In this article we will go through the requirements associated to Software Architecture according to IEC 62304:2006/AMD-1:2015. The IEC 62304 is the standard that described the documentation associated to life cycle development for medical device software, either software as medical device (SaMD) or software in medical device (SiMD). We hale already been discussing in general about the IEC 62304 and the related requirements; in this article we will discuss in details about a specific section of the 62304, that is the one related to the requirements associated to Software Architecture.
Software Architecture Requirements
The IEC 62304 requires that software requirements are transformed in an architecture. Moreover, the architecture shall include a description of the interfaces between the different parts of hardware and software: this is valid if the classification of the software is class B or C.
IEC 62304 divides the architecture requirement into six sub-requirements:
- Transform software requirements into an architecture
- Develop an architecture for the interfaces of software items
- Specify functional and performance requirements of SOUP item
- Specify system hardware and software required by SOUP item
- Identify segregation necessary for Risk Controls
- Verify software architecture
Transform software requirements into an architecture
The description of the software architecture can be based on the ISO 42010, “Systems and software engineering — Architecture description”.
It is important to provide a general description of the architecture, taking in consideration the Software Requirements and the Risk Analysis. The SW architecture shall be implemented to meet the requirements and the hazard mitigations included in the requirements documentation.
The software architectural design activity requires the manufacturer to define the major structural components of the software, their externally visible properties, and the relationships between them. Any software component behavior that can affect other components should be described in the software architecture, such that all software requirements can be implemented by the specified software items.
Develop an architecture for the interfaces of software items
It is necessary to describe, in the Software Architecture documents, the list of SW items that are composing a specific SW systems and their related interactions.
There are different ways to describe the interaction between different SW components; one of them it is called UML. UML stands for Unified Modeling Language. It is a specific pictorial language used to make software blueprints. UML was created by Object Management Group (OMG). It serves as a standard for software requirement analysis and design documents which are the basis for developing a software.
UML can be described as a general purpose visual modeling language to visualize, specify, construct, and document a software system. The elements are like components which can be associated in different ways to make a complete UML picture, which is known as a diagram. There are two broad categories of diagrams and they are further divided into sub-categories i.e. Structural Diagrams and Behavioral Diagrams.
Specify functional and performance requirements of SOUP item
IEC 62304 requires that software architecture shall contain functional and performance specifications of SOUP items. SOUP are software of unknown provenance, or in other words, third party software. Outside the architecture requirements, the IEC 62304 requires also that SOUP items need to be identified. Information such as vendors and version numbers have to be documented. This is required software systems having a software safety classification class B or C.
Specify system hardware and software required by SOUP item
Hardware related environments of SOUP items are obligatory for software safety classes B and C. A side note in the requirement of IEC 62304 suggests that the system specifications could include topics such as “processor type and speed, memory type and size, system software type, communication and display software requirements”
Identify segregation necessary for Risk Controls
The concept of segregation is very important in the framework of IEC 62304. Segregation means the separation of different parts of the SW so that that they are not “negatively affecting” each other’s. Software items running on separate computational units without shared resources is an example of a segregation. The standard requires that parts of the SW that are used as risk control measures to mitigate specific risks are segregated, meaning that they need to be separated from other SW units.
Verify software architecture
IEC 62304 architecture verification requirements can be met by conducting a technical evaluation. Sometimes this evaluation can be done in peer reviews with participants from roles such as system architects, software architects, technical product owners and lead developers. The overall software system architecture has been reviewed in the very beginning of the design phase.
Software Development and Validation Package
4EasyReg has made available a toolkit focused on the documentation related to Software Development and Validation according to IEC 62304. We have been discussing in different occasion in the blog the documentation linked to IEC 62304, such as Software Development Plan and Software Architecture. We have however decide to collect the main documentation needed for activities related to Software Development and made it available in our 4EasyReg DocShop.
This toolkit – it can be downloaded at this link – contains different fully editable templates that can be used to document medical device related software development and validation activities.
The toolkit contains the following documentation:
- Software Development Plan Template
- Software Architecture Template
- Software Release Record Template
- Software Verification Protocol Template
- Software Verification Protocol Template
Do not hesitate to download it the toolkit!
Subscribe to 4EasyReg Newsletter
4EasyReg is an online platform dedicated to Quality & Regulatory matters within the medical device industry. Have a look to all the services that we provide: we are very transparent in the pricing associated to these consulting services.
Within our WebShop, a wide range of procedures, templates, checklists are available, all of them focused on regulatory topics for medical device compliance to applicable regulations. Within the webshop, a dedicated section related to cybersecurity and compliance to ISO 27001 for medical device organizations is also present.
As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.
Do not hesitate to subscribe to our Newsletter!
