OPENREGULATORY
Sign in Start for free

Template

Software Architecture Description

Sven Piechottka · IEC 62304 Templates · Published August 31, 2022

Template download

This is a free template, provided by OpenRegulatory. If you are a user of Formwork, our eQMS software, you can save time by choosing “QMS” on the top menu and “OpenRegulatory Templates” on the left menu, then opening the relevant folder to find this template ready to load into Formwork.

Using a different QMS? Download below as Word (.docx), PDF, Google Docs or Markdown. The template license applies (keep the copyright at the bottom, don’t re-use for commercial purposes).

Download Word file DOCX
Download PDF PDF
Download HTML (Google Docs) HTML
Download Markdown MD
Use this template in Formwork

Related

SOP Deployment

SOP Deployment

Sven Piechottka

updated about 2 years ago
SOP Machine Learning Model Development (AI)

SOP Machine Learning Model Development (AI)

Sven Piechottka

updated about 2 years ago
A

Examples for SOP content for Infrastructure and Work Environment in ISO 13485 QMS for software

Anonymous · 1 comment
3 months ago
Our company is establishing a QMS according to ISO 13485, and I have been asked to identify procedures, assign them to the standard's clauses, and draft SOPs. My background is mostly hardware-related,
Accepted 3 answers

The infrastructure topic really depends on your business setup, especially your IT infrastructure. There's no single generic description, but you shou

Template preview

1. Regulatory References

Regulatory references:

IEC 62304, para. 5.3.1 and 5.3.2 [class B, C]

Relevant other documentation:

  • SOP Software Development
  • User needs / stakeholder requirements
  • Design input / software requirements
  • (...)

2. Software Systems

In compliance with DIN EN 62304, we subdivide our software on three levels: software systems, software
components and software units.

Here, describe your internal software systems. The IEC 62304 defines those as an “integrated collection of
software items organized to accomplish a specific function or set of functions.”

NOTE: Ideally, you would add an illustrating diagram to the Annex and reference it here.

2.1. Frontend

Enter description, for example:

  • Function: user interface display
  • Software safety classification and rationale
  • Runtime
  • Deployment
  • User groups

2.2. Backend

Enter description, for example:

  • Function: managing patient data and medical images.
  • Software safety classification and rationale
  • Runtime (e.g. JVM)
  • Deployment (e.g. Docker container)
  • User group

2.3. Algorithm

Enter description, for example:

  • Function: taking medical images as input and output a prediction.
  • Software safety classification and rationale
  • Runtime (e.g. JVM)
  • Deployment (e.g. Docker container)
  • User group

3. Software Units

Describe your internal software units. The IEC 62304 defines those as a “software item [any identifiable
part of a program, i.e. source code, object code, control code, control data, etc.] that cannot be
subdivided into other items”. For example:

  • Wearable device poller (regularly checks whether wearable device has new data and downloads it)
  • Notification service (sends messages to Apple / Google for push notifications of mobile apps)
  • (...)

4. Database

Describe your databases. For example:

  • Relational database: Postgres v14

5. IT Security

5.1. Encryption of data

<enter content>

5.1.1. Data at rest

<enter content>

5.1.2. Data in transit

Example content:

  • Data in transit is encrypted with state-of-the-art encryption, e.g. SSL, TLS.
  • Additionally, we create a Virtual Private Network (VPC) which prevents the Compute Instances from being exposed to the public internet. The algorithm and the database are therefore not publicly reachable; they are only reachable by the backend.

Template Copyright openregulatory.com. See template
license.

Please don't remove this notice even if you've modified contents of this template.

Sven Piechottka

Sven Piechottka

With a background in political and administrative sciences, my way into regulatory affairs started from a different angle. I focused on the promises of precision medicine during my final year of studies and first joined IBM to help leverage healthcare innovation projects across Germany.

 I then gained most of my regulatory experience while working for Vara (before: Merantix Healthcare), where we built up a quality management system from scratch. For about three years, I coordinated regulatory affairs, led the ISO 13485 certification and CE certification of an AI-based radiology software, and served as data protection officer and quality management officer of the company.
More about me