Francesconi Martina, Cangi Miriam, Tamarri Silvia, Conditi Noemi, Menicucci Chiara, Ravizza Alice, Cattaneo Luisa, Bianchini Elisabetta
Ente di Supporto Tecnico Amministrativo Regionale (ESTAR), Dipartimento Tecnologie Informatiche, Pisa, Italy.
Thema S.r.l., Imola, Italy.
J Biomed Inform. 2025 Jul;167:104856. doi: 10.1016/j.jbi.2025.104856. Epub 2025 May 21.
Software as medical devices (SaMDs) have become part of clinical practice and the management of the development and control processes of the documentation associated with them are an integral part of many medical realities. The European Regulation, MDR (EU) 2017/745, introduces a classification rule (rule 11, Annex VIII) specifically for software, which provides more explicit requirements than in the past, leading to classification of many software to higher risk and therefore to more complex certification processes. In this context, planning and awareness of possible regulatory strategies and related standards are fundamental for the key stakeholders, but this complex landscape can be perceived as fragmented. The aim of this work is to provide an amalgamated overview of how the current EU normative framework integrates into the various phases of the life-cycle of a medical device software, trying to ensure its safe and effective development.
In addition to the MDR, the main normative references relevant to the medical device software sector were taken into consideration. Specifically, the IEC 62304 standard clarifies the main processes of the software life-cycle, including the analysis of problems and changes, and the IEC 82304 standard completes its management by addressing activities relating to post-market phases and requirements. In addition, the various steps include also key points such as risk identification and control (ISO 14971), design, implementation and validation of usability requirements (IEC 62366) and in general the quality of the context in which the software is developed and maintained (ISO 13485). The application of these standards can support the activities of the various stakeholders and facilitate evidence of compliance with the regulatory requirements by MDR.
Based on the software life cycle, a mapping of the requirements from the entire normative framework analyzed over the various phases was implemented.
A detailed and integrated picture of the regulatory context behind the life cycle of a SaMD has been provided: this can facilitate the implementation of a balanced and effective approach, including key aspects, such as risk management and usability processes, and ensuring safety for the end user.
软件作为医疗设备(SaMDs)已成为临床实践的一部分,与之相关的文档开发和控制过程的管理是许多医疗实际情况中不可或缺的一部分。欧洲法规MDR(EU)2017/745引入了专门针对软件的分类规则(附件八规则11),该规则比过去提供了更明确的要求,导致许多软件被归类为更高风险,从而认证过程更加复杂。在此背景下,规划以及对可能的监管策略和相关标准的认知对于关键利益相关者至关重要,但这一复杂局面可能会被视为零散的。这项工作的目的是提供一个综合概述,说明当前欧盟规范框架如何融入医疗设备软件生命周期的各个阶段,以确保其安全有效地开发。
除了MDR,还考虑了与医疗设备软件领域相关的主要规范性参考文件。具体而言,IEC 62304标准阐明了软件生命周期的主要过程,包括问题和变更分析,IEC 82304标准通过解决与上市后阶段和要求相关的活动来完善其管理。此外,各个步骤还包括风险识别和控制(ISO 14971)、可用性要求的设计、实施和验证(IEC 62366)等关键点,以及软件开发和维护环境的总体质量(ISO 13485)。这些标准的应用可以支持各利益相关者的活动,并有助于证明符合MDR的监管要求。
基于软件生命周期,对在各个阶段分析的整个规范框架中的要求进行了映射。
提供了SaMD生命周期背后监管背景的详细综合图景:这有助于实施一种平衡有效的方法,包括风险管理和可用性过程等关键方面,并确保最终用户的安全。
