

European Foreword EN 62304:2006/A1:2015
The text of document 62A/100F7/oFrDeISwE,uofrurotdupreteoaIEnaCmF6o2er3ne0dw4:m2o0re0dn6/tA1A, 1prepared by SC 62A "Common

aTshpeectetsxt ooff edleoccturimcaelnteq6u2iApm/1e0n0t7/uFsDeIdS,infutmureedicIEaCl p6r2a3c0ti4ce:2"00o6f /AIE1C, /TprCep6a2red"EbleyctSricCal62eAqu"ipCmomenmt oinn
mTashepedeicctetasxlItEpoCorfaf6ce2dt3lieoc6c6ec-tu"1ri:mcw2a0ea1lns5tesq6uu2biApmm/1itet0en0dt7/tuFosDetNIhdSOe,TinIEfEuCtmu-reCHedaEricmINEaoEClnLizp6Eer2daC3ca0stpi4cEae:Nr2a"06ll20oe36fl6/6vAIE-o11tC:,e2/0Tp1arC5ne.dp6aa2rpepd"EroblevycetdSricCbayl6C2eAEquN"ipECmLoEmeCnmt oainns

EamsNepde6icc2ta3sl0p4or:f2ac0et0liec6ce/tA"ri1cw:a2al0s1es5qu.ubipmmitetendt used in medical practice" of IEC/TC 62 "Electrical equipment in
to the IEC-CENELEC parallel vote and approved by CENELEC as
medical practice" was submitted to the IEC-CENELEC parallel vote1) and approved by CENELEC as
EN 6230IE4C:280203064/-A11:2015. NOTE Harmonized as EN 82304-1
TEhNe6f2o3llo0w4:i2n0g0d6a/Ate1s:2a0re15fi.xed:

The following dates are fixed: (dop) 2016-05-01
•Thelfaotleloswt dinagtedbaytews haircehftixheedd:ocument has to be

• ilmatepsletmdaetnetebdyawt hniacthiotnhael dleovceulmbeynt has to be (dop) 2016-05-01
• pliamutepbslleictmadtaeiotnentebodyf aawtnhniacdtheiontnhtiaecladlleonvcaeutlimobneyanlt has to be (dop) 2016-05-01

sipmtuapbnlleidcmaartediononterodbfyaatennniaddteoiornsntieacmlallenvnaet tliobnyal
publication of an identical national
• lssatttaaennsddtaadrraddteoorrbbbyyyweehnnicddhoorrtssheeemmneeanntittonal (dow) 2018-07-31

• slattaensdtadradtsecboynwflihcticinhgthweithnathtieonal (dow) 2018-07-31
• dlsatotaecnsudtmadreadntset chboaynvweflihctoticinbhgethwweitithnhadthtrieaownanl (dow) 2018-07-31

standards conflicting with the
document have to be withdrawn
Attendtoiocnumisednrtahwanvetotothbee pwoisthsdibrailiwtynthat some of the elements of this document may be the subject of

pAattteennttiornigihstsd.raCwEnNtEoLtEheC p[oasnsdi/boilrityCEthNa]t ssohmalel noof tthbeeehleemldernetsspoofntshiibsledofcour mideennttimfyainygbaentyheorsuablljescut cohf
pApaatttteeennntttiorrinigghihsttssd..raCwEnNtEoLtEheC p[oasnsdi/boilrityCEthNa]t some of the elements of this document may be the subject of
shall not be held responsible for identifying any or all such
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Tpahtiesndtorciguhmtse.nt has been prepared under a mandate given to CENELEC by the European Commission


aTnhdistdhoecEuumroepnet ahnasFbreeeenTrpardeepaArsesdoucniadteiorna, amnadnsduaptepogritvseenstsoeCntEiaNl EreLqEuCirebmyethnetsEouf rEoUpeDanireCcotimvem. ission
This document has been prepared under a mandate given to CENELEC by the European Commission
and the European Free Trade Association, and supports essential requirements of EU Directive.
Fanodr the EreularotipoenasnhipFrweeithTrEaUdeDAirsescotciviaeti9o3n/,4a2n/EdEsCup, p9o8r/t7s9e/EssCe,n9ti0a/l3r8e5q/uEirEeCmesnetes ionffoErUmaDtirveectAivnen.ex ZZ,

FinocrlutdheedreinlaEtiNon6s2h3ip04w:2it0h0E6U/coDrriirgeecntidveum93N/4o2v/.E2E0C08, .98/79/EC, 90/385/EEC see informative Annex ZZ,
For the relationship with EU Directive 93/42/EEC, 98/79/EC, 90/385/EEC see informative Annex ZZ,
included in EN 62304:2006/corrigendum Nov. 2008.

included in EN 62304:2006/corrigenduEmnNdoovr.s2e00m8.ent notice

Endorsement notice
The text of the International StandaErdnIdECor6s2e30m4:e2n00t6n/Ao1t:2ic01e5 was approved by CENELEC as a

EThueropteexatnoSf tathnedaInrdtewrnitahtoiountaalnSytmanoddaifridcaItEioCn.62304:2006/A1:2015 was approved by CENELEC as a
The text of the International Standard IEC 62304:2006/A1:2015 was approved by CENELEC as a
European Standard without any modification.
IEnurtohpeeaonffiScitaalndvearrsdiownit,hofourt aBnibylimogordaipfihcay,tiotnh.e following notes have to be added for the standards

iInnditchaeteodf:ficial version, for Bibliography, the following notes have to be added for the standards
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
Rinedpiclaatceedt:he existing references with the following:

Replace the existing references with the following:
Replace the existing references with the following:

IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006.

IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006.

IIEECC 6600660011--11::22000055/AMD1:2012 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6600660011--11::22000066/.A1:2013.

IEC 60601-1:2005/AMD1:2012 NOTE Harmonized as EN 60601-1:2006/A1:2013.
IIEECC 6600660011--11:-240:10959/A6MD1:2012 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6600660011--11-:240:10969/A6.1:2013.

IEC 60601-1-4:1996 NOTE Harmonized as EN 60601-1-4:1996.
IIEECC 6600660011--11--44::11999966/AMD1:1999 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6600660011--11--44::11999966/.A1:1999.

IEC 60601-1-4:1996/AMD1:1999 NOTE Harmonized as EN 60601-1-4:1996/A1:1999.
IIEECC 6600660011--11--64:1996/AMD1:1999 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6600660011--11--64.:1996/A1:1999.

IEC 60601-1-6 NOTE Harmonized as EN 60601-1-6.
IIEECC 6610560081--31-6 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6610560081--31.-6.

IEC 61508-3 NOTE Harmonized as EN 61508-3.
IIEECC 6611051008--13:2010 NNOOTTEE HHaarrmmoonniizzeedd aass EENN 6611051008--13:.2010.

IEC 61010-1:2010 NOTE Harmonized as EN 61010-1:2010.
IISEOC 691000100:2-010:25010 NNOOTTEE HHaarrmmoonniizzeedd aass EENN I6S1O01900-010:2:2001005. .

ISO 9000:2005 NOTE Harmonized as EN ISO 9000:2005. EN 62304:2006/A1:2015
IISSOO 99000010::22000085 NNOOTTEE HHaarrmmoonniizzeedd aass EENN IISSOO 99000010::22000085..
ISO 9001:2008 NOTE Harmonized as EN ISO 9001:2008.
IISSOO 193040815:2:0200803 NNOOTTEE HHaarrmmoonniizzeedd aass EENN IISSOO 193040815:2:2000083. .

ISO 13485:2003 NOTE Harmonized as EN ISO 13485:2003.
ISEOC 6123346865-:210:200315 NOTE Harmonized as EN I6S2O36163-418:250:21050. 3.

IEC 82304-1 NOTE Harmonized as EN 82304-1 1)


2

12 ) At draft stage.
2

BS EN 62304:2006+A1:2015 - 4 -
EBNS6E2N3046:22300046+:2A010:26015 (E) – 76 –
EN 62304:2006 (E)

Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For
dated references, only the edition cited applies. For undated references, the latest edition of the
referenced document (including any amendments) applies.

NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

ISO 14971 -�F1) Medical devices - Application of risk EN ISO 14971 2000�F2)

management to medical devices

___________


1) Undated reference.
2) Valid edition at date of issue.

- 5 - BS EN 62304:2006+A1:2015
– 77 – EN 6B2S30E4:N206026+3A041::22001056(E)

EN 62304:2006 (E)

Annex ZZ
(informative)

Coverage of Essential Requirements of EC Directives

This European Standard has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association and within its scope the standard covers all
relevant essential requirements as given in Annex I of the EC Directives 93/42/EEC, 90/385/EC and
98/79/EC.

Compliance with this standard provides one means of conformity with the specified essential requirements
of the Directives concerned.

WARNING: Other requirements and other EC Directives may be applicable to the products falling within
the scope of this standard.

