Software unit verification
of medical software
What engineers need to do in order to meet the requirements for software
unit verification in IEC 62304. By Frank Büchner
I n its section on medical device
software IEC 62304 requires
software unit verification for
software of class B and C but does
so in a single, terse sentence,
“The manufacturer shall perform
the software unit verification and
document the results.”
So as an engineer, how do you go
about fulfilling this requirement? Two
important things need clarification:
What is the definition of a software
unit in IEC 62304 and what do you
need to verify it?
The regulation defines a software
unit as a software item that is not
further decomposed and forms the
lowest level of the software system.
It should be noted that the standard
does say that a software unit cannot
be subdivided further.
This avoids a contradiction,
because elsewhere in the standard
it allows the manufacturer to define
the granularity of software units.
The definition is intentionally
vague because it then allows the
standard to be applied to different
types of software and different
development methods.
Elsewhere in the standard it
mentions another characteristic of a
software unit, “Software units can be
tested separately.”
It’s vague, so one can also take
the programming language into
account i.e. the smallest software
unit in the programming language
C is a function in the sense of
C; object-oriented programming
languages like C++ or Java take a
method as a software unit.
Nevertheless, keep in mind that
design must be detailed enough to
allow the correct implementation
of the software unit. The detailed
design must also be documented for
the interfaces of class C software,
both for the interfaces to external
components (from hardware or
software) and for the interfaces
between software units.
According to IEC 62304, the
verification of the software units
is established by strategies,
methods and procedures. Testing
is obviously considered, since
the appropriateness of the test
procedures must be assessed for
software of classes B and C.
Accordingly, acceptance criteria
need to be established for the
software units and their observance
ensured for software of classes B
and C.
Acceptance criterion
“requirements”
Among the criteria is does
the software code implement
requirements including risk control
measures? This is typically checked
using appropriate test cases. If there
is at least one test case that tests
a certain requirement and this test
case has been executed and it has
it’s the manufacturer of the software
that defines what a software unit is.
Medical software for embedded
systems is often written in the C
programming language.
Which units exist and which
functionality they should have is
determined for software of classes
B and C by the software detailed
design. The software design then
results in the software architecture.
A good architecture is
characterised by narrow interfaces
between the units and a reasonable
size when it come to the units. A unit
can include several C functions.
Definition “verification”
In IEC 62304, verification is defined
as, “Confirmation through provision
of objective evidence that specified
requirements have been fulfilled”.
These requirements are specified
in the software design, which must
be carried out and documented for
software of classes B and C.
In the process, the requirements
for the entire software are assigned
to the software units, which
ultimately results in the description
of the functionality of the units.
For software of class C, the
Figure 1: In IEC 62304
the items on the
lowest level are called
‘units’
Figure 2: Display of
the coverage of the
requirements by
test cases in the
TESSY tool
22 23 February 2021 www.newelectronics.co.uk
/www.newelectronics.co.uk