To content | To menu | To search
Explanations on standards, howto's
My own experience on implementation of standards
Friday, 4 October 2024
By Mitch on Friday, 4 October 2024, 14:00
A new standard is being drafted by the IEC. Its ID will be IEC 81001-5-2 and title: Health software and health IT systems safety, effectiveness and security – Part 5-2: Security Risk Management for Manufacturers.
Friday, 23 February 2024
By Mitch on Friday, 23 February 2024, 14:21
IEC 81001-5-1 is now the standard for cybersecurity in medical devices. But is this standard asking too much for?
Friday, 8 September 2023
By Mitch on Friday, 8 September 2023, 14:30
A new standard on security risk management for medical devices was published early 2023: AAMI SW96. Unlike AAMI TIR57 and TIR97, this is a standard, not a technical report.
Monday, 20 February 2023
By Mitch on Monday, 20 February 2023, 13:56
These three concepts come from IEC 62443 and were adopted in IEC 80001-5-1. SOUP isn't present in IEC 81001-5-1.
What are the differences between SOUP and Maintained software, Supported software, and Required software?
Friday, 8 July 2022
By Mitch on Friday, 8 July 2022, 13:52
The 6th June 2022, a draft request has been published to update the list of EU MDR/IVDR harmonized standards. This request brings changes to the list presented in the draft list of April 2021.
Thursday, 13 January 2022
By Mitch on Thursday, 13 January 2022, 13:54
IEC 81001-5-1 was published in December 2021. We already talked about the draft version here. Combined with IEC/TR 60601-4-5, published in February 2021, these two standards constitute the state of the art in cybersecurity of medical devices in Europe.
The final version is very close to the draft version, apart from a few changes to the organizational requirements; formerly clause 10 present in the draft, but removed and copied to clause 4 in the final version.
Be prepared to apply these two standards for your MDR CE Mark submissions, when they are harmonized. Most probably by 2024.
Friday, 9 July 2021
By Mitch on Friday, 9 July 2021, 13:37
The draft list of harmonized standards for the MDR regulation was published in May 2021. In this document, we find the references to the following cybersecurity standards:
Friday, 19 February 2021
By Mitch on Friday, 19 February 2021, 13:43
That's a déjà-vu. The second version of IEC 62304 is still in draft. It has been in this state for five years, since the publication of the amendment 1. We already had a draft version in 2019. A new draft version is, again, in public review (or has been in public review in your country) under the name IEC CDV 62304:2021. Go to the website of your national standardization organization, to see if you can still download it for free!
Friday, 22 November 2019
By Mitch on Friday, 22 November 2019, 14:16
The second version of IEC 62304 is still in draft. It has been is this state for almost five years, since the publication of the amendment 1. It is now in public review (or has been in public review in your country) under the name IEC 62304:2019 CDV. Go to the website of your national standardization organization, to see if you can still download it for free!
Friday, 16 August 2019
By Mitch on Friday, 16 August 2019, 13:44
We continue this series of articles on cybersecurity with a free and non-exhaustive review of UL 2900-1 standard.
What is UL 2900-1? This standard was published in 2017 by Underwriters Laboratory (UL). It contains technical requirements on cybersecurity for network connectable products. A collateral UL 2900-2-1 focuses on connectable healthcare and wellness systems. UL 2900-1 and UL 2900-2-1 are FDA recognized standards. Thus, applicable to medical devices.
Wednesday, 20 September 2017
By Mitch on Wednesday, 20 September 2017, 17:48
A reader of the post on IEC 62304 Amd1 2015 noticed in the comments that the sentence in section 4.3.a was removed:
If the HAZARD could arise from a failure of the SOFTWARE SYSTEM to behave as specified, the probability of such failure shall be assumed to be 100 percent.
Don't be too quick to scratch the 100 percent thing!
The dreadful 100 percent is still present in the informative Annex B.4.3.
Even if it is no more in the normative part, you shall continue to bear in mind this assumption when assessing software risks. The underlying concept is that it's not possible to assess probability of software failure, thus the worst case shall be considered.
This is the state-of-the-art, present in ISO 14971, in IEC 80002-1, in IEC 62304, and in the FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.
100% probability is not dead!
By Mitch on Wednesday, 20 September 2017, 14:18
While the FDA continues to update periodically and reliably the list of recognized standards (last update in August 2017), the European Commission hasn't updated the list of harmonized standards since may 2016.
Tuesday, 16 May 2017
By Mitch on Tuesday, 16 May 2017, 21:53
After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.
Tuesday, 1 November 2016
By Mitch on Tuesday, 1 November 2016, 21:09
IEC 82304-1:2016, the missing link on standalone medical device software validation has been published!
See the official version on IEC webstore, and comments made on the FDIS (the final version shouldn't have changed).
Now we wait for the FDA to recognize it and the EU to harmonize it!
Friday, 10 June 2016
By Mitch on Friday, 10 June 2016, 13:56
ISO/TR 80002-2 is the future technical report on the validation of software used in regulated processed. The last version of this document, a Draft Technical Report (ISO/DTR 80002-2:2016), was released to the members of the standard committee for comments in May 2016.
This document is still a draft and is to be released by the end of 2016 or early 2017. There are high expectations on this document, since the introduction of requirements on validation of software used in the QMS in section 4.1.6 of ISO 13485:2016.
Friday, 6 May 2016
By Mitch on Friday, 6 May 2016, 13:33
Almost four years since I wrote in 2012 the post Is my software in class A, B or C?.
In 2015, IEC 62304 Amendment 1 was published, changing a bit the game about software safety class.
Friday, 8 April 2016
By Mitch on Friday, 8 April 2016, 14:25
Continuing our series about IEC 82304-1, let's see the consequences of this standard on agile software development processes.
Friday, 11 March 2016
By Mitch on Friday, 11 March 2016, 14:53
We had in a previous article an overview of IEC 82304-1 Health software -- Part 1: General requirements for product safety, its scope and its relationships with other standards like IEC 62304.
This article presents more in details (but not too much, we're not going to rephrase the standard) the requirements of IEC 82304-1.
Friday, 15 January 2016
By Mitch on Friday, 15 January 2016, 14:30
IEC 82304-1 Health software -- Part 1: General requirements for product safety standard is still under development. Its status is visible on the page of ISO website, dedicated to IEC 82304-1. There is even a preview of the first three pages of this draft standard.
Wednesday, 23 September 2015
By Mitch on Wednesday, 23 September 2015, 09:57
Long time no see. For those of you guys who have been following this blog for a long time.
Today I have time to write a short article on the new version of IEC 62366 standard: IEC 62366-1:2105 Application of usability engineering to medical devices.
« previous entries - page 1 of 3