___________

BS EN 62304:2006+A1:2015
IEC 62304:2006+A1:2015 (E)
- 6 -


CONTENTS

Foreword��������������������������������������������������������������������������������������������������������������������������������������������� 8
Introduction��������������������������������������������������������������������������������������������������������������������������������������� 10
1 Scope������������������������������������������������������������������������������������������������������������������������������������������ 13

1.1 * Purpose��������������������������������������������������������������������������������������������������������������������������� 13
1.2 * Field of application����������������������������������������������������������������������������������������������������������� 13
1.3 Relationship to other standards������������������������������������������������������������������������������������������ 13
1.4 Compliance������������������������������������������������������������������������������������������������������������������������ 13
2 * Normative references���������������������������������������������������������������������������������������������������������������� 14
3 * Terms and definitions���������������������������������������������������������������������������������������������������������������� 14
4 * General requirements���������������������������������������������������������������������������������������������������������������� 19
4.1 * Quality management system�������������������������������������������������������������������������������������������� 19
4.2 * Risk management������������������������������������������������������������������������������������������������������������ 19
4.3 * Software safety classification������������������������������������������������������������������������������������������� 20
4.4 * Legacy software������������������������������������������������������������������������������������������������������� 21
5 Software development process��������������������������������������������������������������������������������������������������� 22
5.1 * Software development planning���������������������������������������������������������������������������������������� 22
5.2 * Software requirements analysis���������������������������������������������������������������������������������������� 24
5.3 * Software architectural design��������������������������������������������������������������������������������������� 26
5.4 * Software detailed design�������������������������������������������������������������������������������������������������� 27
5.5 * Software unit implementation������������������������������������������������������������������������������ 27
5.6 * Software integration and integration testing���������������������������������������������������������������������� 28
5.7 * Software system testing������������������������������������������������������������������������������������������������ 30
5.8 * Software release for utilization at a system level��������������������������������������������������� 31
6 Software maintenance process��������������������������������������������������������������������������������������������������� 32
6.1 * Establish software maintenance plan�������������������������������������������������������������������������������� 32
6.2 * Problem and modification analysis������������������������������������������������������������������������������������ 32
6.3 * Modification implementation��������������������������������������������������������������������������������������������� 33

7 * Software risk management process����������������������������������������������������������������������������������������� 34
7.1 * Analysis of software contributing to hazardous situations�������������������������������������������������� 34
7.2 Risk control measures����������������������������������������������������������������������������������������������������� 35
7.3 Verification of risk control measures����������������������������������������������������������������������������� 35
7.4 Risk management of software changes������������������������������������������������������������������������������� 36
8 * Software configuration management process��������������������������������������������������������������������������� 36
8.1 * Configuration identification����������������������������������������������������������������������������������������������� 36
8.2 * Change control���������������������������������������������������������������������������������������������������������������� 37
8.3 * Configuration status accounting��������������������������������������������������������������������������������������� 37
9 * Software problem resolution process���������������������������������������������������������������������������������������� 37
9.1 Prepare problem reports������������������������������������������������������������������������������������������������� 37
9.2 Investigate the problem������������������������������������������������������������������������������������������������������ 38
9.3 Advise relevant parties������������������������������������������������������������������������������������������������������� 38
9.4 Use change control process������������������������������������������������������������������������������������������������ 38
9.5 Maintain records����������������������������������������������������������������������������������������������������������������� 38
9.6 Analyse problems for trends����������������������������������������������������������������������������������������������� 38
9.7 Verify software problem resolution�������������������������������������������������������������������������������������� 38
9.8 Test documentation contents���������������������������������������������������������������������������������������������� 39

Annex A (informative)  Rationale for the requirements of this standard������������������������������������������������ 40
A.1 Rationale���������������������������������������������������������������������������������������������������������������������������� 40

BS EN 62304:2006+A1:2015
IEC 62304:2006+A1:2015 (E)
- 7 -

A.2 Summary of requirements by class������������������������������������������������������������������������������������� 42
Annex B (informative)  Guidance on the provisions of this standard���������������������������������������������������� 43

B.1 Scope�������������������������������������������������������������������������������������������������������������������������������� 43

B.2 Normative references��������������������������������������������������������������������������������������������������������� 45
B.3 Terms and definitions���������������������������������������������������������������������������������������������������������� 45
B.4 General requirements��������������������������������������������������������������������������������������������������������� 45
B.5 Software development process������������������������������������������������������������������������������������������ 51
B.6 Software maintenance process������������������������������������������������������������������������������������������ 56
B.7 Software risk management process���������������������������������������������������������������������������������� 58
B.8 Software configuration management process��������������������������������������������������������������������� 59
B.9 Software problem resolution process��������������������������������������������������������������������������������� 59
Annex C (informative)  Relationship to other standards����������������������������������������������������������������������� 61
C.1 General������������������������������������������������������������������������������������������������������������������������������ 61
C.2 Relationship to ISO 13485�������������������������������������������������������������������������������������������������� 62
C.3 Relationship to ISO 14971�������������������������������������������������������������������������������������������������� 63
C.4 Relationship to PEMS requirements of IEC 60601-1:2005 +

IEC 60601-1:2005/AMD1:2012��������������������������������������������������������������������������������������� 64
C.5 Relationship to IEC 61010-1����������������������������������������������������������������������������������������������� 70
C.6 Relationship to ISO/IEC 12207������������������������������������������������������������������������������������������� 73
C.7 Relationship to IEC 61508�������������������������������������������������������������������������������������������������� 80
Annex D (informative) Implementation������������������������������������������������������������������������������������������������ 81
D.1 Introduction������������������������������������������������������������������������������������������������������������������������ 81
D.2 Quality management system����������������������������������������������������������������������������������������������� 81
D.3 Evaluate quality management processes�������������������������������������������������������������������������� 81

D.4Integrating requirements of this standard into the manufacturer’s quality

management processes���������������������������������������������������������������������������������������������������� 81
D.5 Checklist for small manufacturers without a certified QMS������������������������������������������������ 81
Annex ZA (normative)  Normative references to international publications with their corresponding
European publications�������������������������������������������������������������������������������������������������������������������������� 4
Annex ZA (informative)  Coverage of Essential Requirements of EC Directives������������������������������������� 5

Bibliography��������������������������������������������������������������������������������������������������������������������������������������� 83

Figure 1 – Overview of software development processes and activities���������������������������������������������11
Figure 2 – Overview of software maintenance processes and activities�������������������������������������������� 12
Figure 3 – Assigning software safety classification�������������������������������������������������������������������� 20
Figure B.1 – Example of partitioning of software items��������������������������������������������������������������������� 48
Figure B.2 – Pictorial representation of the relationship of hazard, sequence of events,
hazardous situation, and harm – from ISO 14971:2007 Annex E������������������������������������������������� 47
Figure C.1 – Relationship of key medical device standards to IEC 62304������������������������������������������� 62
Figure C.2 – Software as part of the V-model������������������������������������������������������������������������������������� 64
Figure C.3 – Application of IEC 62304 with IEC 61010-1��������������������������������������������������������������������� 72

Table A.1 – Summary of requirements by software safety class���������������������������������������������������������� 42
Table B.1 – Development (model) strategies as defined at ISO/IEC 12207������������������������������������������ 44
Table C.1 – Relationship to ISO 13485:2003�������������������������������������������������������������������������������������� 62
Table C.2 – Relationship to ISO 14971:2007���������������������������������������������������������������������������������� 63
Table C.3 – Relationship to IEC 60601-1��������������������������������������������������������������������������������������� 66
Table C.4 – Table deleted
Table C.5 – Relationship to ISO/IEC 12207:2008���������������������������������������������������������������������� 74
Table D.1 – Checklist for small companies without a certified QMS����������������������������������������������������� 82

BS EN 62304:2006+A1:2015 - 8 -
IEC 62304:2006+A1:2015 (E) – 7 –

62304  IEC:2006

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

MEDICAL DEVICE SOFTWARE –

SOFTWARE LIFE CYCLE PROCESSES

FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.

5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any

equipment declared to be in conformity with an IEC Publication.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 62304 has been prepared by a joint working group of subcommittee
62A: Common aspects of electrical equipment used in medical practice, of IEC technical
committee 62: Electrical equipment in medical practice and ISO Technical Committee 210,
Quality management and corresponding general aspects for MEDICAL DEVICES. Table C.5 was
prepared by ISO/IEC JTC 1/SC 7, Software and system engineering.

It is published as a dual logo standard.

The text of this standard is based on the following documents:

FDIS Report on voting
62A/523/FDIS 62A/528/RVD

Full information on the voting for the approval of this standard can be found in the report on

voting indicated in the above table. In ISO, the standard has been approved by 23 P-members
out of 23 having cast a vote.

62304  IEC:2006 - 9 - BS EN 62304:2006+A1:2015
– 9 – IEC 62304:2006+A1:2015 (E)

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

In this standard the following print types are used:

• requirements and definitions: in roman type;
• informative material appearing outside of tables, such as notes, examples and references:

in smaller type. Normative text of tables is also in a smaller type;
• terms used throughout this standard that have been defined in Clause 3 and also given in

the index: in small capitals.

An asterisk (*) as the first character of a title or at the beginning of a paragraph indicates that
there is guidance related to that item in Annex B.

The committee has decided that the contents of this publication will remain unchanged until the
maintenance result date indicated on the IEC web site under “” in the data
related to the specific publication. At this date, the publication will be

• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.


NOTE  The attention of National Committees is drawn to the fact that equipment manufacturers and testing
organizations may need a transitional period following publication of a new, amended or revised IEC or ISO publication
in which to make products in accordance with the new requirements and to equip themselves for conducting new or
revised tests. It is the recommendation of the committee that the content of this publication be adopted for mandatory
implementation nationally not earlier than 3 years from the date of publication.

BS EN 62304:2006+A1:2015 - 10 - BS EN 62304:2006
IEC 62304:2006+A1:2015 (E) – 5 – EN 62304:2006 (E)

INTRODUCTION

Software is often an integral part of MEDICAL DEVICE technology. Establishing the SAFETY and
effectiveness of a MEDICAL DEVICE containing software requires knowledge of what the software is
intended to do and demonstration that the use of the software fulfils those intentions without causing
any unacceptable RISKS.

This ssttaannddaarrdd pprroovvidideessaafrfarammeewworokrkofolfifleifecyccyleclperPoRcOeCsEsSeSsEwSitwhitahctAiCvTitIVieITsIEaSndantdasTkAsSnKeScneescseasrysaforyr tfhoer
sthaefesdaefesidgensaignnd amnadinmteaninatnecneanocfemoefdiMcEaDlICdAeLviDcEeVIsCoEfStOwFaTrWeA. RTEh.isThsitsansdtaanrd aprrdovpirdoevsidreesqureirqeumireenmtsenfotsr
efoarchealicfeh cliyfeclecypcrloecPeRsOsC. ESSE. aEcahchlifelifceyclyecpleroPcReOsCsEScSonisisfutsrtohfear sdeivtidoef dacitnitvoitaiess,ewt iothf AmCoTsIVt IaTcIEtSiv, iwtiieths
cmoonsstisAtCinTgIVoITfIEaSsfeutrtohfetradsikvsid. ed into a set of TASKS.

As a basic foundation it is assumed that MEDICAL DEVICE SOFTWARE is developed and maintained within
a quality management system (see ���H4.1) and a RISK MANAGEMENT system (see ���H4.2). The RISK
MANAGEMENT PROCESS is already very well addressed by the International Standard ISO 14971.
Therefore IEC 62304 makes use of this advantage simply by a normative reference to ISO 14971.
Some minor additional RISK MANAGEMENT requirements are needed for software, especially in the area
of identification of contributing software factors related to HAZARDS. These requirements are
summarized and captured in Clause 7���H as the software RISK MANAGEMENT PROCESS.

