How Does IEC 62304 Apply to Tools Like SpiraPlan?

The IEC 62304 species the Software Development Lifecycle (SDLC) requirements and processes for developing software used in/on medical devices. The IEC 62304 standard covers the following three areas:

  • Quality management system
  • Risk management
  • Software safety classification

Quality Management System

A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction (ISO9001:2015). It is expressed as the organizational goals and aspirations, policies, processes, documented information and resources needed to implement and maintain it.

The primary component of the IEC 62304 standard that relates to SpiraPlan  is this Quality Management System part, which is based on the two harmonized standards: ISO 9001:2015 and/or ISO 13485.

SpiraPlan and Inflectra is annually audited independently by USDM Life Sciences, and Inflectra & SpiraPlan is audited to the following standards:

  • 21 CFR Part 11
  • Eudralex Volume 4, Part I & II
  • ISO 9001:2015 (harmonized with ISO 13485)
  • ISO 27001:2013
  • FDA Guidance on Data Integrity
  • National Institute of Standards and Technology (NIST)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA) 1996

Risk Management

Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.  Risk management in this context consists of the following aspects:

  • Analysis of software contributing to hazardous situations
  • Risk control measures
  • Verification of risk control measures
  • Risk management of software changes
  • Security and reliability through software quality

SpiraPlan includes an integrated risk management module which can be used to manage clinical risks to meet those aspects, and can be configured in accordance with the standards outlined in ISO 14971.

Software safety classification

The software safety classification is based on potential for hazard(s) that could cause injury to the user or patient. SpiraPlan is not a system that can directly affect patient safety (Class A: No injury or damage to health is possible) so it does not apply.