Assuring medical device embedded software quality while complying with IEC 62304

Global leader in blood component, therapeutic apheresis and cellular technologies turned to a1qa to assure quality of medical device embedded software for blood transfusion and processing.
Cybersecurity testing
Functional testing
Healthcare and pharma
Integration testing
Localization testing
Performance testing
Regression testing


I’d like to thank the team for the release 6.0. This version is a big achievement. It is the first version of the software that uses different components and links different machines from different sites. Let’s go for version 7.0!

The client is a global leader in blood component, therapeutic apheresis, and cellular technologies. The main corporation’s activities are development, manufacturing, export, import, marketing, and distribution of medical devices, supplies, and accessories.

The product under test is a powerful software designed to help advance blood center and component lab operations. It’s a dedicated system intended to communicate with the blood transfusion devices that can be connected to the client’s Local Area Network.

The main functions of the system include collecting, storing, and processing session data from blood transfusion devices.

The connection to the LAN allows to view and analyze the collected session data and to adapt the device/parameter settings via the customer’s PC.

Also, the connection to the LAN enables bi-directional communication with third-party systems linked to the same LAN (e.g. the customer’s database management system).

The system consists of 3 applications: the webserver application (WSA), the device assistant application (DAA), and the Updater.

WSA is responsible for:

  • Presentation (UI)
  • Application configuration
  • Data access
  • Log files management.

DAA is responsible for:

  • Device communication
  • Workflow execution
  • Data access
  • Database backup, mirroring, and maintenance
  • Import data from external sources
  • Default devices settings initialization
  • Log files management.

Updater is responsible for:

  • Updating WSA and DAA files
  • Self-updating.

The client needed to make sure the software performed as it was intended and turned to a1qa to face the challenge.

As software was embedded in medical device, its development and testing should have complied with IEC 62304 standard. The standard provides a list of tasks and activities that support the safe design and maintenance of medical device software. The goal of this is to ensure the software does what is intended without causing any unacceptable risks.

It was necessary to run the following types of testing: functional, GUI, localization, integration testing.

Safety Class: С

Within the IEC 62304 standard, the software is assigned with the safety class according to the possible effects on the patient, operator, or other people resulting from a hazard (being a potential source of Harm) to which the system can contribute.

The software safety classes shall initially be assigned based on severity as follows:

  • Class A: No injury or damage to health is possible
  • Class B: Non-SERIOUS INJURY is possible
  • Class C: Death or SERIOUS INJURY is possible.

The software under test is assigned with the safety class C and it places a heavy burden on QA team.

Assuring quality of software that may lead to such severe consequences is highly challenging and responsible, it requires complete attention from software testing engineers. The stakes are too high to let a bug make it into the production.

Services offered

Functional testing
Regression testing
Localization and internationalization testing
Performance testing
Cybersecurity testing
Integration testing

Project scope

The project lasts for 7 years already. During this time a1qa team has been regularly performing the following quality assurance activities:

  1. Requirements testing. As IEC 62034 relies heavily on Risk Management strategies, the QA specialists always include risk control measurements in software requirements.
  2. Creating test documentation.
  3. Test documentation cross-checking by team mates and business analytics.
  4. Establishing software unit verification process.
  5. Identifying additional software unit acceptance criteria (fault handling (error definition, isolation, and recovery); memory management and memory overflows; boundary conditions).
  6. Planning and performing software integration testing.
  7. Regression testing for every build.
  8. Performance testing under various conditions.
  9. Security testing.
  10. Localization testing. Interface is translated into 18 languages (including the Korean and the Chinese traditional and simplified ones). At that rate, the a1qa team performs localization testing of the software.
  11. Preparation of User Acceptance Testing (UAT) protocols.

All testing procedures, strategies, and methods used by the a1qa team are verified and confirmed by ISO 9001 certificate.

Testing is conducted on real devices and in real environments only.

Technologies & tools

  • Robomongo
  • Rebex Tiny SFTP Server
  • FileZilla Server
  • Base64 Decoders
  • MS SQL Management Studio
  • Postman
  • Edge DevTools
  • FTP Clients
  • Oracle DB
  • MS Access for ODBC


  • Thorough testing has protected sensitive data from breach and helped build a positive brand perception in the mind of the consumer.

In numbers

defects detected, with about 2000 being Major and Critical ones
major versions of the stable and highly-performing product were released
compliance with the project roadmap
years of the project duration

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.