June 2019 Standards Navigator Report

This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.

Recent standards and regulatory activity overview


Medical devices

  • The third edition of ISO 14971 is nearing completion. An FDIS has been circulated for final approval, and publication will happen in the second half of 2019. The new edition is intended to clarify some requirements and make some requirements more specific so that manufacturers know what is to be included in the risk management plan and risk management report. Much of the guidance that was in annexes in the previous edition of 14971 has been moved to a technical report, ISO 24971, which is also nearing completion. A draft of the technical report has been circulated for vote. Its publication will follow the publication of 14971 by a few months.
  • Amendments to IEC 60601-1 and many of its collateral standards are nearing completion of the technical modifications. All of these documents have been circulated as committee drafts for vote, which is the last time that comments suggesting technical changes will be allowed. Following resolution of any comments received during this review and vote, the documents will have a final review and vote for approval. The amended standards are expected to be published in the first half of 2020. These standards are currently being reviewed:

IEC 60601-1: General requirements for basic safety and essential performance

IEC 60601-1-2: Collateral Standard: Electromagnetic disturbances – Requirements and tests

IEC 60601-1-6: Collateral standard: Usability

IEC 60601-1-8: Collateral Standard: General requirements, tests and guidance for alarm systems in medical electrical equipment and medical electrical systems

IEC 60601-1-9: Collateral Standard: Requirements for environmentally conscious design

IEC 60601-1-10: Collateral Standard: Requirements for the development of physiologic closed-loop controllers

IEC 60601-1-11: Collateral Standard: Requirements for medical electrical equipment and medical electrical systems used in the home healthcare environment

IEC 60601-1-12: Collateral Standard: Requirements for medical electrical equipment and medical electrical systems intended for use in the emergency medical services environment

Medical device software

  • Comments on the third committee draft of IEC 62304 are being resolved and a second DIS will be created and circulated in the second half of 2019.
  • AAMI has circulated a working draft of a technical report on post-market cybersecurity. AAMI TIR97 Principles for medical device security — Postmarket risk management for device manufacturers. This TIR is intended to provide guidance on how medical device manufacturers should manage security risk in the production and post-production phases of the life-cycle of a medical device within the risk management framework defined by ANSI/AAMI/ISO 14971:2007. TIR97 is intended to be used in conjunction with AAMI TIR57:2016.
  • AAMI TIR75 Factors to consider when multi-vendor devices interact via an electronic interface; Practical applications and examples, is in its final approval stage. TIR75 identifies a number of specific factors that should be considered as part of risk management activities. It also provides examples where these factors are used to identify causes, hazards, and hazardous situations related to interoperability.
  • AAMI has taken responsibility for the ASTM F2761-09 standard on patient-centric Integrated Clinical Environments and has renamed it AAMI 2700-1 Medical Devices and Medical Systems — Essential safety requirements for equipment comprising the patient-centric integrated clinical environment (ICE) — Part 1: General requirements and conceptual model. This standard is intended be the first in a series of standards that will specify requirements essential for safety when integrating medical devices from multiple manufacturers into a single medical system for the care of a single high acuity patient. Adoption of this standard is currently in the approval stage at AAMI.

AAMI has circulated a draft of AAMI SW95 Forensic Data Logger for an Integrated Clinical Environment (ICE). This standard provides general functional and interoperability requirements for system data logging capabilities including the recording and storage of the data in support of forensic analysis of ICE systems. It is anticipated that it will eventually become part of the AAMI 2700 series.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.