BACK
Sample Pages RCGLOBAL


Sample pages of
Evidence Product Checklist
for
IEC 62304:2006
 Medical device software – Software life cycle processes

Introduction
life cycle processes such as “IEC 62304:2006” is often confusing and laborious because the directions contained in the guidelines are unclear or ambiguous. This checklist aids in determining what is actually “recommended” by the document in the way of physical evidence of compliance. This checklist is constructed around a classification scheme of physical evidence comprised of policies, procedures, plans, records, documents, audits, and reviews. There must be an accompanying record of some type when an audit or review has been accomplished. This record would define the findings of the review or audit and any corrective action to be taken.  For the sake of brevity this checklist does not call out a separate record for each review or audit.  All procedures should be reviewed but the checklist does not call out a review for each procedure, unless the standard calls out the procedure review.  In this checklist “manuals, reports, scripts and specifications” are included in the document category.

The author has carefully reviewed the document “IEC 62304:2006 Medical device software – Software life cycle processes" and defined the physical evidence recommended based upon this classification scheme. A second review of the complete list was conducted to ensure that the documents’ producers did not leave out a physical piece of evidence that a “reasonable person” would expect to find.  It could certainly be argued that if the document did not call it out then it is not recommended; however, if the document was used by an organization to improve its process, then it would make sense to recognize missing documents. Therefore, there are documents specified in this checklist that are implied by the standard, though not specifically called out in the document, and they are designated by an asterisk (*) throughout this checklist. These items are classified as suggested. If a document is called out more than one time, only the first reference is stipulated. If there are no new requirements or suggestions in a particular clause or sub-clause then the clause or sub-clause is omitted throughout sections 2-8.

There are occasional situations in which a procedure or document is not necessarily separate and could be contained within another document. For example, the “Data Base Requirements Document" could be a part of the Software Requirements Document". The author has called out these individual items separately to ensure that the organization does not overlook any facet of physical evidence. If the organization does not require a separate document, and an item can be a subset of another document or record, then this fact should be denoted in the detail section of the checklist for that item. This should be done in the form of a statement reflecting that the information for this document may be found in section XX of Document XYZ. If the organizational requirements do not call for this physical evidence for a particular project, this should also be denoted with a statement reflecting that this physical evidence is not recommended and why. The reasons for the evidence not being recommended should be clearly presented in this statement. Further details on this step are provided in the Detail Steps section of the introduction. The size of these documents could vary from paragraphs to volumes depending upon the size and complexity of the project or business requirements.

This “IEC 62304:2006” Information Technology - Medical Device Software - Sofrware Life Cycle Processes Checklist was prepared by analyzing each clause of this document for the key words that signify a:

  • Procedure
  • Plan
  • Records
  • Document (including Lists, Manuals, Reports, Scripts and Specifications)
  • Audit
  • Review

This checklist specifies evidence that is unique. After reviewing the completed document, the second review was conducted from a common sense “reasonable man” approach.  If a document or other piece of evidence appeared to be recommended, but was not called out in the document, then it is added with an asterisk (*) after its notation in the checklist. The information was transferred into checklist tables, based on the type of product or evidence.  

Using the Checklist
When a company is planning to use IEC 62304:2006 Information technology Medical device software – Software life cycle processes” standard, the company should review the evidence checklist. If the company’s present process does not address an IEC 62304:2006 product, then this question should be asked: Is the evidence product recommended for the type of business of the company? If in the view of the company the evidence is not recommended, the rationale should be documented and inserted in the checklist and quality manual. This rationale should pass “the reasonable person rule.” If the evidence is recommended, plans should be prepared to address the missing item(s).

 Detail Steps
An organization should compare the proposed output of their organization against the checklist. In doing this, they will find one of five conditions that exist for each item listed in the checklist. The following five conditions and the actions required by these conditions are listed in the table below.
Condition
Action Required
1. The title of the documented evidence specified by the checklist (document, plan, etc) agrees with the title of the evidence being planned by the organization. Record in checklist that the organization is compliant.
 2. The title of the documented evidence specified by the checklist (document, etc) disagrees with the title of the evidence planned by the organization but the content is the same.   Record in the checklist the evidence title the organization uses and record that the organization is compliant, and the evidence is the same although the title is different. 
3. The title of the documented evidence specified by the checklist (document, etc) is combined with another piece of evidence.  Record in the checklist the title of the evidence (document, etc) in which this information is contained.
4. The title of the documented evidence specified by the checklist (document, etc) is not planned by the organization because it is not required. Record in the checklist that the evidence is not required and the rationale for this decision.
5. The title of the documented evidence called out by the checklist (document, etc) is not planned by the organization and should be planned by it. Record in the checklist when this evidence will be planned and reference a plan for accomplishing the task. 

