December 2020 Standards Navigator Report

This December 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions.

SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.

Recent standards and regulatory activity

Standards work has clearly slowed down as the pandemic restricted travel and meetings. While work is continuing, it is harder to keep people’s attention and get homework done at a virtual meeting.  Several standards that were expected to have drafts for ballot this year have slipped into 2021. These include 62304 Second Edition (a committee draft for vote is expected in January), IEC 80001-1 Second Edition (Final Draft expected 1st quarter) and IEC 81001-1 (Final Draft is expected in January).

Medical devices

Medical device software

  • The first part of the AAMI series on Health IT Software and Systems (HIT1000-1) has been approved and will be published as an American National Standard. HIT1000-3 on risk management and HIT1000-4 on usability are expected to be revised and approved as American National Standards in 2021. Work on HIT1000-2 on quality systems will continue (restart) in 2021.


  • IEC TR 60601-4-5: Medical electrical equipment – Part 4-5 Guidance and interpretation – Safety related technical security specifications for medical devices has been approved and will be published in the first quarter of 2021.
  • A committee draft for ballot of IEC 81001-5-1 Security Activities in the product life cycle is available. This draft will be voted on as a draft international standard. This ballot is the last chance for technical comments. The standard defines the life cycle requirements for development and maintenance of health software, including medical devices, needed to support conformity to IEC 62443-4-1 – taking the specific needs for health software into account. Requirements are arranged in the ordering of IEC 62304. Implementing the processes, activities and tasks specified in this document is sufficient to implement the process requirements of IEC 62443-4-1. The specifications for Annex E may be implemented in order to achieve full conformity to IEC 62443-4-1.
  • AAMI SW95 Medical device security – Security risk management for medical device manufacturers, a second committee draft is expected in first quarter of 2021.
  • ISO has a new proposed project for cybersecurity for telemedicine.


Artificial Intelligence

  • Technical report, ISO 24291 Health informatics – Applications of machine learning technologies in imaging and other medical applications has been approved and will be published in the first quarter of 2021.
  • AAMI and BSI are collaborating to develop guidance for AI. Their first activity is to rapidly develop a technical report on risk management. They will be looking at ISO 14971 and considering what is unique to AI for risk management. They hope to have this guidance published in the first half of 2021. Their second project is to look at an algorithm change that allows changes without a need for resubmission to a regulator.
  • An ISO ad hoc committee on AI has proposed that a new guidance on AI addressing security and privacy analysis be developed. This would include:
    • Use case analysis
    • Integration of an AI system into a health care system of systems
    • Security by design and privacy by design approach and practice
    • Trustworthy framework including suitable assurance needs

No new project has been submitted yet, but a new work proposal is expected in 2021.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.