Assuring medical device embedded software quality while complying with IEC 62304

'I'd like to thank the team for the release 6.0. This version is a big achievement. It is the first version of the software that uses different components and links different machines from different sites. Let's go for version 7.0!'


Product description

The client is a global leader in blood component, therapeutic apheresis and cellular technologies. The main corporation's activities are development, manufacturing, export, import, marketing, and distribution of medical devices, supplies, and accessories.

The product under test is a powerful software designed to help advance blood center and component lab operations. It's a dedicated system intended to communicate with the blood transfusion devices that can be connected to the client's Local Area Network.

The main functions of the system include collecting, storing, and processing session data from blood transfusion devices.

The connection to the LAN allows to view and analyze the collected session data and to adapt the device/parameter settings via the customer's PC.

In addition, the connection to the LAN enables bi-directional communication with third-party systems linked to the same LAN (e.g. the customer's database management system).

The system consists of 3 applications: the webserver application (WSA), the device assistant application (DAA), and the Updater.

WSA is responsible for:

  • Presentation (UI)
  • Application configuration
  • Data access
  • Log files management.

DAA is responsible for:

  • Device communication
  • Workflow execution
  • Data access
  • Database backup, mirroring, and maintenance
  • Import data from external sources
  • Default devices settings initialization
  • Log files management.

Updater is responsible for:

  • Updating WSA and DAA files
  • Self-updating.

The client needed to make sure the software performed as it was intended and turned to a1qa to face the challenge.

As software was embedded in medical device, its development and testing should have complied with IEC 62304 standard. The standard provides a list of tasks and activities that support the safe design and maintenance of medical device software. The goal of this is to ensure the software does what is intended without causing any unacceptable risks.

It was necessary to run the following types of testing: functional, GUI, localization, integration testing.

Safety Class: С

Within the IEC 62304 standard, the software is assigned with the safety class according to the possible effects on the patient, operator, or other people resulting from a hazard (being a potential source of Harm) to which the system can contribute.

The software safety classes shall initially be assigned based on severity as follows:

  • Class A: No injury or damage to health is possible
  • Class B: Non-SERIOUS INJURY is possible
  • Class C: Death or SERIOUS INJURY is possible.

The software under test is assigned with the safety class C and it places a heavy burden on QA team.

Assuring quality of software that may lead to such severe consequences is highly challenging and responsible, it requires complete attention from software testing engineers. The stakes are too high to let a bug make it into the production.


The project lasts for 7 years already. During this time a1qa team has been regularly performing the following quality assurance activities:

  1. Requirements testing. As IEC 62034 relies heavily on Risk Management strategies, the QA specialists always include risk control measurements in software requirements.
  2. Creating test documentation.
  3. Test documentation cross-checking by team mates and business analytics.
  4. Establishing software unit verification process.
  5. Identifying additional software unit acceptance criteria (fault handling (error definition, isolation, and recovery); memory management and memory overflows; boundary conditions).
  6. Planning and performing software integration testing.
  7. Regression testing for every build.
  8. Performance testing under various conditions.
  9. Security testing.
  10. Localization testing. Interface is translated into 18 languages (including the Korean and the Chinese traditional and simplified ones). At that rate, the a1qa team performs localization testing of the software.
  11. Preparation of User Acceptance Testing (UAT) protocols.

All testing procedures, strategies, and methods used by the a1qa team are verified and confirmed by ISO 9001 certificate.

Testing is conducted on real devices and in real environments only.

  • Functional testing
  • Regression testing
  • Localization testing
  • Performance testing
  • Security testing
  • Integration testing
  • Robomongo
  • Postman
  • Rebex Tiny SFTP Server
  • Edge DevTools
  • FileZilla Server
  • FTP Clients
  • Base64 Decoders
  • Oracle DB
  • MS SQL Management Studio
  • MS Access for ODBC
  • Thorough testing has protected sensitive data from breach and helped build a positive brand perception in the mind of the consumer.
  • 7000
    defects detected, with about 2000 being Major and Critical ones
  • 3
    major versions of the stable and highly-performing product were released
  • 100%
    compliance with the project roadmap
Get the best QA news and tips delivered to your inbox!
We’ll send you one newsletter a month, jam-packed with amazing QA offers, hottest industry news, and all kinds of Software Testing goodness.