 

Components of the Checklist 
This checklist is composed of 9 sections:
  • Section 1: Introduction
  • Section 2: Composites of all required and suggested “IEC 62304:2006 Medical Device Software - Software Life Cycle Processes'" evidence products. 
  • Sections 3-8: Individual checklists for each evidence type.
  • Section 9: “About the Authors”
Product Support 
All reasonable questions concerning this checklist or its use will be addressed free of charge for 60 days from time of purchase, up to a maximum of 4 hours consultation time

Warranties and Liability
Software Engineering Process Technology (SEPT) makes no warranties implied or stated with respect to this checklist, and it is provided on an “as is” basis.  SEPT will have no liability for any indirect, incidental, special or consequential damages or any loss of revenue or profits arising under, or with respect to the use of this document.

 
IEC 62304:2006
CLAUSE NUMBER and SOFTWARE SAFETY CONDITIONS
POLICIES and PROCEDURES
PLANS
RECORDS
DOCUMENTS
AUDITS and REVIEWS
4.0 General requirements                                             
4.1 Quality management system Class A, B, C
  • ISO 13485 Requirements or Equivalent for Procedures

  • ISO 13485 Requirements or Equivalent for Plans
  • ISO 13485 Requirements or Equivalent for Records
  • ISO 13485 Requirements or Equivalent for Documents
  • ISO 13485 Requirements or Equivalent for Audits
  • ISO 13485 Requirements or Equivalent for Reviews
4.2 Risk Management Class A, B, C
  • ISO 14971 Requirements  for Procedures
  • ISO 14971 Requirements  for Plans
  • ISO 14971 Requirements  for Records
  • ISO 14971 Requirements  for Documents
  • ISO 14971 Requirements  for Audits*
  • ISO 14971 Requirements  for Reviews*

4.3 Software safety classification Class A, B, C
  • Assignment of Software Safety Class Procedure
  • Risk Management File Document Procedure*
  • Software Safety Class Document Procedure*
   
  • Software Safety Class Records*
  • Risk Management File Document
  • Software Safety Class Docume
  • Risk Management File Document Review*
  • Software Safety Class Document Review*
  • Software Safety Class Records Review*
5.0 Software development process                                                        
5.1 Software development planning                                                            
5.1.1 I Software development plan Class A, B, C
  • Software Development Plan Procedure*
  • System Development Plan Procedure*
  • Software Development Plan
  • System Development Plan*
      
  • Software Development Plan Review*
  • System Development Plan Review*
5.1.2 Keep software development plan updated Class A, B, C                            
  • Software Development Plan Update Records
              
  • Software Plan Update Records Review*
5.1.3 Software development plan reference to system design and development Class A, B, C
  • Design and Development Validation Procedure
  • Software Development Coordination Procedure
  • System Requirements Document Procedure*
            
  • System Requirements Document
  • System Requirements Document Review*
5.1.4 Software development standards, methods and tools planning Class C
  • Software Development Standards, Methods and Tools Plan Procedure*
  • Software Development Standards, Methods and Tools Plan
            
  • Software Development Standards, Methods and Tools Plan Review*
5.1.5 Software integration and integration testing planning Class B, C
  • Software Integration (Including SOUP) Plan Procedure*
  • Software Integration Test Plan Procedure*
  • Software Integration (Including SOUP) Plan
  • Software Integration Test Plan
            
  • Software Integration (Including SOUP) Plan Review*
  • Software Integration Test Plan Review*
5.1.6 Software verification planning Class A, B, C
  • Software Verification Plan Procedure*
  • Software Verification Plan
            
  • Software Verification Plan Review*
5.1.7 Software risk management planning Class A, B, C
  • Software Risk Management Plan Procedure*
  • Software Risk Management Plan
            
  • Software Risk Management Plan Review*
5.1.8 Documentation planning Class A, B, C
  • Software Documentation Plan Procedure*
  • Software Documentation Plan
            
  • Software Documentation Plan Review*
5.1.9 Software configuration management planning Class A, B, C
  • Software Configuration Management Plan Procedure*
  • Software Configuration Management Plan
            
  • Software Configuration Management Plan Review*
5.1.10 Supporting items to be controlled Class B, C
  • Support Item Document Procedure*
            
  • Support Item Document
  • Support Item Document Review*
5.1.11 Software configured item control before verification Class B, C                        
  • Configuration Items Under Document Control Prior to Verification Records
      
  • Configuration Items Under Document Control Prior to Verification Records Review*
5.2 Software requirements analysis                              
5.2.1 Define and document software requirements from system requirements Class A, B, C
  • Software Requirements Document Procedure*
            
  • Software Requirements Document
  • Software Requirements Document Review*

 

© 2004. Software Engineering Process Technology. All rights reserved.