Whether software is a c onctroibnutrtiibnugtifnagctfoarctor atoHAaZAhRaDzairsddoeutsermsiitnueadtidounr ing itshedeHtAeZrmARinDeiddednutrifiincgattiohne

hACazTaIVrITdY idoef nthtieficRaItSioKnMaAcNtAiGvEitMyENoTf tPhReOCrEisSkS.mHaAnZaAgReDmSenthtatpcrooucledsbse.  indHireaczatlry dcoauussesditbuyatsioofntws are t(hfoart
ceoxualmdpblee, inbdyirepcrtolyvidcianugsemd isblyeasdoifntwg arinefo(fromraetixoanmpthlea,t bcyouplrdovicdainugsemisnlaepapdrinogpriantfeormtraetaiotmn etnhtat tocoubled
caadumsienisintearpepdr)opnreiaetde ttorebaetmceontsitdoerbeed awdhmeinnidsteetreerdm)innienegdwthoebtheercosnosftiwdearediswahecnondteritbeurtmininginfagctwohr.eTthheer
sdoefctwisaiorne itso aucsoentsriobfutwtianrgefatcotocr.onTthroel dReIcSiKsioins tmo audsee sdoufrtiwngarethteo cRoISnKtroClOrNiTsRkOiLs mACaTdIeVITdYurionfg tthhee RrIiSsKk
cMoAnNtArGoElMEaNcTtivPiRtOyCoEfStSh.eTrhiseksmoaftnwaagreemReInStK pMrAoNcAeGsEsM.ETNhTe PsRoOftCwEaSrSe rreisqkuimreadnaingethmiesnsttapnrdoacredssharesqtuoirbeed
ienmthbiesdsdteadndinartdhehadsevtoicebeRIeSmK bMeAdNdAeGdEiMnEtNhTe PdReOvCicEeSSriasckcmoardnianggetmoeInStOp1r4o9c7e1s.s according to ISO 14971.

The software development PROCESS consists of a number of ACTIVITIES. These ACTIVITIES are shown in
���HFigure 1 and described in Clause ���H5. Because many incidents in the field are related to service or
maintenance of MEDICAL DEVICE SYSTEMS including inappropriate software updates and upgrades, the
software maintenance PROCESS is considered to be as important as the software development
PROCESS. The software maintenance PROCESS is very similar to the software development PROCESS. It
is shown in ���HFigure 2 and described in Clause ���H6.

BS EN 62304:2006 - 11 - BS EN 62304:2006+A1:2015
EN 62304:2006 (E) – 6 – IEC 62304:2006+A1:2015 (E)

IEC 722/06

Figure 1 – Overview of software development PROCESSES and ACTIVITIES

Figure 2 – Overview of software maintenance PROCESSES and ACTIVITIES IEC 723/06

This standard identifies two additional PROCESSES considered essential for developing safe MEDICAL
DEVICE SOFTWARE. They are the software configuration management PROCESS (Clause ���H8) and the
software problem resolution PROCESS (Clause ���H9).

Amendment 1 updates the standard to add requirements to deal with legacy software, where the
software design is prior to the existence of the current version, to assist manufacturers who must show
compliance to the standard to meet European Directives. Software safety classification changes include

clarification of requirements and updating of the software safety classification to include a risk-based
approach.

BS EN 62304:2006+A1:2015 - 12 - BS EN 62304:2006
IEC 62304:2006+A1:2015 (E) – 7 – EN 62304:2006 (E)

This standard does not specify an organizational structure for the MANUFACTURER or which part of the
organization is to perform which PROCESS, ACTIVITY, or TASK. This standard requires only that the
PROCESS, ACTIVITY, or TASK be completed to establish compliance with this standard.

This standard does not prescribe the name, format, or explicit content of the documentation to be
produced. This standard requires documentation of TASKS, but the decision of how to package this
documentation is left to the user of the standard.

This standard does not prescribe a specific life cycle model. The users of this standard are
responsible for selecting a life cycle model for the software project and for mapping the PROCESSES,
ACTIVITIES, and TASKS in this standard onto that model.

���HAnnex A provides rationale for the clauses of this standard. ���HAnnex B provides guidance on the
provisions of this standard.

For the purposes of this standard:
• “shall” means that compliance with a requirement is mandatory for compliance with this standard;
• “should” means that compliance with a requirement is recommended but is not mandatory for

compliance with this standard;
• “may” is used to describe a permissible way to achieve compliance with a requirement;
• “establish” means to define, document, and implement; and
• where this standard uses the term “as appropriate” in conjunction with a required PROCESS,


ACTIVITY, TASK or output, the intention is that the MANUFACTURER shall use the PROCESS, ACTIVITY,
TASK or output unless the MANUFACTURER can document a justification for not so doing.

set of TASKS.

BReSplEacNe,6i2n3t0h4e :2fir0s0t 6sentence of the fourth paragraph, the phrase "contributing factor to a
HAZARD" with " contributing factor to a HAZARDOUS SITUATION". BS EN 62304:2006+A1:2015
EBNS E62N30642:320040:620(0E6) – 8 –
- 13 - IEC 62304:2006+A1:2015 (E)
EN 62304:2006 (E) – 8 –
RIEeCpl6a2c3e0, 4i:n200th6e/AMseDc1o:n2d015sentence of the– 3fo–urth paragraph, the term, "HAZARDS" with
"HAZARDOUS SITUATIONS". MEDICAL DEVICE SOFTWARE –
© IEC 2015
SOFMTEWDAICRAELLDIFEEVICCYECSLOEFPTRWOACREES–SES
AINdTdR, aOftDerUtCheTIeOxiNsting sixthSpOarFagTrWapAh,RthEe LfoIFlloEwiCngYnCeLwEpaPrRagOraCpEh:SSES

ARmepelnadcem,einntt1heupsedcaotensd tphaerastgarnadpahr,dthtoe aedxidstrienqgutihreirmd esnetnstetoncdeeawlitwhitthheLEfGoAllCoYwSinOgF:TWARE, where

the software design is prior to the existence of the current version, to assist manufacturers
1wEahcohSmcliuofesptceyschloewPRcOomCEpSliSanccoenstioststheof satasnedtaordf AtoCTmIVeITeIEt SE, uwroitphemanosDt iAreCcTtIiVvIeTIsE.SScoofntwsaisrteingsaofef tay

1csleatsosSficfTicoAapStKieoSn. changes include clarification of requirements and updating of the software
1sa.1fety ��*HclPasusripfiocsaetion to include a risk-based approach.

1R.e1 p l a ce P, uinr ptoh e s e f i r s t sentence of the fourth paragraph, the phrase "contributing factor to a
*��H
TH1AhZisASRsctDa"onwpdieathrd" dceofnintreibsutthineglifaecctoycr lteo raeqHuAiZreAmRDeOnUtsS fSoIrTUMAETDIOICNA"L. DEVICE SOFTWARE. The set of PROCESSES,
TAChTisIVsITtaIEnSd,aardnddeTAfiSnKeSs tdheesclirfiebecdycilne trheiqsusirteamndeanrtds efosrtaMbEliDsIhCeAsL aDEcVoICmEmSoOnFTfrWaAmReEw. oTrhkefoser tMoEfDPICRAOLCDESESVEICSE,
SAR1CO.e2TFpITVlaW*ITcAFIeERi,SeE,lildniafenodtfchyaTecpAlSpesKleiPSccRaodOtneCiodsEcnSrsSibeEenSdt.einnctehisofstathnedarfoduertshtabplaisrhaegsraaphc,omthmeontefrrmam, e"wHoArZkARfoDrSM" EwDIiCthAL DEVICE
S"HOAFZTAWRADROEUlSifeSITcUycAlTeIOPNRSO"C. ESSES.

1R.e2 p l a ce Ft iheel d e notfi raepepxl iisctaintigo nte x t of this subclause with the following:
*��H

1A.d2d, a�f�*H teFriethlde oefxiasptipnglicsaixtitohnparagraph, the following new paragraph:
TThhiiss ssttaannddaarrddaapppplieliesstotothethdeevdeelvoeplmopemnteannt damndainmtaeinnatennceanocfeMEoDf ICMAELDDICEAVLICDEESVOICFETWSAORFET.WARE
BS EN 62304:2006
Twhhiesnstsaonftdwaardreaipspiltiseeslftoa tMheEDdIeCvAeLloDpEVmICeEntoarnwdhmenainstoefntwaanrcee iosfaMnEeDmICbAeL dDdEeVdICoErSiOnFteTgWrAaRl Ep.art of
ETAthhmNeisefin6nsd2atma3l nMe0dnE4atD:r21IdC0Au0Lap6pdDpaE(ltVEieeIsC)sEth.toe stthaenddaervdetloopamddenret qaunird–em8me–anitnstetonadnecael with LEGACY SOFTWARE, where
of MEDICAL DEVICE SOFTWARE when
the software design is prior to the existence of the current version, to assist manufacturers
TsohfitswasrteanidsaritdsealfppalieMsEDtIoCALtheDEVdIeCvEeloorpmwehnetn asnodftwmaareintiesnaannceemobfedMdEeDdICoArL inDtEeVgICraEl SpOarFtTWofARthEewfhineanl
MwNOEhDToEICm1ALuTsDhtEisVsIhsCotEawn. dacrodmcpanliabnecuesetdoMintEhteDhesICdtaeAnvedLloaprDmdEetnoVt IamCndeEemtSaiEnOtueFrnoaTpnWeceaAnofRDsEoirfetw–catrievetsha. t Sisofittswealfrea safety
scdeolavfsitcwseia.fircHeaowtiisoevnietrs,ceahldfadniatgioeMnsaElDdiIneCvcAelSuLlodOpDemEFeVcnTItlCaWaErcitAfioivcrRitaietwEisohanLerenIoFnfesEeordfeCetqwdYuaaiCtrreetLhmeiEsesynPasttnseRmOealmneCvdbeEel ubdSpedSfdoearEdetiStnohgirs
medical
ionftetghreal spoaftrwt aorfe the final

