Posted on

SaMD under IVD Regulation – Square Peg in a round hole?

The regulations in the IVD industry have been slow in catching up with the fast-moving software development space. This can often make it harder to understand what needs to be done to satisfy notified bodies and get a safe and effective SaMD (software as a medical device) on the market.

Good planning will reduce the overall cost of the project. It is worth spending a time clearly defining the problem before starting any design and development. Clearly understanding customer requirements is key to translating these requirements into software requirements and formulating your software requirements specifications.

Here’s a step-by-step guide of what needs to be done:

Step 1: Make sure you have determined a clear intended purpose for your device (thinking about how you expect your device to be used, in what environment and by who) as this will make it easier to classify your device. It is also important to check whether your device falls under the definition of SaMD. The MHRA have created a handy guidance document to work through this. Medical devices: software applications (apps) – GOV.UK (

Step 2: Use the international standards IEC 82304 and IEC 62304 which are integral to developing safe and effective medical device software. These have strong ties to ISO 13485 for Quality Management and ISO 14971 for Risk Management. 

IEC 82304: This standard deals with the general requirements for product safety for health software. The scope of this standard covers SaMD as well as health software not classified as SaMD but does not apply to health software which is part of specific hardware for health use. The standard covers the entire lifecycle including design, development, validation, installation, maintenance, and disposal of health software products and signposts you to IEC 62304 for the development activities.

IEC 62304: is a process standard covering the life-cycle processes that tell you what activities and tasks need to be performed to ensure you have a safe and effective medical device. It applies to both SaMD and software that is an embedded part of a medical device. Determining the safety risk classification indicates which parts of this standard are applicable to your device. Risk Management activities are performed throughout the development life cycle. 

ISO 62304 also covers architectural design which segregates the system into functional items/blocks with interfaces, followed by more detailed design of the units that make up these items. Coding only features at the implementation phase and involves unit verification. Integration and system testing then show how all the units of code come together to form the items and how the items are put together to form the system. Well planned and documented test procedures and acceptance criteria are key. 

Step 3: Usability testing: It is also important to apply usability testing principles by complying with IEC 62366-1 (Medical devices – Part 1: Application of usability engineering to medical devices). The useability engineering process is intended to identify and minimise use errors and thereby reduce use-associated risks.

Step 4: Releasing and maintaining your device: The job isn’t over once you have released your device and placed it on the market. ISO 62304 covers maintenance, configuration management and problem resolution processes including analysing feedback and version and change control post-market. Post market surveillance activities are also covered in ISO 82304.

This gives some information on what is required to get onto the market but navigating all these requirements is not easy.

But we can help. 

We have a positive, friendly, and flexible approach to helping you get your device on the market, this includes helping to navigate the complexities with SaMD at all stages of the Software Lifecycle 

If you want to know more, book a call with Casey for a friendly chat on how we can help.