DEVELOPING RELIABLE MEDICAL DEVICES WITH CONFIDENCE
Regulatory approval of VxWorks Cert Edition for IEC 62304 strengthens opportunities for innovation and streamlines design cycles
GAINING APPROVAL UNDER THE IEC 62304 STANDARD
The IEC 62304 standard provides a set of best practices for companies making medical devices, to ensure the safety and security of the software used in these devices. To release medical equipment to market, OEMs and medical device developers must meet requirements based on one of three risk levels: Class A (no risk), Class B (low to moderate potential harm), and Class C (risk of serious injury or death). VxWorks Cert Edition is a medical-grade OS that is approved for use in devices up to and including Class C. Using VxWorks Cert Edition as a component in a medical device reduces, or in some cases even eliminates, the need for manufacturers to validate the OS using software of unknown provenance (SOUP) to ensure IEC 62304 compliance. If the software components being used in a device cannot be traced back to their origins, this injects an element of risk into the device design that must be resolved by the manufacturer. Integrating VxWorks Cert Edition into a medical device represents a significant step toward achieving the necessary regulatory approval to compete successfully in this market sector. In such cases, additional testing for the OS is not required as part of the approval process.
ENHANCING THE DEVELOPMENT PROCESSES
Efficiency and improved productivity in the software engineering pipeline are achieved more easily with an approach that includes preplanning to assess the requirements for regulatory approval. Figure 1 shows the activities that are included in the IEC 62304 requirements at each class level.

The safety classifications (Class A, B, and C) that apply to medical device software have been amended in the latest release of IEC 62304 to place stricter requirements on the software components of a solution. The earlier version of the standard, based solely on the degree of harm, allowed hardware-based risk mitigation—external to the software—to downgrade the classification (for example, from A to B or from B to C). Now the decision tree for assessing harm still evaluates external hardware mitigation, but it also determines whether a software failure poses a unique risk by itself.
Clearly, every aspect of the design, development, testing, and deployment of software for a medical device needs to align with the classification factor, and this should be a central focus of development teams. Failure to take the classification requirements into account throughout development and release, as well as in product updates, can cause expensive, time-consuming problems if not addressed as an integral part of the code.
Risk management can be an ongoing challenge when trying to launch a medical device cost-effectively on a strict timeline, particularly when regulatory standards must be met. VxWorks Cert Edition includes the integrated security features and IEC 62304–compliant framework that can substantially reduce the risk. As an industry leader in secure, embedded deployments, Wind River continues to modernize its software to cater to the medical industry.

PROVIDING MEDICAL-GRADE CREDENTIALS AND A PROVEN REAL-TIME OPERATING SYSTEM
Saving time and money in the development and testing of compliant medical devices under IEC 62304 requires an RTOS that satisfies the mandates and has been engineered for hardened deployments in demanding environments, including the aerospace and defense industries. Expertise gained in these areas is carried forward in the latest version of VxWorks Cert Edition and, because it has achieved IEC 62304 compliance, companies developing medical devices can confidently move forward to shorten time-to-market and strengthen the overall security of a solution. As a basic tenet, Wind River designs embedded systems to be secure, safe, reliable, and certifiable.
Advances in the technologies that are used in medical devices have transformed practices in this sector, providing more effective diagnosis, monitoring, and treatment of illnesses. This, however, adds complexities to the development and testing of devices. Wind River has been a leader in this area, and VxWorks has successfully been used in many products from leading firms in the medical sector. Professional services consulting and collaborative support are available for complex projects. With a firm commitment to safety and security, the VxWorks Cert Edition OS stands as a solid foundation for building compliant medical device solutions. From design through deployment, Wind River offers companies the benefit of unrivaled expertise in the technologies needed to succeed in this challenging market.