Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

IMDRF consultation: Software as a Medical Device

After MHRA's guidance on standalone software, we continue with another official document published by the International Medical Device Regulators Forum (IMDRF): the consultation on software as a medical device: Possible Framework for Risk Categorization and Corresponding Controls.

A consultation

This is a consultation, thus this document is just the draft version of a future guidance that is left open to anybody for comments by may 31th 2014. We can expect in the coming months a new version of this document.
There is no fixed schedule of releases, hence the working group is waiting for the results of the comments phase to decide what to do next.

Four software classes

The major innovation of this document is to introduce four risk-based types based on the levels of impact (quote from the document):

  • Very High Impact
  • High Impact
  • Medium Impact
  • Low Impact

This is clearly new compared to existing software categorizations, with three levels found in IEC 62034 (Class A, B, and C) as well as in FDA level of concern (major, moderate, and minor).
Choosing to categorize software in four classes is consistent with the general classification of medical devices (and in vitro diagnosis) defined by the GHTF (the "father" of IMDRF), which defines four classes as well.


Another innovation, and probably the best one of this document, is to introduce a set of rules to define into which category a software falls. This set of rules is based on the types functionalities found in standalone software.

IEC 62304 is based on risk assessment, and FDA level of concern (LoC) is bound to its medical device classification.
IMDRF categories are based on the patient condition in which software is used, or the effect of software on patient. Unlike IEC 62304 classes or FDA LoC, these categories are not based on software risks on patient.

So, we rely more on the intended use and less on the risk assessment to define the software category. This is really handy.
Worth reading it!

How to branch to the existing standards and regulations

Of course, the question coming to everybody's lips is: how do we map IMDRF classes with existing - and official - regulations and standards?
The IMDRF tries to give an answer by introducing a relationship between the four classes and the kind of "controls" that a manufacturer has to do to mitigate risks to an acceptable level. Basically, these controls are risk management, clinical assessment, and:

  • Very High Impact = IEC 62304 class C
  • High Impact = IEC 62304 class B
  • Medium Impact = IEC 62304 class A
  • Low Impact = IEC 62304 class A

There is however no difference of control between medium and low impact.
Perhaps we have to wait for further versions of this document to have more information about the differences between medium impact and low impact categories.

All in all, this document is very innovative and brings a new way to categorize standalone software. It is however not complete and we can expect changes to make it more articulate in the next versions.

Add a comment

Comments can be formatted using a simple wiki syntax.

This post's comments feed