DEVELOPING RELIABLE MEDICAL DEVICES WITH CONFIDENCE

Regulatory approval of VxWorks Cert Edition for IEC 62304 strengthens opportunities for innovation and streamlines design cycles

 

KEEPING PACE WITH THE CHALLENGES IN MEDICAL SOFTWARE DEVELOPMENT

Developing effective, compliant software for medical devices requires a balanced blend of regulatory awareness, proven components, and efficiency of design practices. Wind River® addressed each of these factors in the latest release of VxWorks® Cert Edition. Engineered with medical-grade requirements in mind, VxWorks Cert Edition meets regulatory approval for the IEC 62304 standard, combining strong, built-in security; well-defined software lifecycle processes; and careful attention to the constraints that govern the classification and use of medical devices.

Development teams are keenly aware of the trade-offs involved when dealing with time, cost, and regulatory mandates that affect projects. Building medical devices based on a real-time operating system (RTOS) built by Wind River, a company with long-standing expertise in secure embedded solutions, confers numerous benefits. These benefits have been demonstrated across a diverse portfolio of projects completed to rigorous standards for aerospace, defense, and the medical sector. Having a solid RTOS at the heart of a product’s hardware/software stack removes much of the uncertainty from the design and can streamline updates, improving on prior manual processes. Other benefits include dynamic network device management and enterprise-caliber security provisions. A widespread, supportive ecosystem and industry-wide familiarity with the tools and components of the VxWorks Cert Edition platform gives assurance to device manufacturers that want proven, field-tested technologies.

WHY IEC 62304 MATTERS

The IEC 62304 standard spells out the compliance requirements for software used in medical devices. This standard has been widely adopted by regulatory bodies in the Americas and Europe, as well as within other jurisdictions. To release medical devices to market, OEMs and medical device manufacturers must adhere to the requirements. Having a medical grade OS—VxWorks Cert Edition—at the heart of a product is a major step toward achieving the necessary regulatory approval to compete successfully in this market sector.

  

GAINING APPROVAL UNDER THE IEC 62304 STANDARD

The IEC 62304 standard provides a set of best practices for companies making medical devices, to ensure the safety and security of the software used in these devices. To release medical equipment to market, OEMs and medical device developers must meet requirements based on one of three risk levels: Class A (no risk), Class B (low to moderate potential harm), and Class C (risk of serious injury or death). VxWorks Cert Edition is a medical-grade OS that is approved for use in devices up to and including Class C. Using VxWorks Cert Edition as a component in a medical device reduces, or in some cases even eliminates, the need for manufacturers to validate the OS using software of unknown provenance (SOUP) to ensure IEC 62304 compliance. If the software components being used in a device cannot be traced back to their origins, this injects an element of risk into the device design that must be resolved by the manufacturer. Integrating VxWorks Cert Edition into a medical device represents a significant step toward achieving the necessary regulatory approval to compete successfully in this market sector. In such cases, additional testing for the OS is not required as part of the approval process.

ENHANCING THE DEVELOPMENT PROCESSES

Efficiency and improved productivity in the software engineering pipeline are achieved more easily with an approach that includes preplanning to assess the requirements for regulatory approval. Figure 1 shows the activities that are included in the IEC 62304 requirements at each class level.

Figure 1. Processes involved in the software development of medical devices as per IEC 62304:2006+AMD1:2015

The safety classifications (Class A, B, and C) that apply to medical device software have been amended in the latest release of IEC 62304 to place stricter requirements on the software components of a solution. The earlier version of the standard, based solely on the degree of harm, allowed hardware-based risk mitigation—external to the software—to downgrade the classification (for example, from A to B or from B to C). Now the decision tree for assessing harm still evaluates external hardware mitigation, but it also determines whether a software failure poses a unique risk by itself.

Clearly, every aspect of the design, development, testing, and deployment of software for a medical device needs to align with the classification factor, and this should be a central focus of development teams. Failure to take the classification requirements into account throughout development and release, as well as in product updates, can cause expensive, time-consuming problems if not addressed as an integral part of the code.

Risk management can be an ongoing challenge when trying to launch a medical device cost-effectively on a strict timeline, particularly when regulatory standards must be met. VxWorks Cert Edition includes the integrated security features and IEC 62304–compliant framework that can substantially reduce the risk. As an industry leader in secure, embedded deployments, Wind River continues to modernize its software to cater to the medical industry.

  

Figure 2. Decision tree for classes as per safety classification according to IEC 62304:2006+AMD1:2015

PROVIDING MEDICAL-GRADE CREDENTIALS AND A PROVEN REAL-TIME OPERATING SYSTEM

Saving time and money in the development and testing of compliant medical devices under IEC 62304 requires an RTOS that satisfies the mandates and has been engineered for hardened deployments in demanding environments, including the aerospace and defense industries. Expertise gained in these areas is carried forward in the latest version of VxWorks Cert Edition and, because it has achieved IEC 62304 compliance, companies developing medical devices can confidently move forward to shorten time-to-market and strengthen the overall security of a solution. As a basic tenet, Wind River designs embedded systems to be secure, safe, reliable, and certifiable.

Advances in the technologies that are used in medical devices have transformed practices in this sector, providing more effective diagnosis, monitoring, and treatment of illnesses. This, however, adds complexities to the development and testing of devices. Wind River has been a leader in this area, and VxWorks has successfully been used in many products from leading firms in the medical sector. Professional services consulting and collaborative support are available for complex projects. With a firm commitment to safety and security, the VxWorks Cert Edition OS stands as a solid foundation for building compliant medical device solutions. From design through deployment, Wind River offers companies the benefit of unrivaled expertise in the technologies needed to succeed in this challenging market.


Return to Resource Center