1. Regulatory References
Regulatory references:
IEC 62304, para. 5.3.1 and 5.3.2 [class B, C]
Relevant other documentation:
- SOP Software Development
- User needs / stakeholder requirements
- Design input / software requirements
- (…)
2. Software Systems
In compliance with DIN EN 62304, we subdivide our software on three levels: software systems, software components and software units.
Here, describe your internal software systems. The IEC 62304 defines those as an “integrated collection of software items organized to accomplish a specific function or set of functions.”
NOTE: Ideally, you would add an illustrating diagram to the Annex and reference it here.
2.1. Frontend
Enter description, for example:
- Function: user interface display
- Software safety classification and rationale
- Runtime
- Deployment
- User groups
2.2. Backend
Enter description, for example:
- Function: managing patient data and medical images.
- Software safety classification and rationale
- Runtime (e.g. JVM)
- Deployment (e.g. Docker container)
- User group
2.3. Algorithm
Enter description, for example:
- Function: taking medical images as input and output a prediction.
- Software safety classification and rationale
- Runtime (e.g. JVM)
- Deployment (e.g. Docker container)
- User group
3. Software Units
Describe your internal software units. The IEC 62304 defines those as a “software item [any identifiable part of a program, i.e. source code, object code, control code, control data, etc.] that cannot be subdivided into other items”. For example:
- Wearable device poller (regularly checks whether wearable device has new data and downloads it)
- Notification service (sends messages to Apple / Google for push notifications of mobile apps)
- (…)
4. Database
Describe your databases. For example:
- Relational database: Postgres v14
5. IT Security
5.1. Encryption of data
<enter content>
5.1.1. Data at rest
<enter content>
5.1.2. Data in transit
Example content:
- Data in transit is encrypted with state-of-the-art encryption, e.g. SSL, TLS.
- Additionally, we create a Virtual Private Network (VPC) which prevents the Compute Instances from being exposed to the public internet. The algorithm and the database are therefore not publicly reachable; they are only reachable by the backend.
Template Copyright openregulatory.com. See template license.
Please don’t remove this notice even if you’ve modified contents of this template.
Template Copyright openregulatory.com. See template license.
Please don’t remove this notice even if you’ve modified contents of this template.