List of Standard Standards, Guidance Docs, etc.

These are the standards, guidance documents, and so forth that are used for developing typical medical devices. I’ll try to keep this up to date. I’ve generally referred to the editions/versions that I’ve used most recently, which may be different from the latest version in effect.

When I can, I have a link to a source for the document, either a free copy (e.g., FDA documents) or the purchase page at evs.ee where most of them can be purchased for a seriously deep discount.

Standards, guidance documents and so forth should be generally thought of as product requirements. It’s quite important to identify, at the start of a project, the ones that apply to what we’re doing.

To check on which standards are recognized by the FDA you can use the searchable FDA database of recognized standards. These can be used, when appropriate, to demonstrate device safety and efficacy. Most are specific to a type of device. The database is searchable by keywords such as electrocardiogram, cybersecurity, and so forth.

The Basic Standards

These apply to pretty much all medical devices with embedded or desktop computers.

StandardTitleComments
ISO 13485Medical devices — Quality management systems — Requirements for regulatory purposesBasic quality management system standard, referenced by many other standards. Also requires the amendment, which is free.
IEC 62304Medical device software – Software life-cycle processesBasic software lifecycle standard
ISO 14971Medical devices – Application of risk management to medical devicesBasic risk management, referenced by many other standards. Price is for the redlined version from prior version (includes non-redlined version)
ISO 60601-1Medical electrical equipment – Part 1: General requirements for basic safety and essential performance (IEC 60601-1:2006)Basic safety standard – the top level for other 60601 safety standards.
60601-1:2006/A12:2014Amendment to 60601-1 
61025Fault tree analysis (FTA)Called out by 14971 as a way to perform risk analysis, and I prefer it to FMEA. Don’t necessarily need to follow this, but it provides useful information.
60601-1-2Medical electrical equipment – Part 1-2: General requirements for basic safety and essential performance – Collateral standard: Electromagnetic disturbances – Requirements and testsRequired. Automatically achieves FDA regulations for unintentional RF radiators.
60601-1-6Medical electrical equipment — Part 1-6: General requirements for basic safety and essential performance – Collateral Standard: UsabilityRequired
IEC60601-1-8:2006Medical electrical equipment — Part 1-8: General requirements for basic safety and essential performance — Collateral standard: General requirements, tests and guidance for alarm systems in medical electrical equipment and medical electrical systemsOptional last time I checked
ISO 62366Medical devices — Part 1: Application of usability engineering to medical devicesMandatory now I think
ISO 10993Biological evaluation of medical devices — Part 1: Evaluation and testing within a risk management processBiocompatibility. We probably don’t need to deal with this standard other than knowing that part which come in contact with patient need to be made from materials which meet this standard.
ANSI/AAMI HE 75:2009Human factors engineering — Design of medical devices (Design Principles Standard)Some good advice. Not mandatory.
FCC Part 15Regulations on radiated RFMeeting 60601-1-2 is sufficient to meet Part 15 for unintentional emissions. Intentional emissions, e.g., WiFi, is another matter – either use a module and antenna that are pre-certified, or need to get certified by a test house (expensive).
ANSI/AAMI SW91Classification Of Defects In Health SoftwareReferenced in new (11/2021) FDA draft guidance on content of 510k software submission. Not familiar with it yet. Not available at evs.ee  

FDA

Cybersecurity page that includes links to guidance documents.

Radio Frequency Wireless Technology in Medical Devices – Guidance for Industry and FDA Staff

Policy for Device Software Functions and Mobile Medical Applications

How to Prepare a Traditional 510(k) | FDA

510(k) Forms | FDA

Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices | FDA

Acceptance Checklists for 510(k)s | FDA

Other Regulatory

FDA Guidance Documents

Cybersecurity information including links to guidance documents.

Wireless Medical Devices

Policy for Device Software Functions and Mobile Medical Applications

General Wellness: Policy for Low Risk Devices

How to Prepare a Traditional 510(k) | FDA

510(k) Forms | FDA

Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices | FDA

Acceptance Checklists for 510(k)s | FDA

HIPAA

A good overview of HIPAA. Note that device makers are not responsible for HIPAA, but our customers (healthcare providers) are. Our job is to support the enabling features that they’re looking for.

EU environmental regulations

The EU requires manufacturers to be environmentally responsible. Here are the major regulations. (My book contains in-a-nutshell overviews of these.)

RoHSRestriction of Hazardous Substances.Mandated in EU, typically accommodated elsewhere. Mainly a matter of specifying components that meet RoHS which is easy to do.
REACHRegistration, Evaluation, Authorization and Restriction of Chemicals.Mandated in EU. Compliments RoHS. Requires reporting the amounts used of certain chemicals, bans some other chemicals.
WEEEWaste from Electrical and Electronic EquipmentMandated in EU. Covers the treatment, recovery and recycling of electric and electronic equipment.