Length: 2 Days
Print Friendly, PDF & Email

IEC 62304 Training

IEC 62304 Training

IEC 62304 offers guidance on how to identify potential hazards that could be the result of medical software failures or defects, and then outlines how to properly classify the risk level of a medical device.

Titled Medical Device Software – Software Life-Cycle Processes, IEC 62304 is recognized internationally. Released in 2006, IEC 62304 is harmonized by several important organizations such as the FDA and European Union.

IEC 62304 gives a framework for manufacturers of medical device software by providing the necessary development and maintenance stages required to ensure safe software development, along with tests and tasks to prevent potential hazards.

IEC 62304 is an important standard because software is often an integral part of medical device technology. Establishing the safety and effectiveness of a medical device containing software requires knowledge of what the software is intended to do and demonstration that the use of the software fulfils those intentions without causing any unacceptable risks.

Experts in this area recommend that medical software companies follow a proven and systematized process to streamline the entire verification process. Beyond that, they also need to avoid the major mistakes that manufacturers make during the software development process.

For example, it’s essential to implement solid design control processes. Change control is essential to keep a full record of your documents and products. Theoretically, change control is feasible with a paper-based quality management system. But for more complex process changes, an electronic system can simplify the entire design and change control process.

There are always documents associated with any system—whether it’s an equipment file containing the manual and validation or a simple SOP change. An electronic quality management system (eQMS) makes it all visible to the required parties in real time.

It’s also key to align documentation with IEC 62304 semantics. To ensure compliance, documents need to move in a predictable and traceable way through your company from one department to the next. Every move must be well-documented.

An earlier release of IEC 62304 was less clear, but a 2006 amendment to the standard clarified the requirements. IEC 62304:2006 provides guidance to manufacturers on how to identify hazards that could arise from software failure or defect, in order to properly classify the risk of a medical device.

Based on the device risk classification, IEC 62304 provides guidance for risk control measures that must occur throughout the life cycle of that particular device.

IEC 62304 Training Course by Tonex

IEC 62304 training  is a two-day 62304 training course provides requirements of IEC 62304 standard applied medical device software and Software Development Life Cycle (SDLC) Processes. IEC 62304 requirements and FDA expectations are discussed in a workshop style. Participants will learn about the standards and technical reports pertinent to medical device software,  medical mobile apps, Software as a Medical Device (SaMD) products including  82304, 80002-1, 14971, 80001-2-x, 62366). The course also includes discussion on FDA Pre-Cert program, mobile apps, cybersecurity, blockchain, machine learning (ML)  and artificial intelligence (AI).

Participants will learn about medical software best practices and tools to integrate IEC 62304 compliance into their software development lifecycle (SDLC).

The rise of information technology has directly led to critical improvements in healthcare technologies and administration. There can be little doubt that computer technology and software has given millions (possibly billions) of people access to better healthcare and saved countless lives since its inception in the last century.

On the other hand, the rise of new technologies has created new opportunities for mistakes to negatively impact healthcare patients when accidents or malicious actors interfere with the intended design of healthcare technologies. Standards and regulations are necessary to minimize the risk of flaws in design or implementation leading to medical catastrophes that impact the health of vulnerable patients.

Those in need of treatment are often able to trust their healthcare provider without question, but problematic or dangerous software practices could lead to a situation which permanently shatters that trust relationship.

To respond to this urgent need, the International Electrotechnical Commission (IEC) has created a standard which is used worldwide as a benchmark to minimize the risk of harm to patients resulting from flawed software life cycle practices.

The development, deployment, implementation, and maintenance of health software is of critical importance to the safety of patients and the IEC 62304 standard was created to help organizations implement safer practices within this domain.

The original IEC standard was created in 2006 and is currently being rewritten in 2021 to serve as the 2nd edition. This course will primarily focus on the new edition, referred to as IEC 62304.3 – Health Software Life Cycle Processes, to maximize the value to our clients. This new standard will be relevant for at least five years before being updated again.

Learning Objectives

Those who complete this course will have deployable knowledge within the following domains:

  • A detailed and technical understanding of the IEC/DIS 62304.3 standard.
  • The ability to perform risk analysis to determine the degree of risk faced by an organization’s current health software life cycle practices.
  • The ability to recognize, explain and apply solutions that improve the security posture of an organization’s health software development, deployment, and maintenance practices.
  • A full understanding of laws and regulations relevant to health software life cycles, both within the United States and European Union.


  • Technology and Information Officers in healthcare industries (or adjacent fields)
  • Software developers in healthcare industries (or adjacent fields)
  • Cybersecurity professionals in healthcare industries (or adjacent fields)
  • System administrators in healthcare industries (or adjacent fields)
  • Healthcare administrators and management staff
  • Healthcare Compliance Officers

Course Agenda and Topics

General Requirements of IEC/DIS 62304.3

    • Overview of Quality Management concepts
    • Overview of Risk Management processes
    • Conformance to software requirements
    • Determining Level-of-Rigor (LoR)
    • Legacy software and Software of Unknown Pedigree (SOUP)

Software Development Process

    • Software development planning
    • Software requirements analysis
    • Software architectural design
    • Software detailed design
    • Software unit implementation
    • Software integration and integration testing
    • Software system testing

Software Maintenance Process

    • Establishing a Software Maintenance Plan
    • Problem and Modification Analysis
    • Implementation of software modifications

Software Risk Management Process

    • Software safety classifications
    • Analysis of software contributing to hazardous situations
    • Verification of risk control measures
    • Risk management applied to software changes

Health Software Configuration Management

    • Configuration identification
    • Change management
    • Configuration status accounting

Health Software Problem Resolution

    • Preparing problem reports
    • Investigating issues with health software
    • Notifying relevant parties
    • Applying change management to health software
    • Maintaining software records
    • Analyzing problems for trends
    • Verifying that a software problem has been resolved
    • Contents of test documentation

Best Practices (Workshop)

  • IEC 62304 key issues and compliance
  • Amendment 1 changes to 62304 (changes to risk and dealing with legacy software)
  • MBSE and Agile methods for medical device and HealthIT software
  • IEC 62304 integration with software Risk Management guidance from 80002-1
  • Software Safety Classifications
  • Health IT and standalone software
  • Cybersecurity planning, evaluation, testing and validation


IEC 62304 Training

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.