Software in Medical Devices, a blog by MD101 Consulting

To content | To menu | To search

Wait, but what of harmonized standards?

While the FDA continues to update periodically and reliably the list of recognized standards (last update in August 2017), the European Commission hasn't updated the list of harmonized standards since may 2016.

FDA recognized standards

The update of FDA recognized standards in August 2017 brought to the looong list of standards:

  • ANSI UL 2900-1 on cybersecurity (will be analyzed in a further post),
  • IEC 82304-1 on health software,

to say the least, just focusing on software as a medical device.
We can also check and verify on the FDA database of recognized standards that IEC 62304 amendment 1 2015 was recognized in April 2016, and IEC 62366-1 2015 was recognized in June 2016.

EU harmonized standards

On the other side of the Atlantic Ocean, things are less ... clear.
While standards published by the ISO, IEC or other international organizations continue to evolve, the list of harmonized standards still references "old" standards:

  • For software: IEC 62304:2006, no 62304 2015 or 82304 in sight,
  • For usability: IEC 62366:2008, no 2015 in sight,
  • For general standards ISO 13485:2012 (doh!),
  • Fortunately ISO 14971 hasn't evolved yet (phew!),
  • For embedded software, old versions of IEC 60601-1-x, and IEC 60601-2-x collateral still referencing IEC 60601-1 2nd version,

to say the least.
I heard that more than a hundred of standards wait for being harmonized (this sounds likely, but I don't have the source and hope I'm not spreading fake news).
The current list is getting older and older. The toughest element is that all manufacturers are switching or have already switched to ISO 13485:2016.

Hey, European Commission, this list passed its expiry date! What do we do now?

Recommendations of Notified Bodies

Fortunately (or strangely, or ironically, or ... choose your positive or negative adverb), Notified Bodies have the solution:

Disregard the current list of harmonized standards and consider the last versions of standards as state-of-the-art.

This recommendation was given by two different notified bodies to manufacturers I work with.

So, still focusing on standalone software, you can apply the following standards:

  • IEC 62304 Amd1:2015,
  • IEC 62366-1:2015,
  • and even IEC 82304-1:2016.

For embedded software, I can't imagine the confusion caused by the application of the latest versions not present in the list of harmonized standards. It's a very good idea to consult your notified body before applying the latest versions of the IEC 60601-x-y family.

Now, what?

Now, IEC 62304:2006 is getting old,
Now, ISO 13485:2003 is withdrawn,
Now, the new regulations 2017/745 and 2017/746 are there,
Now, the European Commission should do their homework.

Add a comment

Comments can be formatted using a simple wiki syntax.

They posted on the same topic

Trackback URL :

This post's comments feed