IEC 62304 (Medical Device Software)¶

The fda-iec-62304 pack enforces rules for medical device software lifecycle per IEC 62304 and 21 CFR Part 11.

Enable¶

sentra add-pack fda-iec-62304

Rules¶

The pack includes 14 rules across code enforcement and documentation obligations:

Code rules (4)¶

ID	Name	Type	Severity	Description
IEC62304-CODE-001	traceability-header	required_pattern	high	Source files must contain a traceability header linking to requirements
IEC62304-CODE-002	no-unsafe-casts	regex	critical	No unsafe type casts in safety-critical code
IEC62304-CODE-003	input-validation	regex	high	All external inputs must be validated
IEC62304-CODE-004	error-handling	required_pattern	high	Functions must include error handling

Documentation obligations (8)¶

ID	Name	Clause	Description
IEC62304-DOC-001	software-development-plan	5.1	Maintain a software development plan
IEC62304-DOC-002	requirements-specification	5.2	Document software requirements
IEC62304-DOC-003	architecture-design	5.3	Document software architecture
IEC62304-DOC-004	detailed-design	5.4	Document detailed design
IEC62304-DOC-005	unit-verification	5.5	Verify software units
IEC62304-DOC-006	integration-testing	5.6	Perform integration testing
IEC62304-DOC-007	system-testing	5.7	Perform system testing
IEC62304-DOC-008	release-procedure	5.8	Document release procedure

ML/AI rules (2)¶

ID	Name	Severity	Description
IEC62304-ML-001	model-validation	high	ML models must include validation documentation
IEC62304-ML-002	data-provenance	medium	Training data sources must be documented

Use case¶

Medical device companies using AI coding agents to develop software need to demonstrate IEC 62304 compliance to FDA (510(k)/PMA) and EU MDR notified bodies. This pack:

Enforces code traceability — Every source file links to a requirement
Catches unsafe patterns — Type casts, missing input validation, error handling gaps
Tracks documentation obligations — All IEC 62304 clauses appear in reports for audit evidence
Supports Class A/B/C — Rules can be customized per software safety class via overrides

Combining with other packs¶

IEC 62304 works well alongside owasp-top-10 for web-connected medical devices:

standards_packs:
  - fda-iec-62304
  - owasp-top-10