Slide 1


Software quality for medical devices

IEC 62304 

IEC 62304:2006 is a functional safety standard for medical device software life-cycle processes. Depending on the varying levels of risk and safety requirements of a system, IEC 62304 has three software safety classes: Class A, Class B, and Class C. Class C is assigned to software systems where death or serious injury is possible.

Compliance with IEC 62304 satisfies the essential requirements contained in the Medical Devices Directive 93/42/EEC (MDD) with amendment M5 (2007/47/EC) related to software development in the European Union. In the United States, the FDA accepts ANSI/AAMI/IEC 62304 as evidence that medical device software has been designed to an acceptable standard and covers regulatory processes such as 510(k), IDE, PMA, HDE, and Software Validation (FDA Recognition List Number: 020, Publication Date: 09/09/2008).

The relationship of IEC 62304 to other standards is documented in Annex C. « Readers of the standard are encouraged to use IEC 61508 as a source for good software methods, techniques, and tools while recognizing that other approaches, both present and future, can provide equally good results. »

Medical device software validation that satisfies IEC 62304

Organizations looking to comply with IEC 62304, a standard for medical device software, should take the following steps:

  1. Categorize the software application into Class A, B, or C based on the level of risk involved. Class C software requires more rigorous testing.
  2. Improve code safety, security, and reliability, and speed up compliance with IEC 62304 by automating static analysis and unit testing. To achieve this, use a certified testing tool for developing safety-critical systems.
  3. Ensure traceability between software requirements and test cases by establishing bidirectional integration between ALM and test automation solutions.

Organizations can speed up their compliance with IEC 62304 by using QA Systems certified tools: QA-MISRA and Cantata, which have been approved by TÜV SÜD for developing safety-critical systems. These tools not only facilitate the verification process by generating all the required reports and documentation for demonstrating compliance but also reduce costs and time-to-market as a consequence of automating the software development process.

Tool Certification & Qualification

QA Systems’ dynamic testing tool, Cantata, has received certification from SGS-TÜV GmbH, an independent third-party certification body for functional safety that is accredited by Deutsche Akkreditierungsstelle GmbH (DAkkS). Cantata is classified as a Tool Confidence Level (TCL) 1 tool and can be used for developing safety-related software up to SW Safety Class C according to IEC 62304:2006.

For our static analysis tool, QA-MISRA, our Qualification Support Kit (QSK) automatically executes a full tool qualification verification test suite on the installed tool configuration and generates the necessary reports for IEC 62304 tool qualification.

We offer these tool kits to make it easier for our customers to achieve certification. They contain everything needed to prove that Cantata and QA-MISRA meet the required confidence level for the use of software tools under IEC 62304 recommendations. They also provide comprehensive and detailed guidance on how to use the tools to comply with the required software verification activities of IEC 62304.

Contact us for more information about these tool kits and how they can help you achieve compliance with IEC 62304.

Cantata Certificate

QA MISRA 22.04 SGS TUV Certificate

QA-MISRA Certificate

Software Testing for IEC 62304 Compliance

Cantata allows developers to automate unit and integration testing and verify IEC 62304 compliant code on host native and embedded target platforms.

By automating test framework and test case generation, test execution, and results diagnostics and report generation, Cantata helps accelerate compliance with the IEC 62304 software testing requirements.

The IEC 62304 software testing recommendations by Class and how these are supported by Cantata are summarised in our White Paper “Cantata Standard Briefing IEC 62304:2006”.

Contact us to learn more about how Cantata can support your compliance efforts.

Static Analysis for IEC 62304 Compliance

Coding standards are a crucial component of software acceptance criteria under the IEC 62304 standard. According to the guidance in Annex B.5.5, coding standards are used to specify a preferred coding style to consistently achieve desirable code characteristics. These standards can cover aspects such as understandability, language usage rules or restrictions, and complexity management. By using static analysis with QA-MISRA, compliance with coding standards can be enforced with significantly less manual effort.

To learn more about the IEC 62304 static analysis recommendations by Safety Class and how QA-MISRA and Astrée support them, please refer to our “QA-MISRA Safety Manual”

Contact us to learn more about how Cantata can support your compliance efforts.