type of software can
MsbeaEfDpelIatCycAecLdlaDinsEtosViIsfCiecErav.itcioe.n Ttoheisnecsluysdtema arcistivki-tibeas saered naopt pcorovearcehd .by this standard, but can be found in IEC 82304-
T1 1hi[s22]s. tandard does not cover validation and final release of the MEDICAL DEVICE, even when the
MThEiDsICsAtLanDdEaVIrCdE dcooenssisntost ecnotivreelry voaf lsidoafttwioanrea.nd final release of the MEDICAL DEVICE, even when the
1 Scope
MThEDisICsAtLaDnEdVaIrCdE cdoensscirsibtsesenPtiRreOlCyEoSfSsEoSftwthaarte.are intended to be applied to software which
1e.x3ecutReseloantioanpsrhoicpetsosoorthoer rwshtiacnhdiasredxsecuted by other software (for example an interpreter)
1.2 * Field of application
1whicShceoxpeecutes on a processor.
1.3 Relationship to other standards
TRheipslaMcEeDtIhCeALenDtEirVeICeExisStOinFgTWteAxRt Eoflitfheiscsyucbleclasutasnedwairtdh tihsetofolbloewiunsge: d together with other appropriate
s1Tt.ha1insdMas��*HrtEadDPnsIuCdwraAphLrdoeDsnEaedVpeIpCvlEieelsoSpOriFneTggWaaArdRMlEeEsDlsiIfCeAoLfcDytchElVeeICpsEet.ar��n�sHAdinsanterednxt iCsststoohroabwgees tudhseeevdriceeltao(tsgi)oentuhsseheripdwbitetohtwsoettoehrneerthtaihspepsrtaonpdriaartde
saTtonhafdintswdoasthrtaeednrs(dfrwoearlhredevxnaaanpdmtpepslvilteeeasl:nohdptaaoinrrdgdthsdae. isMdkE,eDovIepCltAoicLpaDml EedVnisICtkE,a.pn���HAedrnmmnaeanxineCtnetnsoharonfwclaesshtohfme MereEmDlaoItCriyoA)nL. sDhEipVIbCeEtwSeOeFnTWthAiRsEstandard
TawnhhdiesnosttshaoenfrtdwraearldreevdaiesnfitintssetesalnfthdaeaMrldiEfseD.ICcyAcLleDErVeIqCuEiroermwehnetsnfsoor fMtwEaDrICeAiLs DaEnVeICmEbSeOdFdTeWdARoEr .inTtheegrsael tpoafrtPoRfOCESSES,

A1tThC.h4eTisIfVinIsTaCtIaElonSMmd,EaapDrnlIdCidaAnaLTcpADepSElKiVeSIsCdEer.esgcarirbdeledsisn othfisthsetamndeathrdodesotaf bdlieslhiveesrya ocfomthmeosnoffrtawmareewo(frokr foerxaMmEDpIlCeA: L DEVICE
S1trO.a4FnTsWmACisRosEmiolipnfelibacynyccnleetPwRoOrkCEoSrSEeSm.ail, optical disk, flash memory or EEPROM). The method of
CNsoOofTmtwEpa1liraeTndhcieesliswvteaitnrhydatihrtdsiseclasfntiasbnendoautsrdecdoinsinsditdeheefirnedeeddveMaloEspDmiImCeAnptLleaDnmEdVemInCtaEiinnSgteOnaFalTnl WcoeAf RothfEe.soPftRwOarCeEtShSatESis, ACTIVITIES, and TASKS

itself a medical
1iCdde.oe2vminctepi.flii��*HeaHdnFowciieneelvdtewhri,oitsahfdsadtthpiatinposndlisaacltraaddnteividoneanloarpdcmciesonrdtdaeacfntiincveietidewsaiatshreitmnhepeeldeseomdfetawnt atthirneegssyasaltfleemotyfletcvhleeal sbPseR.foOrCe EthSisSEtySp,e AoCf TsoIVftIwTaIEreS,caannd TASKS
ibdeepnlaticfeieddinitno tsheirsvicset.anTdhaesrde sinysatecmcoarcdtivaintiecseawreitnhott hceovseorefdtwbayrtehissastfaentdyacrdla, sbust. can be found in IEC 82304-
NT1OhTisE staTnhde asrodftwdaoreessnafoetycoclvaessresvaalisdsaigtnioedn taondeacfihnarel qrueilremaseent oafrethiedeMntEifiDeIdCAinL tDhEeVnICoErm, aetivveentewxthefonllowing the

1 [22].
TrtehhqeiusiMresEmtDaeInnCdtA. aLrDdEaVpICpEliecsontositshtse ednetvireelolypomfesnotftawnadrem.aintenance of MEDICAL DEVICE SOFTWARE.
NOTE The software safety classes assigned to each requirement are identified in the normative text following the

rTehquisiresmteannt.dard describes PROCESSES that are intended to be applied to software which
TCNexOhoeiTmscEpu2sltietaasInnf codaenamriadsedpdaicrepoatlpeclerdimeesvssiinoceetrodoinrbcthoywrephionircdsahepteveisesclteoeimopxnbmeecodeudfnetteaddllasndbofdoytwcoaumtrmehaeeiinnrnttesteanontdfiaetowndncaterroeeqbo(euffoirerMexedeEcxDubaItCyemAdtpLholeinsDEaasVntIpaCirnnoEdcteaSsrrOpsdorFreiT,ntWetchrAleu)RdEinwg htheen
RCsrweoIohqSfumiKtcwirhpeaMmlierAaeexNneAtciscsGeuoEitfitMessthsEediNsloefTnstaetaFarnImMLdpEaEirn,roDdecIaCdaenpAsdbpLslyyoDartiEso.nVssteIhpCeseEscsmotoifoetrwnnawtroehof,efiannlctlhlsudeodoifntcPwguRatmOhreCeEnreiStsqaSutEairoSenn,meArnemCtqsTbuIceViordITnedcIdEeSrdbniynaogntrhdsiosnfTttwesAatgSarrKenaSdlofaprureadnqrktuinnioorcweflnudtdhifenogrfittnhhaeel
sproofvtewnaarneces(asfeeety8.1c.l2a)s. s. See ���HAnnex D. – 4 – IEC 62304:2006/AMD1:2015
MRIESDKICMAALNDAEGVEICMEE.NT FILE, and assessment of the PROCESSES, ACTIVITIES and TAS©KSIErCeq2u0ir1e5d for the
software safety class. See ���HAnnex D.
NNTOOhTiTsEE 13staTVnhadilsiadaarsdtisoenasspamnpdelineotstchoeurrelddgebaveredcloaleprrmsiesednotouaftcbttiyhvieitnietesprneaarrlesoisnr teeeexndteetrdnsaatl otaruthadegit.esysdteemvicleev(esl )beufosreedthteososfttwoarere tahned
NTmsoOhefdiTtsiwEcaas12l trdaeeTAnvh(ldtifihcosaoerarudcsgeashxnedastobsmhemeepseplsnleaptn:cecoechodtiufaileircdnddotbovdePseRicesrOarkCvr,vriEcieaoSedSlp.iEdotSiTauc,httaeibAolsCynedTiniIsVstayIekTsnr,ItnEdepaSml,eforiaarnmcneatdaixlvtnieTtrierAeenSnslaKetlaSaaoresuradernfieltoa.otspfcehortvfmhoererememdeMdboE,yrDyftlIhe)C.ixsAibLsiltiatDynEdeVaxIrCdis,Etsb, uietnvcaethnnebewmehtehondsthoef
MifmoEupnDledImCinAenLretiDlnaEgteVtdhICepEsreocdPouRcnOtsCsiEtsaStnSsdEaSernadntsidr(eep.legyr.f,ooIrfEmCsion6gf0twt6h0ae1sr-ee1,.AICETCIV8IT2IE3S04a-n1d, eTtAcS.)K. S.
N__O_T_E__2__A_l_th_ough the specified PROCESSES, ACTIVITIES, and TASKS are performed, flexibility exists in the methods of

NiTmOhpTilseEms3etnatWinndhgeatrhreedsaenayPpRprOelqCieuEsiSrSeErmeSeganantsdrdcploeenrsftoasrinmoi“nfagstthhaeepspermoApeCrtiTahItVoeITd” IEaSondfanwddeeTrleAivSneKoSrty. poerffotrhmeeds, odoftcwuamreenta(tfioonr feoxr athmepjlues:tification is

1

nN1tre.Oa3cTneInEssspm3arReriyspeWsafloirhaoarettntriihoeoinsbna.yanssyhsneirepestqswtumoioreernomktt.ehonertsrecsmotnaatnailid,n ao“rapdstiscapapl rodpirsiakt,e”flaansdh wmereemnootrypeorfrorEmEedP, RdOocMum).enTtahteionmfoerththoedjuosftification is
Nn1seoO.4cfTetwEssCa4arroeyTmfhdopereltlthieavirsemnarcy“scesoietnssfseomrlmfeinastn.cneo” tiscuosnesdidineIrSeOd/IEMCED12IC2A07L wDhEeVrIeCtEheSOteFrmTW“cAoRmEp.liance” is used in this standard.

This MEDICAL DEVICE SOFTWARE life cycle standard is to be used together with other appropriate

NOTE 4 The term “conformance” is used in ISO/IEC 12207 where the term “compliance” is used in this standard.

sDtealnedtea,rdins twhehesnecdoenvdelpoaprinag ra pMhE, DthICeAiLnDstErVuIcCtEio. n���HA“nSneeexACnnsehxowDs.”the relationship between this standard
aTnhdisosthtaenrdraerldevdaonet sstnaontdacrodvse.r validation and final release of the MEDICAL DEVICE, even when
the MEDICAL DEVICE consists entirely of software.
Add, after existing Note 4, the following new note:

1.4 Compliance

NOTE 2 If a medical device incorporates embedded software intended to be executed on a processor, the

rNeOquTiEre5meFntosr coof mthpisliasntcaendoaf rLdEGaApCpYlyStOoFtThWeAsRoEftsweaere4,.4i.ncluding the requirements concerning software of unknown

Cproovmenpalinacnec(esewe i8t.h1.2th).is standard is defined as implementing all of the PROCESSES, ACTIVITIES, and TASKS
identified in this standard in accordance with the software safety class.
3 * Terms and definitions

NOTE The software safety classes assigned to each requirement are identified in the normative text following the

requirement.

_3_.2_________

C1ANoOmMpAliLaYnce is determined by inspection of all documentation required by this standard including the

In preparation.

