scope:

This Technical Specification describes the risk management processes required to ensure patient safety in respect to the manufacture of health software products as defined in 2.17. It does not apply to software which is: . necessary for the proper application of a medical device; . an accessory to a medical device; . a medical device in its own right. This Technical Specification applies to any health software product whether or not it is placed on the market as an off-the-shelf or configurable product and whether or not it is for sale or free of charge. It is addressed to all manufacturers of health software products as defined in 2.17. This Technical Specification does not cover the manufacture of non-health software which may be incorporated in health software, for example OTS products such as operating systems, e.g. UNIX (Windows), DBMS or SOUP products. However where a non-health software product such as an OTS or SOUP product is incorporated by a manufacturer into a health software product, this Technical Specification shall apply to the totality of that engineered product and shall include the non-health software product on which it is based. NOTE 1 The scope is intended to cover health software products that are not controlled by medical device regulations. It is acknowledged that, on the boundary, there are health software products that are encompassed by medical device regulations in some countries but not in others. This matter is considered in detail in the CEN/TR 15640 [11]. NOTE 2 The life cycle of a health software product includes: . requirements capture and concept development; . detailed design; . production; . software release/marketing; . deployment; . use; . decommissioning. A manufacturer is responsible for requirements capture and concept development, detailed design, production and software release/marketing and can be responsible for deployments particularly the first "go live" of complex systems. Where a customer contracts out responsibility for IT services to the manufacturer, the latter may also be responsible for use of the application and its decommissioning. This Technical Specification applies to all the life-cycle phases for which the manufacturer is responsible where this will depend on the contractual scope with the customer. NOTE 3 Failures and deficiencies in software products used in the health environment can, of course, have adverse impacts other than causing harm to patients. They might, for example, create administrative inconvenience with a range of impacts on the organization including financial loss. Harm to a patient may also have a consequent impact on the organization such as loss of reputation and/or financial loss resulting from litigation. Whereas these adverse organizational impacts will be significant to an organization, they are not the subject of this Technical Specification unless they can result in harm to a patient. It is the potential harm to the patient that is the subject of this Technical Specification. NOTE 4 Whereas this Technical Specification might well be useful to regulators if health software products were to be regulated or controlled in some formal or informal or voluntary manner whether national, regional or local, it is not the purpose of this document to recommend whether or not health software products should be regulated. NOTE 5 Guidance on the proper processes to be used by the user community to ensure the patient safety of health software as it is deployed, is given in ISO/TR 29322 [35]. NOTE 6 Throughout this document the term "clinical" is used to make clear that the scope is limited to matters of risks to patient safety as distinct from other types of risk such as financial. The use of the term "clinical" is not be taken to mean that the manufacturer is expected to be involved in clinical decisions affecting the treatment of patients in the direct clinical settings. This Technical Specification however makes clear that decisions about risks to patients posed by a health software product in a clinical environment need to involve appropriate, experienced and knowledgeable clinicians.