How to de-risk medical software development
When developing software for medical or diagnostic devices, you will need to provide evidence that it was developed under a ‘state of the art’ process. This is typically achieved by showing compliance with IEC 62304 (medical device software – software lifecycle processes), ISO 14971 (application of risk management to medical devices) and standards specific to your device. IEC 62304, in particular, requires that you define your development lifecycle, processes and documentation practices – you can’t just start coding!
The activities defined in IEC 62304 are intended to improve code quality, make sure that risks are appropriately assessed and device testing is well-designed and robust. When following these processes, a natural consequence is that the inherent agility of software can be somewhat tempered – this is because large software changes require significant documentation and risk management effort.