RRIeSpKlaMcAeN, AinGEthMeENdTefiFnILitEio, na, n"SdOaFTsWseAsRsEmPeRnOtDoUfCTtSh"e wPitRhO"CMEESDSIECSA,L ADCETVIIVCIETISEOSFTaWndARTEA".SKS required for the

software safety class. See ���HAnnex D.

NROeTpEla1ceTthhiseaesxseisstsimngenst ocouurlcdeberecfaerrrieend coeut wbyithinttehrneafl oolrloewxteinrngalnaoutdeit:.

1.4 Compliance

Compliance with this standard is defined as implementing all of the PROCESSES, ACTIVITIES, and TASKS
BidSenEtiNfie6d2i3n0t4h:i2s0s0ta6n+dAa1r:d20in1a5ccordance with the software safety class.
IEC 62304:2006+A1:2015 (E)
- 14 -
NOTE The software safety classes assigned to each requirement are identified in the normative text following the

requirement.

Compliance is determined by inspection of all documentation required by this standard including the
rRiIsSkK mMaAnNaAgGeEmMeEnNtTfFilIeLE, ,anadnadssaesssemssemnteonft thoef pthreocPeRsOsCeEsS, SaEcSt,ivAitCieTsIVaITnIEdStaasnkds rTeAqSuKirSedrefoqrutirheedsofoftrwathre
saofetwtyarcelassasf.e ty cTleaxstsd. eSleete��d�HA nnex D.

NOTE 1 This assessment could be carried out by internal or external audit.

NOTE 2 Although the specified PROCESSES, ACTIVITIES, and TASKS are performed, flexibility exists in the methods of
implementing these PROCESSES and performing these ACTIVITIES and TASKS.

NOTE 3 Where any requirements contain “as appropriate” and were not performed, documentation for the justification is

necessary for this assessment. BS EN 62304:2006

NOTE 4 The term “conformance” is used in ISO/IEC 12207 where the term “compliance” is used in this standard.
– 9 – EN 62304:2006 (E)
NOTE 5  For compliance of legacy software see 4.4.


2 *��H Normative references

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

ISO 14971, Medical devices – Application of risk management to medical devices.

3 *��H Terms and definitions

For the purposes of this document, the following terms and definitions apply.

3.1

ACTIVITY

a set of one or more interrelated or interacting TASKS

3.2

ANOMALY

any coconnddititoionnthatht adtevdiaetveisatferosmfrthoemextphectexdpbeacsted obnarseeqduiroenmernetqsusipreemciefinctastiosnpse, cdiefisciagtniodnosc, udmeesnigtsn,
sdtoacnudmarednst,s,etsct.aonrdafrrodms, seotmc.eoornefr’osmpesrocempetoionnes’sorpexrcpeepriteionncseso.rAenxopmearileinecsems.ayANbOeMfoAuLInEdS dmuariyngb,ebfuotunnodt
ldimuriitnegd,tob,utthenoret vlimewit,etdestto,,anthaelysreisv,iecwom, pteilsatt,ioann,aolrysuisse, ocfo mpmilaetdioicna, lodreuvsiceeosfoSfOtwFTaWrAeRE PoRrOaDpUpClicTSaboler
daopcpulimcaebnletadtiocnumentation

N[IOETEEE  1B0as4e4d:1on99IE3E,Ed1e0f4in4:i1ti9o9n3,3d.e1fi]nition 3.1.


3.3

ARCHITECTURE

organizational structure of a SYSTEM or component

[IEEE 610.12:1990]

3.4

CHANGE REQUEST

a documented ssppeecciiffiiccaattiioonn ooff aa cchhaannggeettoobbeemmaaddeetotoaa SOmFeTWdiAcRaEl PdReOvDicUeCsToftware

3.5

CONFIGURATION ITEM

entity that can be uniquely identified at a given reference point

NOTE  Based oonn  ISOIS/IOEC/IE1C2210272:0179:9250,0d8e, f4in.7it ion 3.6.

3.6

DELIVERABLE

required result or output (includes documentation) of an ACTIVITY or TASK

3.7


EVALUATION

a systematic determination of the extent to which an entity meets its specified criteria

[ISO/IEC 12207:1995, definition 3.9]

entity that can be uniquely identified at a given reference point

NOTE Based on ISO/IEC 12207:1995, definition 3.6.

3.6 - 15 - BS EN 62304:2006+A1:2015
IEC 62304:2006+A1:2015 (E)
DELIVERABLE

required result or output (includes documentation) of an ACTIVITY or TASK

3.7

EVALUATION

a systematic determination of the extent to which an entity meets its specified criteria

BS EN 62304:2006

E[ISNO/6IE2C30142:220070:216090(9E85,)4d.e1f2in]i tion 3.9] – 10 –

B3.S8 EN 62304:2006

EHANRM62304:2006 (E) – 10 –
physical injury, damage, or both to the health of people or damage to property or the environment


[3I.S8O/I1E4C97G1u:2id0e075,12:1.29]99, definition 3.3]

HARM

3ph.9ysical injury, damage, or both to the health of people or damage to property or the environment

HAZARD

[ISO/IEC Guide 51:1999, definition 3.3]
potential source of HARM

3[I.S9O/I1E4C97G1u:2id0e075,12:1.39]99, definition 3.5]

HAZARD

p3o.1te0ntial source of HARM

MANUFACTURER

[ISO/IEC Guide 51:1999, definition 3.5]
natural or legal person with responsibility for designing, manufacturing, packaging, or labelling a
MEDICAL DEVICE; assembling a SYSTEM; or adapting a MEDICAL DEVICE before it is placed on the market
a3n.1d0/or put into service, regardless of whether these operations are carried out by that person or by a
tMhAirNdUpFAaCrtTyUoRnERthat person’s behalf
natural or legal person with responsibility for designing, manufacturing, packaging, or labelling a
[MISEDOIC1A4L9D7E1V:2IC0E0;70a, s2ds.e8ef]imnibtiloinng2a.6S] YSTEM; or adapting a MEDICAL DEVICE before it is placed on the market
and/or put into service, regardless of whether these operations are carried out by that person or by a
NthOirTdE p1a  rAtytteonntiotnhaist dprearwsnotno’sthbeefhacatlfthat the provisions of national or regional regulations can apply to the definition of
m3.a1n1ufacturer.


MEDICAL DEVICE

N[IOSTOE 12 49F7or1a:2d0e0fin0i,tiodneofifnlaitbioelnlin2g,.6se] e ISO 13485:2003, definition 3.6.
any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or calibrator,
software, material or other similar or related article, intended by the MANUFACTURER to be used, alone
3o.r1i1n combination, for human beings for one or more of the specific purpose(s) of

MEDICAL DEVICE

– diagnosis, prevention, monitoring, treatment or alleviation of disease,
any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or calibrator,
–softwdiaargen,omsiast,emriaolnoitrorointhge, rtrseiamtimlaernot,r arellleavtieadtioanrtiocfleo,r icnotemnpdeendsbaytiothnefoMrAaNnUiFnAjuCrTyU,RER to be used, alone
–or inincvoemstbiginaatitoionn, ,refoprlahcuemmaennbt,eminogdsiffiocratoionne, oorr msuoprepoorft tohfethsepeacnifaictopmuyrpoorsoef(sa) pohfysiological PROCESS,

– dsuiapgpnoorstiinsg, porresvuesnttaioinni,nmg olinfeit,oring, treatment or alleviation of disease,

– dcoiangtnroolsoisf ,cmonocneitpotriionng,, treatment, alleviation of or compensation for an injury,

– idnivseinsfteigcatiotionno,frMepElDaIcCeAmL DeEnVt,ICmEoSd, ification, or support of the anatomy or of a physiological PROCESS,

– psuropvpiodrintignginofor rsmuastaioininfogr limfee,dical purposes by means of in vitro examination of specimens derived
– cfroonmtrothl eofhcuomnacnepbtoiodny,,
and which does not achieve its primary intended action in or on the human body by pharmacological,
– disinfection of MEDICAL DEVICES,
immunological or metabolic means, but which may be assisted in its function by such means
– providing information for medical purposes by means of in vitro examination of specimens derived
NOTfEro1mTthhise dheufimnitaionn bhoasdyb,een developed by the Global Harmonization Task Force (GHTF). See bibliographic reference
[a1n5d] (iwn hISicOh13d4o8e5s:20n0o3t).achieve its primary intended action in or on the human body by pharmacological,
[imISmOu1n3o4lo8g5i:c2a0l0o3r,mdeftianbitoiolinc m3.e7a] ns, but which may be assisted in its function by such means


NOTE 21 SThoims ededfifinfeitrieonncehsascabneeonccduervienlothpeeddebfyinitthioenGs luosbeadl HinarremgounlaiztiaotniosnoTf aesakchFocorcuent(rGy.HTF). See bibliographic reference
[15] (in ISO 13485:2003).

3[I.S1O2 13485:2003, definition 3.7]

MEDICAL DEVICE SOFTWARE

SNOFTTEW2ARSEomSeYSdiTffEeMrentcheastcahnaosccbuer einnthdeedveefilnoitpioends ufsoerd tihneregpuularptioonsseofoefacbhecinoguntirnyc. orporated into the MEDICAL
DEVICE being developed or that is intended for use as a MEDICAL DEVICE in its own right

NOTE 3 In conjunction with IEC 60601-1:2005 and IEC 60601-1:2005/AMD1:2012 the term “medical device” assumes the same

3.12

meaning as me equipment or me system (which are defined terms of IEC 60601-1).
MEDICAL DEVICE SOFTWARE

3.13
SOFTWARE SYSTEM that has been developed for the purpose of being incorporated into the MEDICAL

PROBLEM REPORT

DEVICE being developed or that is intended for use as a MEDICAL DEVICE in its own right
a record of actual or potential behaviour of a SOFTWARE PRODUCT that a user or other interested
person believes to be unsafe, inappropriate for the intended use or contrary to specification
3.13

PROBLEM REPORT


a record of actual or potential behaviour of a SOFTWARE PRODUCT that a user or other interested
person believes to be unsafe, inappropriate for the intended use or contrary to specification

aimnmd uwnhoiclohgidcoael sornmoteatacbhoielivcemitesapnrsi,mbaurty winhtiecnhdmedayabcteioanssinisoterdoinn tihtse fhuunmctaionn bboydsyubcyh pmheaarnmsacological,

NimOmTEun1 olTohgisicdaelfionritimonehtaasbobleiecnmdeevaenlosp,ebdubtywthheicGhlombaalyHbaremaonsisziastitoendTianskitsFofrucnec(tGioHnTFb)y. Sseuechbibmlioegaranpshic reference

[15] (in ISO 13485:2003).
BNOSTEE N1 6T2h3is0d4e:f2in0it0io6n+hAas1:b2e0e1n 5developed by the Global Harmonization Task Force (GHTF). See bibliographic reference
I[1EIS5C]O(i6n12I3S34O08415:3:242080050:623+0,0Ad31e).:fi2n0it1io5n(E3.)7]
- 16 -

[NIOSTOE 1234S8o5m:e20di0ff3er,ednecefisncitainonoc3cu.7r ]in the definitions used in regulations of each country.

