Regulatory Open Forum

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Hello,

I would also add the 62366 wrt usabilmity and for testing we use the V&V40 from ASME

If you have a software that is open to cybersecurity issues (which is the case for most SWs) I would also add the 27000 series

Greetings,

------------------------------
Franky Dubois
QA/RA Manager
Gent
Belgium
------------------------------

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Thank you Franky!
We do use the 62366 and 27000 series. will check out the V&V 40, not sure I am familiar with it.

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Original Message:
Sent: 05-Nov-2021 03:38
From: Franky Dubois
Subject: Software applicable standards

Hello,

I would also add the 62366 wrt usabilmity and for testing we use the V&V40 from ASME

If you have a software that is open to cybersecurity issues (which is the case for most SWs) I would also add the 27000 series

Greetings,

------------------------------
Franky Dubois
QA/RA Manager
Gent
Belgium

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Hi Ella,
IEC 82304-1 is a product standard and is applicable to standalone software intended to run on generic hardware. If your device is hardware-based, it sounds like your software is embedded (right?) and then IEC 82304-1 is not applicable. In such a case, I would consider IEC 60601-1 as the appropriate product standard. 

In both cases, you should apply IEC 62304 for your software development. 

You can find a few more words about IEC 62304 vs. IEC 82304-1 in this LinkedIn comment: 

TIR80002-1 is a guidance document and I don't expect an auditor to ask for compliance but he/she might advise you to use it. 

You could also consider security standards such as;
IEC TR 60601-4-5 Guidance and interpretation - Safety-related technical security specifications
and the upcoming;

IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security – Part 5-1: Security - Activities
in the product life cycle

I hope it helps!
Christian

------------------------------
Christian Kaestner
Laholm
Sweden
------------------------------

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Thank you Christian for your detailed answer!

Our SW is indeed embedded but now that I am thinking of it, our new development project may incorporate some cloud based data collection so that might be considered stand alone SW (although it is part of a system that has also hardware?).

Surely we do follow the 62304, I was just surprised with the request to follow also the 82304 and thought there might be additional standards I am not aware of. Will make sure we also use the IEC TR 60601-4-5 and IEC 81001-5-1 in our security procedures.

Thanks again!
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Original Message:
Sent: 05-Nov-2021 05:40
From: Christian Kaestner
Subject: Software applicable standards

Hi Ella,
IEC 82304-1 is a product standard and is applicable to standalone software intended to run on generic hardware. If your device is hardware-based, it sounds like your software is embedded (right?) and then IEC 82304-1 is not applicable. In such a case, I would consider IEC 60601-1 as the appropriate product standard.

In both cases, you should apply IEC 62304 for your software development.

You can find a few more words about IEC 62304 vs. IEC 82304-1 in this LinkedIn comment:

TIR80002-1 is a guidance document and I don't expect an auditor to ask for compliance but he/she might advise you to use it.

You could also consider security standards such as;
IEC TR 60601-4-5 Guidance and interpretation - Safety-related technical security specifications
and the upcoming;

IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security – Part 5-1: Security - Activities
in the product life cycle

I hope it helps!
Christian

------------------------------
Christian Kaestner
Laholm
Sweden

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States
------------------------------

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Hey Jean
Sure, it was TUV SUD during the first assessment audit for EU MDR which we have submitted for one of our products.
I assume that he might request it as a State Of The Art?
Have a great day
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Original Message:
Sent: 05-Nov-2021 12:43
From: Jean Bigoney
Subject: Software applicable standards

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Thanks Ella.
Interesting. We have standalone software for which 82304 applies, however we used 62304 because it was on the list of harmonized standards for MDD and we knew auditors would be familiar with it. No one asked for 82304.

Good luck!

Jean

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Cary NC
United States
------------------------------

Original Message:
Sent: 06-Nov-2021 07:49
From: Ella Sheiman
Subject: Software applicable standards

Hey Jean
Sure, it was TUV SUD during the first assessment audit for EU MDR which we have submitted for one of our products.
I assume that he might request it as a State Of The Art?
Have a great day
Ella

------------------------------
Ella Sheiman
Haifa
Israel

Original Message:
Sent: 05-Nov-2021 12:43
From: Jean Bigoney
Subject: Software applicable standards

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Same from BSI during MDR tech file audit.

It is for SaMD running on standard Windows PCs.

------------------------------
David Clafton
Nairn
United Kingdom
------------------------------

Original Message:
Sent: 06-Nov-2021 07:49
From: Ella Sheiman
Subject: Software applicable standards

Hey Jean
Sure, it was TUV SUD during the first assessment audit for EU MDR which we have submitted for one of our products.
I assume that he might request it as a State Of The Art?
Have a great day
Ella

------------------------------
Ella Sheiman
Haifa
Israel

Original Message:
Sent: 05-Nov-2021 12:43
From: Jean Bigoney
Subject: Software applicable standards

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Thanks David
Did they ask for any additional SW related standards?
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Original Message:
Sent: 10-Nov-2021 04:29
From: David Clafton
Subject: Software applicable standards

Same from BSI during MDR tech file audit.

It is for SaMD running on standard Windows PCs.

------------------------------
David Clafton
Nairn
United Kingdom

Original Message:
Sent: 06-Nov-2021 07:49
From: Ella Sheiman
Subject: Software applicable standards

Hey Jean
Sure, it was TUV SUD during the first assessment audit for EU MDR which we have submitted for one of our products.
I assume that he might request it as a State Of The Art?
Have a great day
Ella

------------------------------
Ella Sheiman
Haifa
Israel

Original Message:
Sent: 05-Nov-2021 12:43
From: Jean Bigoney
Subject: Software applicable standards

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------

Specifically 82304.

And also a question about applicability of general computing standards, like the 8001 series.

David

------------------------------
David Clafton
Nairn
United Kingdom
------------------------------

Original Message:
Sent: 10-Nov-2021 04:45
From: Ella Sheiman
Subject: Software applicable standards

Thanks David
Did they ask for any additional SW related standards?
Ella

------------------------------
Ella Sheiman
Haifa
Israel

Original Message:
Sent: 10-Nov-2021 04:29
From: David Clafton
Subject: Software applicable standards

Same from BSI during MDR tech file audit.

It is for SaMD running on standard Windows PCs.

------------------------------
David Clafton
Nairn
United Kingdom

Original Message:
Sent: 06-Nov-2021 07:49
From: Ella Sheiman
Subject: Software applicable standards

Hey Jean
Sure, it was TUV SUD during the first assessment audit for EU MDR which we have submitted for one of our products.
I assume that he might request it as a State Of The Art?
Have a great day
Ella

------------------------------
Ella Sheiman
Haifa
Israel

Original Message:
Sent: 05-Nov-2021 12:43
From: Jean Bigoney
Subject: Software applicable standards

Hi Ella

I am curious who is asking for the 82304 standard, as it is not on the list of any EU harmonized standards (yet).
Are you able to share that information?

------------------------------
Jean Bigoney PhD, RAC, CQE
Senior Regulatory Affairs Specialist
Morrisville NC
United States

Original Message:
Sent: 04-Nov-2021 08:27
From: Ella Sheiman
Subject: Software applicable standards

Hello community
I was recently requested by an auditor to show the compliance of the SW development procedure to the IEC 82304 standard and wondered which other standards applicable to SW have you encountered as requests during recent audits?
Would TIR80002-1 standard be one of those? What else?

Additional question- it seems that IEC 82304 applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. If our devices are hardware based- would it still apply?

Thank you
Ella

------------------------------
Ella Sheiman
Haifa
Israel
------------------------------