IEC 62304 defines the software lifecycle for medical device software: planned development, documented requirements and architecture, risk-classified rigor (Class A/B/C), verification at each stage, and controlled maintenance and problem resolution — all evidenced for notified bodies and regulators, and all feeding your EU MDR technical documentation. Most teams try to satisfy it with Jira and Confluence plus discipline, and most teams discover the same thing at their first audit: the standard's demands are relational (this requirement, its risk class, its verification, its changes) while their tooling is a pile of loosely linked pages. Choosing purpose-built lifecycle software is usually the fix — but the category is uneven, and the wrong pick just relocates the problem.
This guide gives regulated software leaders a decision framework: what IEC 62304 actually demands of tooling, the evaluation criteria that separate real solutions from repackaged trackers, and how to run the selection.
Map IEC 62304's clauses to tool capabilities and five demands emerge. Traceability as data: software requirements trace to system requirements and risk controls, architecture decomposes to units, and verification results trace back — queryably, bidirectionally, at all times. Class-aware rigor: Class C items need more process (design review, unit verification) than Class A; tooling should enforce the difference, not leave it to memory. Change control: post-release changes require impact analysis, approval, and re-verification — each producing records tied to the change. Problem resolution: defects and field issues ride a documented workflow with disposition evidence. Maintenance over years: device software lives long; the evidence web must survive team turnover and tool migrations.
The incumbent stack documents intentions well and relations poorly. Links between a Confluence requirements page and Jira tickets are conventions that decay; risk class lives in labels nobody validates; verification results sit in attachments or CI logs that reference nothing; and when a notified body samples — "this Class C requirement: show its verification and every change since v2.1" — the answer is a week of archaeology. Teams also discover the enforcement gap: nothing in the stack prevents a Class C change from shipping without its design review; the process exists only as culture. Auditors call this what it is: an undocumented lifecycle with good documentation.
1. Trace integrity, live. In the demo, pick a requirement and walk to its risk class, design elements, test cases, and executed results without leaving the tool. Ask how orphans (unverified requirements, untraced changes) surface — the right answer is a standing query, as with coverage and quality views.
2. Workflow rigor by class. Can approval requirements differ by safety classification? In LoopIQ, approval policies encode exactly this — which roles must sign off on which class of change — recording identity and timestamp per artifact.
3. Change control with evidence. Post-release changes should ride structured change requests linking impact analysis, approval, and re-verification — the maintenance-phase chain notified bodies sample hardest.
4. Verification linkage. Test plans and cases must map to requirements; executions must record results, environment, and executor at run time.
5. Audit assembly. Ask for the release's full evidence package in one view — LoopIQ's Release Compliance Dossier pattern — plus scoped read-only auditor access via permission management. This same assembly feeds EU MDR technical documentation, so you build the evidence once for both consumers.
Shortlist three tools; give each the same scripted audit sample (one requirement forward, one change backward) and time it. Pilot the winner on one real product increment, not a sandbox — migration friction (importing existing work, e.g. from Jira) and engineer adoption are where selections actually fail. Acceptance test: your quality lead produces a sampled evidence chain in under fifteen minutes, and your engineers didn't leave the tool to do their work.
IEC 62304 software selection is a test of one property: does the tool hold your lifecycle as connected, enforceable, queryable data? Documents and trackers describe the lifecycle; the right platform is the lifecycle — and when the notified body samples, that difference is your audit outcome.
Relational evidence: requirements traced to risk classes, architecture, and verification results; safety-class-aware process rigor; change control with impact analysis and re-verification records; and audit-ready assembly per release — maintained across years.
It documents intentions but can't enforce or query relations: links decay, risk classes live in unvalidated labels, verification results reference nothing, and nothing prevents a Class C change from shipping without its required review.
Two live traces, timed: one requirement forward to its risk class, design elements, and executed verification; one post-release change backward through impact analysis, approval, and re-verification. Tools that answer with exports rather than queries are relocating the problem.
The same evidence base feeds both: lifecycle records assembled per release become the software portion of MDR technical documentation, so one system serves the notified body and the regulator without duplicate assembly.