NOTE 2 Some differences can occur in the definitions used in regulations of each country.

3.12
3M.E1D2ICAL DEVICE SOFTWARE
sMSoOEfFDtTICwWAaALrRDeEESVsYIyCSsETtEeSMmOFttThhWaaAtt RhhEaass bbeeeenn ddeevveeloped for the purpose of being incorporated into the MmEeDdIiCcAaLl
dSDOeEvVFiTIcCWeEAbReEinSgYSdTeEvMelothpaetd hoar sthbaet eisn indteevnedleodpefdor fuosr ethaes apumMrpeEdoDsiIcCeaAlLofDdEebVveIiiCcnEeg inincitosropwornatreigdhtinto the MEDICAL
DEVICE being developed or that is intended for use as a MEDICAL DEVICE in its own right

NOTE  This includes a medical device software product, which then is a medical device in its own right.

3.13
3PR.1O3BLEM REPORT
aPRrOeBcLoErMd RoEfPaOcRtTual or potential behaviour of a SOFTWARE PRODUCT that a user or other interested

aperrreescocoonrrdbdeoolifef vaaeccsttuutaoallbooerruppnoostetaenfnetit,aiailnlbabepehpharoavpvioriouiaurtreofofofar at heSOminFetTdeWnicAdaRelEd dPueRsveOiDcoUerCcsToontfhttraawtrayarteoBu ssSepreEtchoNiafritc6oaa2tthi3ouen0sre4irn:2toe0rr0eo6sthteedr
ipnetersreosntebdelpieevressontobbeelieuvnessatfoe,bienaupnpsraofper,iainteapfoprotph–rei1ai1tnet–efnodr ethdeuisneteonrdceodnutrsaeryortEocoNsnpte6rca2irf3yic0tao4ti:so2pn0e0c6ific(aEti)on


NOTE 11  TThhisis standaarrdd ddooeessnontorteqreuqirueirtehatheavtereyvperryobPlReOmBrLEeMpoRrEtPrOesRuTltsreisnualtschianngae ctohathnegetometdhiecaSlOdFeTvWicAReEsoPfRtOwDaUrCeT . A.
AMAmNaUnFuAfCaTcUtRuErRercacnanrerjeejcetcat aPRprOoBLbElMemRErPeOpoRTrtasasaammisisuunnddeersrstatannddiningg,,eerrroorr oorr iinnssiiggnniiffiiccaant event.

NOTE 2  AA pPrRoObBlLeEmM rReEpPoOrRtT ccaannrerlealtaeteto tao realeraesleads ed mSeOdFiTcWalARdEevPicReODsUoCfTtwoarretoa oSrOtFoTaWAREmPeRdOicDaUlCdTevthicaet sisofsttiwllaurneder
tdheavteislosptmilleunnt.der development.

NOTE 3 This standard requires the MANUFACTURER to perform extra decision making steps (see Clause ���H6) for a PROBLEM
REPORT relating to a released product to ensure that regulatory actions are identified and implemented.

3.14

PROCESS

a set of interrelated or interacting ACTIVITIES that transform inputs into outputs

[ISO 9000:2000, definition 3.4.1]

NOTE The term “ACTIVITIES” covers use of resources.

3.15

REGRESSION TESTING

the testing required to determine that a change to a SYSTEM component has not adversely affected
functionality, reliability or performance and has not introduced additional defects

[ISO/IEC 90003:2004, definition 3.11]

3.16


RISK

combination of the probability of occurrence of HARM and the severity of that HARM

[ISO/I1E4C97G1u:2id0e075,12:1.1969]9definition 3.2]

3.17

RISK ANALYSIS

systematic use of available information to identify HAZARDS and to estimate the RISK

[ISO/I1E4C97G1u:2id0e075,12:1.1979]9definition 3.10]

3.18

RISK CONTROL

PROCESS in which decisions are made and RISKS are reduced to, or maintained within, specified levels

[ISO 14971:20070,d2e.f1in9i]t ion 2.16, modified]

3.19

RISK MANAGEMENT

systematic application of management policies, procedures, and practices to the TASKS of analyzing,
evaluating, and controlling RISK


[ISO 14971:20070,d2e.f2in2i,timonod2i.f1ie8d] – The phrase “and monitoring” has been removed] 

3.20

RISK MANAGEMENT FILE

set of records and other documents, not necessarily contiguous, that are produced by a RISK

MANAGEMENT PROCESS

[ISO 14971:2000 definition 2.19]

3.19

RISK MANAGEMENT

systematic application of management policies, procedures, and practices to the TASKS of analyzing,
BS EN 62304:2006+A1:2015
evaluating, and controlling RISK IEC 62304:2006+A1:2015 (E)
- 17 -

[ISO 14971:2000 definition 2.18]

3.20

RISK MANAGEMENT FILE

BseSt EofNre6c2o3rd0s4:a2n0d06other documents, not necessarily contiguous, that are produced by a RISK

EBMANSNAE6G2NE3M06E42NT:320P0R40O:62C0E(0SES6) – 12 –

EBB[ISNSSOEE612NN43970661422::33220000044070::622,d002(e.00Ef2i66n3)i]t ion 2.19] – 12 –
– 12 –
EE3.NN21 6622330044::22000066 ((EE)) – 12 –

S3A.2F1ETY
SSf3rAA.e2FFe1EEdTToYYm from unacceptable RISK
3.21
SfrAeFeEdToYm from unacceptable RRIISSKK

SAFETY
[fIrSeeOd/IoEmCfGroumiduen5a1c:c1e9p9t9abdleefiRnIiStiKon 3.1]
freedom from unacceptable RISK
[ISO/I1E4C97G1u:2id0e075,12:1.2949]9definition 3.1]
3[I.S2O2/IEC Guide 51:1999 definition 3.1]
[ISO/IEC Guide 51:1999 definition 3.1]
3SE.2C2URITY
3SSpEE.r2oCC2tUUeRRcIItTTioYYn of information and data so that unauthorized people or SYSTEMS cannot read or modify them
3.22
pSaprEnrooCdttUeesRccotItTiiotoYhnnaotofaf iuinntfhfooorrmrmizaaettdiioonpneaarnsndodnddsaatotaar sSsoYoStthThEaaMtt uSunnaaarueutthnhooortriizdzeeedndipepederosapoclnceseosorsrSStsoYYySSstTThteEEeMMmmSSs ccaannnnoott read or modify them
SECURITY cannot read or modify them
aappnnrroodatteeusccothttiitooohrnnaiztooeaffduiinnpthffeooorrrsrmmiozaanettsdiiooopnnreaasrsnnyoddsnteddsmaaottsaar aSSssrYYooeSSttTTnhhEEoaaMMttt SSduuennanaareiuuettdnhhoooatrrciidzzceeenddsiseppdteeoooatppchllceeeemoos.rrs SStoYYSStTThEEeMMmSS cannot read or modify them
[aInSdOs/IoECtha1t2a2u0t7h:o1r9iz9e5ddpeefirnsiotionns o3r.2S5Y]STEMS are not denied access to them
and so that authorized persons or SYSTEMS are not denied access to them
N[IOSTOE/ IEBCas1ed22on07IS:O1/9IE9C5 1d2e2f0i7n:i2t0io0n8, 34.3295. ]
3[I.S2O3/IEC 12207:1995 definition 3.25]
[ISO/IEC 12207:1995 definition 3.25]
3SE.2R3IOUS INJURY
3SSinEE.j2uRR3rIIOOyUUoSSr IIiNNllJJnUUeRRsYYs that directly or indirectly:
3.23
iSanE)juRriIsOy UloiSfreIiNltlhnJrUeeRsasYtethnaint g d,iretecxtltydoerleinteddir ect:ly:

SERIOUS INJURY
in)jury or illness that directly or indirectly:
bain)juriseysloiufreltisltlhnirneespaseterthnmainatgnd,eirnetcimtlypoarirminednirteoctflya: body function or permanent damage to a body structure, or
a) is life threatening,
cba)) nriseeslciufeelstssthiitrnaetpaeetsernmminaegnd,eicnatlimorpasuirrmgeicnatl oinf taerbvoednytiofunnctotiopnreovrepnet rpmearmneanntednat mimagpeairtomeanbtoodfyastbroudctyurfuen, cotrion
b) nrroeeersscpuueellsttrssmsiiitannantppeeesnrrtmmmdaaeanndmeeicannagttleiimmotroppaasauiirrbrmmgoeeidcnnayttlsooitnffrutaaecrbbtvuooerddenyytioffuunnncctottiioopnnreoovrreppneet rrpmmeaarmnneeannntteddnaat mmimaaggpeeairttoomeaanbbtoooddfyyassttbrrouudccttyuurrfueen,, cootrrion
cb)
Nc)OTnoEer cpPeeesrmmsiataannetentsnitmmdpeaadmirmicaeagnlet omtroesaanusbrgoaindcyairlrseitvnreutrescritbvuleerenimtiopanirmtoenptroervdeanmt apgee rtmo aanbeondyt simtrupcatuirrme oernftunocftiaonbeoxdclyudfiungnctrtiivoianl
c) necessitates medical or surgical intervention to prevent permanent impairment of a body function
iNmOpTaoEirrmpePenetrr mmmmoraaaadnnnnaeeeemnnttnnaiittgmmeddpp.aaaammiirrmmaaeeggnneett mmttooee aaaann s s bb ooaanndd yyiirr rrsseettvvrreeuurr sscciittbbuulleerr eeiimm
NOToEr pPeer pp aa ii rr mm ee nn t t oorr ddaammaaggee ttoo a a bbooddyy ssttrruuccttuurree oorr ffuunnccttiioonn eexxcclluuddiinngg ttrriivviiaall
iiNmmOppTaaEiirrmmeePnnettrmoorraddnaaemmntaaiggmeep.. airment means an irreversible impairment or damage to a body structure or function excluding trivial
3iNm.O2pTa4EirmePnetrmoradnaemntaigmep. airment means an irreversible impairment or damage to a body structure or function excluding trivial
SimOpFaTirWmAenRtEorDdEaVmEaLgOeP. MENT LIFE CYCLE MODEL

