IEC 62304:2006, along with Amendment 1:2015, defines life cycle processes for medical device software based on safety class. IEC 81001-5-1 complements it by defining security activities across the health software life cycle. ECLAIR helps satisfy key requirements across all classes and security activities:
Development planning and verification (5.1.1 – 5.1.11)ECLAIR supports planning activities through built-in coding standards, metric analysis, and automated verification services, and structured security life cycle support aligned with IEC 81001-5-1.
Software requirements management (5.2)ECLAIR’s requirements tracing guarantees bi-directional traceability between code, requirements, and tests, supporting both IEC 62304 and IEC 81001-5-1 expectations
Software architecture and segregation (5.3)ECLAIR Independence Checker enforces architectural rules and interface separation, which is critical for ensuring safe decompositions and supporting segregation arguments for both safety and security.
Unit verification and integration testing (5.5 – 5.6)ECLAIR verifies that unit-level implementation complies with required coding standards (e.g., MISRA, BARR-C) and expected metric thresholds, while enabling security-focused static analysis and regression support.
ECLAIR COVERAGE OF IEC 62304 AND IEC 81001-5-1
ECLAIR addresses key validation requirements in the FDA GPSV guidance and aligns with FDA cybersecurity expectations:
Requirements traceabilityTraceability is ensured at all levels with ECLAIR requirements management tools, which connect software artifacts with system-level specifications, security controls, and tests.
Defect prevention and lifecycle planningECLAIR enables static verification of source code early in development, reducing defect injection, preventing vulnerabilities, and supporting life cycle process conformance.
Change impact analysisDifferential analysis and reproducible builds allow developers to assess the full impact of changes, validate modifications effectively, and support regression verification.
Tool support for independence and automationAutomated checks via ECLAIR enable partial independence from the development team, support repeatable validation activities, and integrate smoothly into CI/CD environments.
Tool validation under FDA QSR (21 CFR 820.70(i)) When used within production or quality systems, software tools must be validated for their intended use. ECLAIR supports structured tool validation by providing documented functionality, deterministic behavior, traceable configuration mechanisms, regression test evidence, and qualification artifacts suitable for inclusion in a manufacturer’s QMS.
ECLAIR supports all the main software coding standards relevant to medical software:
MISRA C:2025 and earlier versions, enforced via the MC package.
MISRA C++:2023 and MISRA C++:2008, supported by the MP package.
BARR-C:2018, included in all ECLAIR packages.
These standards contribute not only to safety but also to secure implementation and vulnerability prevention.
In addition, ECLAIR supports advanced architectural verification and segregation enforcement through ECLAIR Independence Checker, helping justify software item classification in accordance with IEC 62304’s principles and supporting secure architecture requirements of IEC 81001-5-1.
ECLAIR also supports precise identification of actually used portions of third-party and SOUP components, helping focus validation and security assessment efforts where they matter.
ECLAIR has been independently certified by TÜV SÜD as suitable for use in the development of safety-related software, in compliance with the prescriptions of:
ECLAIR supports not only functional safety compliance but also security-oriented life cycle activities aligned with IEC 81001-5-1 and FDA cybersecurity expectations.
For projects requiring tool qualification, ECLAIR offers tailored solutions:
The MDR, effective from May 2021, requires medical device software to be developed in accordance with state-of-the-art standards, explicitly referencing life cycle management, information security, verification, and validation.
IEC 81001-5-1 can be used as part of state-of-the-art evidence for structured security life cycle activities in health software.
ECLAIR enables you to meet these expectations by:
Applying proven coding standards that embody industry best practices.
Enforcing interface segregation and architectural constraints.
Providing complete traceability and validation artifacts.
ECLAIR helps ensure that your development process is defensible, compliant, and aligned with the MDR’s safety expectations.
ECLAIR is built for flexibility, scientific rigor, and precision:
Extensively validated with industrial and proprietary test suites.
Based on research in software verification and static analysis.
Configurable to your development process, environment, and objectives.
Designed to exclude configuration errors that could undermine compliance evidence.
ECLAIR is the solution of choice when correctness, compliance, cybersecurity, and patient safety cannot be compromised.
If you are developing safety- or security-related medical software, learn more about how ECLAIR can accelerate your path to IEC 62304, IEC 81001-5-1, and FDA compliance.
View resources
Schedule a Call with Our Team
