What is this standard about?
This standard applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. Its primary focus is on the requirements for manufacturers.
It covers the entire lifecycle including design, development, validation, installation, maintenance and disposal of health software products.
This document aims to provide requirements for the safety and security of health software products; it can only provide such requirements for software-only products. Situations where health software is a part of, or embedded in, a physical device are outside the scope of this document as these combined products are considered separately in, for example, IEC 60601-1 and associated collateral and particular standards.
Who is this standard for?
This standard has been written for manufacturers of health software, as it provides them with product requirements for the entire lifecycle.
Why should you use this standard?
Health software products are intended by their manufacturer for managing, maintaining or improving health of individual persons, or the delivery of care. Some health software can contribute to a hazardous situation and risk control is therefore needed to prevent harm or reduce the likelihood of harm occurring. Testing of the finished product is not, by itself, adequate to address the safety of health software. Therefore, requirements for the processes by which the health software is developed are necessary. This document relies heavily on IEC 62304:2006 and IEC 62304:2006 / AMD1:2015 for the software development process which can be applied to health software products.