3.24
SS3coOO.2nFF4cTTeWWpAAtRRuEEalDDsEEtVVruEEcLLOOtuPPrMMeEEsNNpTTaLLnIInFFiEEngCCYYtCChLLeEEliMMfeOODDoEEf LLthe software from definition of its requirements to its release
3.24
cSfooOrnFmcTeWapnAtRuufEaalDcstEutVrruEincLgtOu,PrweMhEsiNpcTha:LnInFiEngCYtCheLEliMfeODoEf Lthe software from definition of its requirements to its release
SOFTWARE DEVELOPMENT LIFE CYCLE MODEL
 –fccooornnitmdcceeeexappntntttduuuifefiaaaelllecssstteuttthrrdruuei nccgPttuu,R,rrOwweeChhssEiicppcShaahS:nn:, nnAiiCnnTggIVttIhhTeeIEllSiiffeeanoodff TtthhAeeSKssSooffittnwwvaaorrlveeeffdrrooimmn dddeeevffeiinnloiittpiioomnneoonfft iiottssf arreeSqqOuuFiirrTeeWmmAeeRnnEttss PttooROiittDssUrrCeeTllee, aassee
for manufacturing, which:
––fordimdeeasnncturififbiaeecsstuttthrhheineegPPs,RRperOOwqoCChucEEiecSSenhSSsc:,se,AAoCCafTTcaIIVVtnIIiTTvdIIiEEtdSSieepasennaddnTTedAAnSSctKKaySSsbkienstvwoienlveveondlvAienCdTdIVeinIvTeIEdloSepvamenleodnpTtmAoeSfnKaSt ,SSoOOafnFFTTdaWW AARREEmedPPiRRcOOaDDlUUCCdTTe,vice
– isdoefnttiwfiaerset he ,PROCESS, ACTIVITIES and TASKS involved in development of a SOFTWARE PRODUCT,
–– ididdeeesnncttriiffibiieeesssttthhheeePmsReilOeqCsuEteoSnnSce,esAoCafTt aIwVnIhTdiIcEdhSeptahenenddcToeAmnScpKySlebtientvnwoeelsvesendoAAfinCCsTTpdIIeVVecIIvTTiefIIiEEleoSSdpamDnEedLnITTVt AAEoSSRfKKAaSSB,SLOaESnFTdiWs AvReErifiePdR.ODUCT,
– describes the sequence of and dependency between ACTIVITIES and TASKS, and
–NOTiddEeesncBtraifisbieedssottnhheIeSmOs/eiIlEeqCsute1o2nn2ce0e7s:o1a9ft9aw5n,hddiecdfhieniptthieoenndc3.oe1mn1cpylebtetnweesesnoAf CsTpIeVcITifIiEeSd aDDnEEdLLIITVVAEESRRKAASBB,LLaEESSndis verified.
––NNOOTTiiddEEeennBBttaaiiffssiieeeddss oottnnhheeIISSmmOO//iiIIllEEeeCCsstt11oo22nn22ee0077ss::11aa99tt99ww55,,hhddiieeccffhhiinniitttthhiiooeenn cc33..oo11mm11 pplleetteenneessss of specified is verified.
3N.O2T5E Based on ISO/IEC 12207:1995, definition 3.11 of specified DELIVERABLES is verified.
DELIVERABLES


SNOOFTTEWABRasEeIdToEnMISO/IEC 12207:1995, definition 3.11
3.25
aSS3OOn.2yFF5TTiWWdeAAnRRtEEifiIIaTTbEElMMe part of a computer program
3.25
aSOnyFTiWdeAnRtEifiIaTbElMe part of a computer program

SOFTWARE ITEM
a[InSyOi/dIEenCti9fia0b0l0lee3p:p2aa0rrt0t o4of,f adaeccfoionmmitpipouunttee3rr.p1pr4ro,ogmgrraoamdmi,fiie.ed.], source code, object code, control code, control data, or
any identifiable part of a computer program
a[IScOol/lIeEcCtio9n0o0f03th:2e0se04it,edmesfinition 3.14, modified]
NOTE Three terms identify the software decomposition. The top level is the SOFTWARE SYSTEM. The lowest level that is not
[[fuIISSrthOOe//rIIEEdeCCco99m00p00o00s33ed::22i00s00t44he,, ddSeeOffFiiTnnWiittAiiooREnn U33N..11IT44. ,,Ammll ooleddviieffliiseeddo]]f composition, including the top and bottom levels, can be called
NNOOTTEE 1 TThhTrrheereeeetteetrremmrmss siiddieednnettniifftyyifytthhteehessoosffottwwftwaarraeereddeedcceoocommmpppooossiisttiitooionnn.. .TTThhheeettootoppplleelevvveeell liissis tthhtheee SSsOOoFFfTTtWWwAAaRRrEEe SSsYYySSsTTtEEeMMm... TTThhheee lllooowwweeesssttt llleeevvveeelll ttthhaatt iiss nnoott
SOFTWARE ITEMS. A SOFTWARE SYSTEM, then, is composed of one or more SOFTWARE ITEMS, and each SOFTWARE ITEM is
fcNfuuoOrrmtthThpeeEorrrsdddeTeeedchccoroooemfmmepoppotneooserssemeeodddsrismiiidsstoehrnettehhtsieefSoyOSSftFOOthTwFFeWTTasAWWroReAAfEtRRuwEEUnaNirUUtIeTNN. SAIIdTTleo..l crlAAeodvllmellecpllseeoovvmsoeeifptllicssooosnooma.ffbpTlccoehooseSmmitiOtoppoFnoopT,ssWliiettnAiivcooRelnnuEl,,diIisiTnnnEgtccMhlltuueShdd.eSiiTnnOtggohFpeTttWhhareeenAsdRpttEooboppoSntYstaaoiSbnnmTiddlEiltMeybb.vooieTsttttlhsoolee,mmfctlaolltneewovvebteehselltessc,,laeMcclvAlaaeeNnndlUtsFhbboAaeeCfttTcciwUsaaRllanllEeeroRddet
iSSNftuOOOerFFtmThTTseEWW.rAAAdRRTseEEhocrfIIoeTTtmeEEwMMptaeoSSrr..semeAAdssySSiidssOOteFFentTThmtWWief,yAAtShRRtOehEEnFeT,SSsWYYisoSSAfcTTtRwoEEEmMMar,,UpeNotthhIsdTeee.nndcA,,oolmiiflssoplenccovooesemmitolisoppr noomo.ssfoeeTrddcehoesoomofftpofooptnnswleeietaivorooenerrl, iimmtsineootcmrrhleesue,dSSSainOOOngFFFdTTTteWWWhaeAAAcRRRhtEEEospIISoTTYfEEaStMMnTwdSSEa,,Mrbaa.eonnTtitddhtoeemeemaalolccieswhhveceSSosltOOms,FFlpeTTcovWWasenAAel RRdthbEEoaefIItTTociEEsnaMMelnleooiidssrt
to provide the definition and granularity of the SOFTWARE ITEMS and SOFTWARE UNITS.
mccSfuooOormmFtrheTppeWoosrAssodeeRfeddEtcwooIoTaffmErooMepnnoSeeu.sneooAidtrr smmSisoOoorFrrtdeeTheWeSScAOOoSRFFmOETTFpWWTSoAAWYsRRSaAEETbRElEUUeMNNs,UIIoTTNtSSfhITteoo.wnrrAa,ddrlieelseccleooictvmmoeemmpplsoospss.ooaaTsfbbehlldeceeoroSSmefOOsppFFoooTTnsWWneitsAAioiobRRnriEEl,itmIIyiTTnoEEicsrMMleulSSed..fSitTTnOtghhoFeeTttWhhrreeeAssRmpptEaooonpInnTussEafiiMabbnciidSlliit,ttuyybaroiinssettdrolleemetffottaplctteoohrvottevShhliOeesd,eFMMTctAAWhaNNenAUURgFFbErAAaeCCnITTTcuEUUalMaRRllrEEeitiRRdsy
ottcSooofOmtppFhTrrpeooWovvsAsiioddeRfeedEtttwoIhhTfaeeEorMddneSeee.ifftiionnAeriimttiimSoosOnnoaFrnaaeTdnnWSddsAOoggRFfrrETaatWnnwSAuuYaRllSraaETerrEiiUttuMyyNn,ooIiTtfftShstthhe.oeenr ,SSdiOOescFFoTTcmWWomAApRRopEEsoasIITTbeEEldeMMoSSfOaaFonnTnddWeSSAOOoRFFrETTmIWWToEAArMRReEES.SUUTONNhFIITTeTSSWr.. eAsRpEoInTsEiMbiSli,tyainsdleeftactoh SOFTWARE ITEM is
the MANUFACTURER
tc3oo.2mpr6poovsideed tohfeodneefionritimonoraenSdOgFrTaWnAuRlaEriUtyNoITfSthoer SdOecFoTmWApRoEsaITbEleMSSOaFnTdWSAORFETIWTEAMRES.UTNhITeSr. esponsibility is left to the MANUFACTURER
NtSoOOpTFrETovW2id AeRBtEahsePedRdeOofiDnnUiItSiCoOnT/IaEnCd 9g0ra0n0u3l:a2r0i0ty4,of3.t1h4e aSnOdFTISWOAR/IEECITE1M22S0a7n:2d0S0O8F, T4W.4A1R.EUNITS.
3.26
SS3seOO.2tFF6TToWWf cAAoRRmEE pPPuRRtOOeDDr UUpCCroTTgrams, procedures, and possibly associated documentation and data
3.26
SS[sIeOOStFFOTTo/WWfIEcAACoRRmEE1pPP2uRR2tOO0eDD7r :UUp1CCr9oTT9g5radmefsin, iptiroonce3d.2u6re] s, and possibly associated documentation and data
 setNoof tcuosmepdu ter programs, procedures, and possibly associated documentation and data
[sIeStOo/fIEcCom1p2u2t0e7r :p1r9o9g5radmefsin, iptiroonce3d.2u6re] s, and possibly associated documentation and data
3[I.S2O7/IEC 12207:1995 definition 3.26]

