The certification of Medical Device software in accordance with the criteria of the IEC 62304 standard covers both stand-alone software and software embedded into a Medical Device. Clients wishing to become certified in accordance with the IEC 62304 standard must hold a valid TÜV SÜD certificate in accordance with ISO 13485. If assessment is completed with a positive result, the client obtains a certificate and can use the respective TÜV SÜD certification mark on its software in the future.
The service covers review of quality management system documentation and product-specific life-cycle documentation in accordance with the IEC 62304 standard. The basis of assessment is the software life-cycle documentation in accordance with the IEC 62304 standard, building on a quality management system in accordance with ISO 13485.
In the EU, the requirements of ISO 13485 have been harmonised with the essential requirements of the EU’s Medical Device Directive (93/42/EEC), the Directive for In Vitro Diagnostic Medical Devices (98/79/EC) and the Directive for Active Implantable Medical Devices (90/385/EEC). Certification to ISO 13485 by an accredited certification body provides a presumption of conformity with the essential requirements of these important directives. In the U.S., the Food and Drug Administration (FDA) permits device manufacturers to submit ISO 13485 audit reports as a substitute of the evidence of compliance with its quality systems regulations (QSR). Health Canada also requires medical device manufacturers marketing their products in Canada to have their quality management system certified to ISO 13485.
Initial certification of a product requires review of the quality management system documentation in accordance with the IEC 62304 standard, and assessment of life-cycle documentation of the relevant software product (stand-alone software or embedded software).
Clients can use a change report form to notify the certification body of software changes. Following a change review, the number of the software revision is updated on the certificate. Minor bug fixes that do not result in a change in use or a change in the accompanying documentation need not be reported, and thus should not be identified in the revision number on the certificate.
Recertification of IEC 62304 will be combined with the ISO 13485 recertification in most cases. During recertification of IEC 62304 all relevant changes to the software lifecycle processes will be reviewed as well as all changes to the software which is covered by the IEC 62304 certificate(s).
The validity of an IEC 62304 certificate depends on the validity of the assigned ISO 13485 certificate issued by TÜV SÜD, and is thus set at a maximum of three years.
The TÜV SÜD octagon
As well as holding the certificate, the software manufacturer is authorized to affix the respective TÜV SÜD octagon to its software product. The software manufacturer may use the TÜV SÜD octagon on the product itself and in the product documentation and – in the case of stand-alone software – may integrate the octagon into the on-screen display.