Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

ISO and IEC standards for software in medical devices in a nutshell

Here is a short description of ISO and IEC standards related to software and medical devices.

The starting point is legal. Government agencies give the authorizations to manufacturers to sell their devices. These agencies rely on standards to ensure that the device was designed and manufactured in a good and safe way. Given these regulations, private companies have to adhere to these standards. Full stop.
Let's see what these standards are.

General standards

Two ISO standards are of high importance for software medical devices: ISO 13485 and ISO 14971. They can be seen as the topmost standards for medical devices. They are very generic and apply to every medical device, from the simplest plaster to the most complex surgeon robot. As they are so generic, they don’t give a clue about software. Other standards do.

Specific standards

The main standard about software in medical devices is: IEC 62304. It deals with the software lifecycle, i.e. almost everything about what software engineers do. Two other standards apply to software, although they are not limited to it: IEC 60601-1 adds requirements mainly about network, software interfaces and hardware, and IEC 62366 adds requirements about ergonomics.

IEC 62304 is THE standard for software in medical devices. Perhaps you have already seen this graph, which shows the relationships of IEC 62304 with other standards:

see source: Developing Medical Device Software to IEC 62304

If you are someone from quality assurance who knows ISO 13485 and ISO 14971, and you read IEC 62304, you will be lost at first. On the contrary, if you are someone from computer science who knows what software lifecycle is, and you read IEC 62304, you won’t feel comfortable with a few paragraphs about concepts you haven’t seen before.

IEC 62304 requires the knowledge of two worlds: the computer science industry, where people don’t give a clue of CAPA, vigilance and so on, and the medical device industry, where people consider software as a very convenient thing but don’t want to know how it is done.

Please, don’t get offended if you belong to one of these people, I caricature the situation! No medical device with software would work or would be certified if nobody had made the step to understand others’ job.

IEC 60601-1 is a standard about electrical medical devices. Medical devices with software are included in this category, as chips containing the software are powered by electricity. They are called PEMS for “Programmable Electrical Medical Devices”. Only section 14 of the standard deals with software. It is fortunately a very small part of this standard, which contains tons of instructions. Section 14 gives requirements about hardware and software interfaces, especially network interfaces. In the past, when IEC 62304 didn’t exist, only IEC 60601-1 dealt with software. But as software became more prominent in PEMS, it was decided to add a standard only about software. It makes sense: software development is a very different way of doing things compared to other industries. There are often a lot of requirements to implement in conception (sometimes thousands) and there is no production (I mean manufacturing).

IEC 62366 is about ergonomics and the interaction of the user with the device. Ergonomics shall be considered for every medical device (it is a “cousin” of ISO 60601-1-6, another standard for electrical devices). Implementing this standard for software requires the same method as other devices. The good practice of software industry is to keep track of ergonomics requirements with traceability matrixes between ergonomics and software conception documents, as for other software requirements.


To have a global view of medical devices with software, people should know 5 standards: ISO 13485 and ISO 14971 on one side, IEC 62304, ISO 60601-1 and IEC 62366, on the other side.

The table below summarises the standards around software for medical devices and the responsibilities of people, from the point of view of a software project manager.

Standard What is it about?

Who shall master it?

Who shall know it?
ISO 13485 Quality System for medical devices industry

Quality Manager.

Software project manager,
parts about conception, CAPA,
change control …

ISO 14971 Risk Management for medical devices

Quality Manager.

Software project manager
IEC 62304 Software lifecycle for medical devices

Software project manager.

Quality Manager
IEC 62366 Usability in medical devices

Software project manager.

Quality Manager
IEC 60601-1 Programmable electric medical devices

Software project manager
(for section 14)

Quality Manager

The good implementation of all the quality system is always the responsibility of the direction. The Quality Manager’s role is to ensure that all standards are well applied by people who should know them. What I want to put in emphasis is the fact that is it the software project manager’s role to implement the three standards about software, with the help of the quality manager. The quality manager has a broader view of the device, in its conception (non software parts) and in its lifecycle (other phases of the life of the medical device).

As a conclusion, if you do software, begin with IEC 62304, that's your most important standard. Continue with ISO 13485 and ISO 14971, with explanations of your quality manager, who knows how to deal with them better than anyone in your company. When you're comfortable with IEC 62304, continue with IEC 60601-1 section 14 and finish with IEC 62366. If you're quality manager, take the help of a software project manager to explain you what's at stakes inside IEC 62304 and other standards. Your main goal remains, of course, managing the two ISO standards at the company level.


1. On Wednesday 8 August 2012, 08:41 by Joseph Copty

Where is the like button?
Thanks Mitch for this post. I wish I read this a few weeks ago :)
As a software engineer some quality management stuff can be tricky.

2. On Monday 29 October 2012, 17:46 by Nicolas S.

Good introduction to the different standards !
Especially when you're not familiar with lots of medical validation competences.

Keep it that way Mitch,


3. On Wednesday 13 February 2013, 06:32 by Subramanya HR

It is very useful for software engineers who working in medical devices field.
From this software engineers come to know what is use of documentation like specific requirements, design doc etc etc.
Instead of blindly doing the documentation first we should know the reason behind this

4. On Thursday 4 April 2013, 15:32 by Jaya

Excellent work Cyrille (Mitch).
Thanks and Keep it up.Its very much useful for them who wondering around all these standards.


5. On Wednesday 13 September 2017, 21:15 by Syed

Thanks very simplified

Add a comment

Comments can be formatted using a simple wiki syntax.

This post's comments feed