Both, European and US regulations, distinguish three different categories of medical device software, the software safety classes accordingly to IEC 62304 respectively the FDA levels of concern. Frequently manufactures confuse both.
IEC 62304:2006 + Amendment 2015 define the software safety classes as follows:
„The SOFTWARE SYSTEM is software safety class A if:
The SOFTWARE SYSTEM is software safety class B if:
The SOFTWARE SYSTEM is software safety class C if:
IEC 62304:2006 + A1:2015
The following diagram summarizes this classification:
The FDA defines the Levels of Concern as follows:
FDA guidance document: Content of the premarket submission for software contained in medical devices
Please note that both definitions primarily are dependent on the severity of potential harms and not on risks. I.e. the probability of this harms is not what determines the software safety class respectively the level of concern.
The IEC 62304 introduces the software safety classes to determine the extent of documentation to be complied.
Table 1: The documentation depends on the safety class IEC 62304. E.g. for class A software no software architecture (chapter 5.3) is required. The numbers correspond to the chapters of the standard.
The FDA uses the levels of concern to determine the amount of documentation to be submitted. I.e. the level of concern does not influence the documentation to be compiled.
|Level of concern||x||x||x|
|Device hazard analysis||x||x||x|
|Software requirements specification||(x)||x||x|
|Architecture design chart||x||x|
|Software design specification||x||x|
|Description of software environment||x||x|
|Verification and Validation documentation||(x)||x||x|
|Revision level history||x||x||x|
If you market your products in the US, the software safety class is irrelevant. You have to document according to class C anyhow. Do not confuse compilation and submission of documents!
IEC 62304 permits a reduction of the software safety class by means that are external to the software only. Examples are:
The FDA expects measures to mitigate risks. However, the levels of concern are determined prior to these measures. I.e. a reduction of the level of concern does not impact the documentation to be submitted.
On November 4, 2021, the FDA published the draft of a guidance document entitled Content of Premarket Submissions for Device Software Functions. This document is intended to replace the guidance document that introduced the level of concern.
This new guidance document only differentiates between two classes.
The FDA no longer defines three “levels of concern.” Instead, it now defines two “documentation levels”:
Software requires “Enhanced Documentation" if at least one of the following conditions is met:
This device that contains the software or is the software:
With regard to the fourth point, the FDA refers to reasonably foreseeable risks.
Like the level of concern, the classification also affects the scope of the (software) documentation to be submitted:
Element of software documentation
Determination of the documentation class
System and software architecture
Software requirements specification
Software design specification
Documentation of software development and maintenance
x (without details of unit and integration testing)
List and evaluation of anomalies
The new requirements are very similar to the previous moderate and major levels. This means that manufacturers cannot submit software documentation that only meets the very lax requirements of the minor level of concern.
The FDA makes extensive references to IEC 62304. However, from the publication of the new version of the guidance document at the latest, a procedure as per class A is no longer permitted. In addition, manufacturers should be aware that the amount of documentation to be submitted is independent of the amount of documentation to be created.
The Johner Institute recommends that manufacturers work and create documentation in conformity with the requirements of safety class C.