December 2018 Standards Navigator Report

This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

Standards and regulatory activity overview

Medical device software

  • It appears that in response to a question posed by the IEC 62304 working group, the ISO and IEC member countries want ISO 14971 to be required for use of the second edition of IEC 62304. This should be reflected in the next committee draft of the standard.

Medical devices

  • IEC 60950-1, which defines safety requirements for Information technology equipment, is being replaced by IEC 62368. The IEC technical committee working on an amendment to IEC 60601-1 has developed text to transition from referencing IEC 60950-1 for some safety requirements to referencing IEC 62368. This text, 60601-1_integration_62368, will appear in the next version of the draft amendment to IEC 60601-1, although exact placement of the text has not yet been determined.
  • An amendment to IEC 60601-1-8 – Collateral Standard: General requirements, tests and guidance for alarm systems in medical electrical equipment and medical electrical systems is being prepared. The committee draft of 60601-1-8_CD, was revised to structurally align it with the 2005 edition of IEC 60601-1. The principle technical changes are in Clause 4, which now recognizes that there is a general requirement for a risk management process in IEC 60601-1:2005.
  • A new version of ISO 15223-1 – Symbols to be used with medical device labels, labelling and information to be supplied is under development. This update, ISO_15223-1_CD, adds many new symbols, including symbols related to patient name and patient information website, translation, and unique device identifier along with many others.
  • An exploratory ad-hoc group is being established to address the issues of medical devices in the ‘Green’ circular economy including recycling, refurbishment and remanufacturing. The scope of the work should address basic safety and essential performance in a lifecycle perspective addressing the development, manufacture, use and decommissioning of these medical devices. The group will report its findings within one year. This may result in the initiation on new standards activities.


  • Standards are being developed by ISO for Information security management for remote maintenance of medical devices and medical information systems. Drafts of two standards have been prepared. 11633-1 covers requirements and risk analysis, and 11633-2 covers implementation of an information security management system.

Health IT

  • A second draft of the second edition of IEC 80001-1 Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software – Part 1: Application of risk management has been circulated for comment. This edition includes the following significant technical changes with respect to the previous edition:

a) report structure changed to better align with ISO 31000;

b) establishment of requirements, guidance and criteria for responsible organisations in the application of risk management;

c) communication of the value, intention and purpose of risk management through principles that support preservation of the key properties during the implementation and use of connected medical devices and health software.

  • ISO 17090-4 Health informatics — Public key infrastructure — Part 4: Digital Signatures for healthcare documents is under development and a draft has been circulated. This part of ISO 17090 supports interchangeability of digital signatures and the prevention of incorrect or illegal digital signatures by providing minimum requirements and formats for generating and verifying digital signatures and related certificates.
  • ISO has begun work on a standard for a common framework for audit trails for electronic health records in terms of audit trigger events and audit data. Such audit records at minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, access, update, etc.), and record the date and time at which the function was performed. An early working draft of 27789 has been prepared.

If you missed our October 2018 update, you can read it here October 2018 Standards Navigator Report

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.