July 2020 Standards Navigator Report

This July 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.


Recent standards and regulatory activity

When travel began to be restricted in early March due to COVID-19, all standards meetings through August were cancelled. During April the leadership of standards committees and working groups planned how to continue work without the in-person meetings that typically are used to achieve consensus. In May and June the new plans for virtual work were initiated. New documents are now being produced and balloted.

Medical devices


Medical device software

  • The ballot on a second Draft International Standard of the 2nd edition IEC 62304 was approved to move forward in IEC, but was not approved in ISO or CENELEC. The technical committees that voted on the draft decided to make another attempt to achieve consensus. Since the efforts of the team that developed and resolved comments on the current draft has not resulted in consensus, the chairs of ISO TC 215 and IEC SC 62A appointed a team to propose a resolution to the issues preventing consensus from being reached. The entire Joint Working Group 7 of the two technical committees will then consider the proposed resolutions in July. Following this meeting a new draft will be prepared and a ballot taken. If consensus is reached the publication of the 2nd edition will occur in 2021.
  • A draft of part four of the AAMI series on Health IT Software and Systems (HIT1000-4) has been circulated for comment. This part is on the application of human factors engineering to Health IT.
  • A revision of the first part of the AAMI series on Health IT Software and Systems (HIT1000-1) has been circulated for comment. This part addresses fundamental concepts, principles, and requirements. The first version of this standard was approved as a provisional American National Standard. This revision will be reviewed and balloted as a full American National Standard.



  • A new working draft of IEC 80001-5-1 Security Activities in the product life cycle is available. This standard defines the life cycle requirements for development and maintenance of health software, including medical devices, needed to support conformity to IEC 62443-4-1 – taking the specific needs for health software into account. Requirements are arranged in the ordering of IEC 62304. Implementing the processes, activities and tasks specified in this document is sufficient to implement the process requirements of IEC 62443-4-1. The specifications for Annex E may be implemented in order to achieve full conformity to IEC 62443-4-1.
  • A committee draft of AAMI SW96 Security risk management for device manufacturers has been circulated for comment. The objective of this standard and the subordinate TIR57 and TIR97 is to provide both requirements and guidance on how medical device manufacturers should manage security risk in the production and post-production phases of the life cycle of a medical device within the risk management framework defined by ANSI/AAMI/ISO 14971.
  • A revision of the NEMA Manufacturer Disclosure Statement for Medical Device Security (MDS2) was published in October 2019. This version of the MDS2 follows the security capabilities identified in IEC 80001-2-2 with some minor differences and a few additional sections. Clarification of questions and new questions were added to many of the sections. A new  MDS2 worksheet and example MDS2 worksheet were provided.


Artificial Intelligence

  • BSI and AAMI have created two free position papers on artificial intelligence; The emergence of artificial intelligence and machine learning algorithms in healthcare: Recommendations to support governance and regulation, and Machine learning AI in medical devices: adapting regulatory frameworks and standards to ensure safety and performance
  • ISO Technical Committee 215 has established an ad-hoc group on “Application of AI technologies in health informatics“. A draft report is expected by September 2020. Some draft recommendations related to standardization include:
    • Clear definitions that are applicable to the domain of TC 215 are needed, taking into account existing work (for example work from ISO/IEC JTC 1 SC 42)
    • Standards should support risk-based classification schemes for “AI medical devices” by providing definitions and frameworks for categorizing various kinds of AI
    • Standardization work is recommended for: methods to measure and to reduce bias, methods to measure reliability, notions of reproducibility in non-deterministic systems, methods for explainability for various kinds of AI techniques
    • Analyze the software lifecycle of “AI medical devices”, in particular of continuous learning systems, to identify any specific healthcare-related requirements beyond existing general guidance

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.