Looking beyond ISO 13485: regulations for the SaMD

Pictured is a tablet with software to analyze medical images. The tablet shows a scan from medical imaging. The photo was used as the cover of a post on the regulations of software as a medical device.

Table of contents

1. Regulations for software as a medical device – (very)shortlist
2. Standard for software life cycle processes
3. Quality and risk management in regulations for software as a medical device
4. We go further than the regulations for software as a medical device
5. The holistic approach to SaMD regulatory requirements – conclusion

In medical devices, adhering to strict standards is not only a best practice. This is also a legal and ethical necessity. Compliance with regulations for software as a medical device is an absolute must-have.

It is the responsibility of suppliers to ensure that their devices are safe, effective, and compliant with regulatory requirements.

Among the many standards that govern the industry, ISO 13485 is a cornerstone. However, it is important to note that ISO 13485 is not the only standard that should be given attention.

Regulations for software as a medical device – (very)shortlist

It is important to note that ISO 13485 is not the only standard that needs to be considered when developing software as a medical device.

The topic is very wide, so in this post, we will discuss the first part of the regulations for software as a medical device development. We will cover other important issues related to the medical device industry standards and regulations in subsequent parts of this series. We start with three top standards:

  • IEC 62304, Medical device software: software life cycle processes
  • ISO 14971, Application of risk management
  • ISO 9001, framework for quality management

Standard for software life cycle processes

The IEC 62304 (Software life cycle processes) outlines the necessary steps and procedures for the development and maintenance of software in medical devices. Let’s add that throughout its lifecycle.

This standard is relevant not only when the software itself is a medical device. But also when it is an embedded or essential component of the final medical device. It includes a set of processes, activities, and tasks that must be followed to ensure compliance with the requirements.

Compliance with the IEC 62304 standard, which, as you can see, falls within the spectrum of regulations for software as a medical device, protects patients from the risks associated with the design, development, testing, maintenance and decommissioning of software. Better quality of a medical device in many of its aspects also means a higher level of patient safety. [1]

Quality and risk management in regulations for software as a medical device

The standard ISO 14971 (Application of risk management to medical devices) deals with managing risks associated with medical devices. Its main goal is to recognize, assess, and lessen risks related to medical devices during all stages of their existence.

Following this, manufacturers must carry out thorough risk evaluations to ensure their products are safe and effective. ISO 14971 has a close relationship with ISO 13485, which emphasizes the importance of integrating risk management with a quality management system.

To summarize. Both ISO 13485 and ISO 14971 are closely related. They address important areas of quality and risk management in the medical device industry. The main objective of ISO 13485 is to establish and maintain a quality management system (QMS) that is specific to medical devices. ISO 14971, on the other hand, focuses on managing the risks associated with medical devices. [2]

We go further than the regulations for software as a medical device

ISO 9001 offers a general framework for quality management that can be used alongside ISO 13485 requirements. This quality management system isn’t exclusive to the medical device industry but rather serves as a complement to ISO 13485 requirements. Organizations have decided to implement both standards simultaneously to improve their overall quality processes.

Using ISO 9001 is not a mandatory issue in regulations for software as a medical device. So we may ask why we should use it at all. The answer is quite simple. According to the American Society for Quality (ASQ) incorporating ISO 9001 into a company’s system provides them to reassure their clients that they offer high-quality service. By adhering to the requirements you can establish an efficient QMS and consistently enhance your processes. [3]

The holistic approach to SaMD regulatory requirements – conclusion

ISO 13485 is an important component of medical device standards and serves as a basis for quality management. To comply with regulations for software as a medical device development and manage risks, suppliers need to take a comprehensive approach to standards compliance. To succeed in the medical device industry, companies must consider additional standards such as ISO 14971, IEC 62304, or ISO 9001.

In summary, while ISO 13485 is crucial, it is only one aspect of the bigger picture. By adopting a holistic approach that encompasses the broader quality landscape, medical device manufacturers can achieve the highest levels of quality and safety for their products.

References:

[1] https://www.iso.org/obp/ui/en/#iso:std:iec:62304:ed-1:v1:en

[2] https://www.iso.org/obp/ui/en/#iso:std:iso:14971:ed-3:v1:en

[3] The American Society for Quality (ASQ): https://asq.org/

Accessibility by WAH