[ISO/IEC 12207:1995 definition 3.26]
S3O.2F7TWARE SYSTEM
iSS3nOO.t2eFF7TTgWWraAAteRRdEE SScYYoSSlleTTEEcMMtion of SOFTWARE ITEMS organized to accomplish a specific function or set of functions
3.27
iSnOteFTgWraAteRdE ScYoSlleTEcMtion of SSOOFFTTWWAARREE IITTEEMMSS organized to accomplish a specific function or set of functions

SOFTWARE SYSTEM
integrated collection of SOFTWARE ITEMS organized to accomplish a specific function or set of functions
integrated collection of SOFTWARE ITEMS organized to accomplish a specific function or set of functions

BS EN 62304:2006+A1:2015 - 18 - BS EN 62304:2006
IEC 62304:2006+A1:2015 (E) – 13 – EBNS E62N30642:320040:620(E06)

– 13 – EBNS E62N30642:320040:620(E06)

3.28 – 13 – EN 62304:2006 (E)

SOFTWARE UNIT
3.28
SOFTWARE ITEM that is not subdivided into other items
SOFTWARE UNIT
3.28
NSOTFETW  ATShROeEFTgIWrTaAEnRMuElatUrhNitayITtoSifscsaonnfotbtwesaurusebeddunifvoitirdstheiseddpieunfritnpoeodsoebthyoefthsreoiftmtewamanrusefaccotnufirgeurra(tsioene mBa.3n)a. gement or testing.
SOFTWARE UNIT

NSOFTTEWASROEFTIWTAERME tUhNaITtSiscannobtesuusbeddifvoirdtheedpiunrtpoosoethoef sroifttewmarse configuration management or testing.
3.29

SNOUTEP SOFTWARE UNITS can be used for the purpose of software configuration management or testing.


3.29
software of unknown provenance (acronym)

SOUP
sS3oO.2fF9tTwWaArReE IiTtEeMm ththaattisisaalrlereaaddyydedveevleolpoepdedanadndgegneenrearllayllyavaavilaaiblaleblaenadntdhatthahtashansotnboet ebnedeenvdeelovpeelodpfeodr
software of unknown provenance (acronym)
ftSohOreUtPphuerpousrpeoosfe btohefaintbgeisininagclroienrapcdoyrpadoteerdaveteilnodtpoientdthoeatnhMdeEgDmeIeCndAiecLraaDllEldyVeIvaCicvEeai((laaalblsslooe kaknnnoodwwtnhnaaatssh“a“oosffffn--tohteb-seheenlfdseovfetwloapreed”) foorr

SOFTWARE ITEM
 tshooefftstwpwouafarrtrpeweoapsorerfeeuoviinftokbeunmesoilnypwgrdenievnpivcoerouolrosvplpyeoenrddaaetnevfocdereloinw(ptaehocdicrt hohenayMfdmoEer)DqwIuChaAitcLehDraEedVcIeoCqrEdusa(ateolsfroethckoneroddwsenvoeaf lstohp“eomfdfee-ntvhteelP-osRphOmeCleEfnSstSopEftrSwoaacrreees”)sneoosrt
aSrOveaFiTnlaWobtAlRaevEaIiTlaEbMlethat is already developed and generally available and that has not been developed for
software previously developed for which adequate records of the development PROCESSES are not
the purpose of being incorporated into the MEDICAL DEVICE (also known as “off-the-shelf software”) or
available
NsoOfTtEw aAremepdriecavlioduesvilcye dseofvtewloarpeesdysftoerm winhitiscehlf caadnenoqtubaeteclarimeecdortodsbeosfoutph.edevelopment PROCESSES are not
3.30
available
SYSTEM

3.30
integrated composite consisting of one or more of the PROCESSES, hardware, software, facilities, and
SYSTEM
p3e.3o0ple, that provides a capability to satisfy a stated need or objective
integrated composite consisting of one or more of the PROCESSES, hardware, software, facilities, and
SYSTEM
people, that provides a capability to satisfy a stated need or objective
[inISteOg/rIaEtCed12c2o0m7p:o1s9i9te5,cdoenfsinisittiionng 3o.f31o]ne or more of the PROCESSES, hardware, software, facilities, and

N[pIOeSoTOEp/ lIeEB,Catsh1ead2t 2opn0r7oIS:vO1id9/IEe9Cs5,1a2dc2e0af7ipn:2ai0tbi0oi8lni,ty43.4.t3o8.1 s]atisfy a stated need or objective
3.31

[ISO/IEC 12207:1995, definition 3.31]

TASK

3.31
a single piece of work that needs to be done

TASK

3.31
a single piece of work that needs to be done

TASK

3.32
a single piece of work that needs to be done

TRACEABILITY

3.32
degree to which a relationship can be established between two or more products of the development

TRACEABILITY

P3R.3O2CESS
degree to which a relationship can be established between two or more products of the development

TRACEABILITY
PROCESS


[dIeEgErEee61to0.w12h:ic1h99a0]relationship can be established between two or more products of the development

PROCESS
[IEEE 610.12:1990]
3.33
[IEEE 610.12:1990]

NVEORTEIF ICRAeTqIuOirNements, architecture, risk control measures, etc. are examples of deliverables of the development process.
3.33
confirmation through provision of objective evidence that specified requirements have been fulfilled
VERIFICATION
I3E.3C362304:2006/AMD1:2015 – 7 –
©cNVoEOInRTEfIEFiCrI1mC2Aa0“TtV1iIoeO5rnNifitehdr”oisugushedprtoovdiessiiognnaotef tohebjceocrrteivsepoenvdiindgesntcateust.hat specified requirements have been fulfilled

Nc[IoOSnTOfEir91m0Ra0e“tVq0iuoe:2irnrie0fimte0hde0r”no,itsusd,gueashferincdphitritiooeovcdntieuss3riieo.g8,nn.ra4iotse]kf tochoebnjcetroocrlrteimvsepeoaensuvdriinedgse,snetcatcteu. sta.hreatesxapmepcliefsieodf rdeeqlivueirraebmleesnotfsthheavdeevbeleoepmnefnutlfilled

PROCESS.

N[NIOOSTTOEE 92100“InV0e:d2rei0fsie0igd0n”,isadnuedsfeidndeittvioeoldnoeps3mi.ge8nn.at4,te]VtEhReIFcIoCrArTeIsOpNoncdoinncgesrntastutsh.e PROCESS of examining the result of a given ACTIVITY to

determine conformity with the stated requirement for that ACTIVITY.

3N[I.OS3TO4E 9200In0:d2e0s0ig0n, adnedfidneitvieolnop3m.e8n.t4, ]VERIFICATION concerns the PROCESS of examining the result of a given ACTIVITY to

VdeEtRerSmIOinNe conformity with the stated requirement for that ACTIVITY.

3N.O3T4E 2 In design and development, VERIFICATION concerns the PROCESS of examining the result of a given ACTIVITY to

RV3deE.e3tRep4rSlmaIOicnNee,cionnftohrmeiteyxwisitthinthge tsetaxttedofreNquoitreem1,entht feorwthoartdAsCT"IaVITSYO. FTWARE PRODUCT" with "MEDICAL DEVICE
SVidOEeRFnTStWIiOfiAeNRdEi"n. stance of a CONFIGURATION ITEM

3.34
NidOeTnEtif1iedMoindsifitcaanticone toof aa VCEORNSIFOINGUoRf AaTSIOOFNTWITAERME PRODUCT, resulting in a new VERSION, requires software configuration
VERSION
Rmaenpalgaecmeetnht eacetixonis. ting text of Note 2 with the following
NidOeTnEtif1iedMoindsifitcaanticone toof aa VCEORNSIFOINGUoRf AaTSIOOFNTWITAERME PRODUCT, resulting in a new VERSION, requires software configuration
NmOanTaEg2emeBnatsaecdtioonn.ISO/IEC 12207:1995, definition 3.37.
NNOOTTEE 121  MBMaoosddeiiffdiiccaoatntioioInSntOoto/aIEvaCerV1sE2iRo2S0nI7Oo:Nf2 0o0f8ma,e4dS.i5Oc6Fa.TlWdAeRvEicePRsOoDfUtwCTa,rere su,ltriensguiltninag ineawneVwERvSeIrOsNio, nre, rqeuqirueirsessosoftfwtwaarereccoonnffiigguurration
mNOanTaEge2mmeeBnnattsaaeccdttiiooonnn..ISO/IEC 12207:1995, definition 3.37.
4 *��H General requirements
ANOdTdEth2 e BfoaslleoddwooinngIISSOne/IEEwCCd112e22f20i07n7:i1t:92io905n0,8sd,:e4fin.5it6io.n 3.37.
4 *��H General requirements
4.1 *��H Quality management system
34.35��*H General requirements
H4A.1ZARD��*H OQUuS aSlIiTtUyAmTIaOnNagement system
The MANUFACTURER of MEDICAL DEVICE SOFTWARE shall demonstrate the ability to provide MEDICAL
c4Di.Er1cVuICmE��s*H tQaSnOucFaeTliWtiynARmwEahnitcahhgaetpmeceoonpnltess,isytpsertnoetpmlyertymeoertsthecuesntovimroenrmerenqt uairreemeexnptsoseadndto aopnpelicoarblmeorreegulatory
HTAhZeARMDA(NSU) FACTURER of MEDICAL DEVICE SOFTWARE shall demonstrate the ability to provide MEDICAL
requirements.
DEVICE SOFTWARE that consistently meets customer requirements and applicable regulatory
The MANUFACTURER of MEDICAL DEVICE SOFTWARE shall demonstrate the ability to provide MEDICAL
requirements.
[DSEOVIUCRE CESO: FISTWOA1R4E97t1h:a2t00c7o, n2s.4is] tently meets customer requirements and applicable regulatory
requirements.

3.36

LEGACY SOFTWARE

MEDICAL DEVICE SOFTWARE which was legally placed on the market and is still marketed today
but for which there is insufficient objective evidence that it was developed in compliance with

the current version of this standard