February 2020 Standards Navigator Report

This February 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.

Recent standards and regulatory activity

Medical device software

  • The ballot on a second Draft International Standard of the 2nd edition IEC 62304 was approved to move forward in IEC, but was not approved in ISO or CENELEC. The technical committees that voted on the draft decided to make another attempt to achieve consensus. Since the efforts of the team that developed and resolved comments on the current draft has not resulted in consensus, the chairs of ISO TC 215 and IEC SC 62A will appoint a team to propose a resolution to the issues preventing consensus from being reached. The entire Joint Working Group 7 of the two technical committees will then consider the proposed resolutions at a meeting in March. Following this meeting a new draft will be prepared and a ballot taken. This will delay the publication of the 2nd edition by at least 6 months, moving it into 2021. CENELEC has a mandate from the EU to harmonize 62304 for the MDR and IVDR by 2024. If the 2nd edition of 62304 is to be used as a starting point for the harmonization it is important that a compromise acceptable to CENELEC be achieved.
  • The US Office of Management and Budget has provided a memorandum on “Guidance for Regulation of Artificial Intelligence Applications”. This memorandum “provides guidance to all Federal agencies to inform the development of regulatory and non-regulatory approaches regarding technologies and industrial sectors that are empowered or enabled by artificial intelligence (AI) and consider ways to reduce barriers to the development and adoption of AI technologies”. This guidance document applies to the FDA.  The memorandum generally encourages light regulation of AI, but does encourage a “risk based approach” to regulation.
  • The Draft International Standard for the 2nd edition of IEC 80001-1 Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software – Part 1: Application of risk management was approved. Comments will be addressed and a Final Draft sent out for vote. Publication of the new edition is expected in the second half of this year.
  • The Draft International Standard for IEC 81001-1 Health software and health IT systems safety, effectiveness and security – Foundational principles, concepts and terms was also approved. Comments will be addressed and a Final Draft sent out for vote. Publication of the new standard is expected in the second half of this year.
  • A new working draft of ISO TS 82304-2 Health software – Part 2: Health and wellness apps – Quality criteria across the life cycle – Code of practice is available. This International Technical Specification will provide a set of requirements for developers of health and wellness apps, intending to meet the needs of health care professionals, patients, caregivers and the wider public. It will include a set of quality criteria and cover the app project life cycle, through the development, testing, releasing and updating of an app, including native, hybrid and web-based apps, those apps associated with wearable, ambient and other health equipment and apps that are linked to other apps. It will also address fitness for purpose and the monitoring of usage. The specification will inform the development of health and wellness apps irrespective of whether they are placed in the market or provided including free of charge.
  • A working draft of AAMI HIT1000-4 Safety and Effectiveness of health IT software and systems – Part 4: Application of human factors engineering is available. This part of the HIT1000 series of standards describes an approach to developing and validating a health IT system’s user interface so that such systems are safe and effective. The intent is to promote good development practices without being overly prescriptive. The document describes how to apply a user-centered design process throughout the entire health IT lifecycle. As such, this standard covers the development, acquisition, integration, implementation, and operational use lifecycle stages. Additionally, it includes a section describing usability considerations for health IT system replacement and decommissioning.


Medical devices

  • The second amendment of the current IEC 60601-1 and its collateral standards has been approved at the Committee Draft for Vote (CDV) level and will now proceed to a Final Draft. The amendments are expected to be published in mid-2020.
  • As the second amendment to IEC 60601-1 and its related collateral standards nears completion, work is beginning on the 4th edition of the standard. The 3rd edition of 60601-1 was published in 2005 and took ten years to develop. A team of IEC experts has been considering modifications to the architecture of 60601-1 for use in the 4th Initial thoughts include incorporating the collateral standards into the main standard and removing, as much as possible, all process requirements from the standard so that what remains are requirements that can be tested. This would mean that the Programmable Electronic Medical Systems (PEMS) section would be removed from 60601-1. The 3rd edition of 60601-1 was published before IEC 62304 and IEC 82304-1 were available. These standards could be used instead of the PEMS section of 60601-1, indeed use of 62304 is now required by the amended version of 60601-1. Modification to IEC 82304-1 would likely be needed to address all of the system aspects covered in the 60601-1 PEMS section. Continued review of the proposed architecture will occur prior to work to revise 60601-1 for a 4th edition starting.



  • A new committee draft of IEC 80001-5-1 Security – Activities in the product lifecycle has been circulated for comment. This standard will extend the existing processes conforming to IEC 62304. Its structure reflects that of IEC 62304. Process requirements for this new standard have been derived from IEC 62443-4-1 Secure Product Development Lifecycle Requirements. IEC 62443 is a series of Industrial Automation and Controls Systems security specifications.



SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.