Part 2/2: What is a software development plan?

Standard Post
(Guest) Heiko Schmidt

26/01/2018

documentation, Guest blogs, software

The software development plan

  1. Part: What is a software development plan
  2. Part: What does a software development plan look like

What does a software development plan look like according to the requirements of 62304

Now that we know what a software development plan is, the question naturally arises as to what the actual content of such a plan could be.

IEC 62304 provides us with a good basis with quite concrete requirements in Chapter 5.1.

In the following article, I'll review the requirements of 62304 and discuss how to implement them in a specific project. 62304 has a total of 11 subchapters to illustrate what "software development planning" entails.

In general, when creating a plan, you should always ensure that it is adhered to and that you can provide evidence at the end that you have actually implemented what you planned. If there are legitimate reasons why the plan was not adhered to, this must be documented and justified.

Let’s look at the requirements of 62304 on software planning.

 

Chapter 5.1.1 a. Processes that are used must be specified
Here you'll be asked to define how you develop. Provide a reference to your software development process if you have a general process, or define how you work specifically for your project within the software development plan.

When using references, don't forget that they must be unique, i.e. the specific processes including the specific versions.

 

Chapter 5.1.1 b. the deliverables (including documentation) of the activities and tasks
Here, analogous to 5.1.1.a, you can refer to the general software development process, which hopefully defines the outputs of your development, or you can define in the plan what specific results will be created during development. Examples include: a software architecture, a detailed specification, review results, or the software release as a binary.

This list of results helps you check whether everything is complete and available before releasing the software. This allows you to quickly identify any gaps and evaluate or, of course, close them.

 

Chapter 5.1.1 c. Traceability between system requirements, software requirements, software system reviews and risk control measures implemented in software;
This section simply means traceability. Define how you will ensure traceability. As in the previous sections, you can refer to the general software development process that defines this, or you can define it here for your specific project.

You have complete freedom, but make it clear and binding!

 

Chapter 5.1.1 d. Software configuration and change management, including SOUP configuration items and software used to support development
Describe here how your configuration and change management works in concrete terms.

The procedure may look different for the source code, for SOUP elements and for tools.

You can refer to relevant processes or describe it specifically for the respective project.

Example:

  • All source code for the project is managed in Subversion. Changes to the source code prior to Quality Gate 1 can be made directly by developers.
    Changes between Quality Gate 1 and 3 must be approved by the project manager.
    Changes after Quality Gate 4 must be approved by the Change Control Board.
  •  SOUP elements are managed across projects in Clear Case. Changes to SOUP components are only implemented after checking dependencies on other projects.
  • The development tools used are managed and controlled by central IT. Necessary updates to the development tools must be reported to central IT. The use of new versions is only permitted after successful approval by central IT.

List the SOUP components and development tools used in your plan and remember that it must be clear (see also chapter 5.1.4).

 

Chapter 5.1.1 e. Software problem solving and addressing issues discovered in software products, deliverables, and activities at any stage of the life cycle
How do you deal with problems (bugs) you find? Problems don't just occur in the source code and thus in the software product. Problems can also occur in the documentation of the SOUP software used or in the software tools.

Describe the procedure in detail or refer to higher-level processes that describe the procedure.

As with change management, problem-solving can be approached differently depending on the project phase. The further your development progresses and the closer it approaches completion, the more formal your approach should be. Take advantage of the opportunity to define different approaches depending on the phase.

Example:

Problems with the development tools used can be resolved directly with central IT before Software Quality Gate 1. After Quality Gate 1, a ticket must be created and an initial risk assessment regarding the impact on the project must be performed.

After Quality Gate 2, problems must be escalated to the project manager.

 

Chapter 5.1.2 Updating the software development plan
This activity isn't too difficult, but it's often overlooked. Adjust the plan if anything changes. Don't forget to document the reason for the change in the history.

As the name suggests, we're talking about a plan here. A plan is created at the outset. Therefore, the plan can't already contain everything in version 1. The plan is a living document. The standard even explicitly requires you to keep it up to date and adapt it to changing circumstances.

 

Chapter 5.1.3 a. The manufacturer must reference system requirements in the software development plan as specifications for software development
This requirement is closely linked to requirement 5.1.1.c (traceability).

Include a reference to the system requirements in your plan, which are the basis for the software.

Don't forget to update your plan, including the references, if system requirements change. See also Section 5.1.2.

 

Chapter 5.1.3 b. The manufacturer shall include or reference procedures for coordinating software development and design and development validation in the software development plan; this is necessary to comply with 4.1.
This requirement sounds familiar. Chapter 5.1.1 already required defining what you're working on. This point goes in the same direction. Specify in the plan or reference the processes and methods that clearly show how you will proceed with validation. Reference is made to Chapter 4.1. There, among other things, the fulfillment of customer requirements is discussed, which is a clear reference to the topic of validation.

What could this look like in concrete terms?

To ensure that the software meets customer requirements, the following procedure is followed:

  • The identified users receive a mock-up to review the user interface during development.
  • The results are evaluated and incorporated into development planning.
  • After successful verification, the identified users receive the software including near-production hardware.
  • The results are evaluated and a decision is made as to whether the results will be incorporated into the product to be released or into a subsequent release.

 

Chapter 5.1.4 Planning of standards, methods and tools for software development
In your software development plan, define the standards you're considering for your software (e.g., 62304 or 60601-1-8), and specify the tools you'll use, such as compilers, version control, and testing tools. Don't forget to include the specific version.

This strongly aligns with configuration management. A complete configuration includes everything needed to uniquely and reproducibly identify a piece of software. This also includes the tools you use, standards, and the approach you take, such as verification methods.

Everything must be clearly identified, as all these points influence development and must be clarified.

 

Chapter 5.1.5 Planning software integration and integration testing
Determine how you plan to integrate the software. Describe the process.

The standard doesn't dictate how you integrate; it can be anything from a "big bang" approach to an "iterative" approach. However, make sure that the approach corresponds to the criticality of the project.

The approach to software integration depends heavily on your software architecture. Use this as the basis for your integration strategy!

You've now defined how you'll assemble your software. However, you haven't yet defined when you'll perform which tests!

For this reason, determine which tests you plan to perform during the integration.

This can look like this:

  • -A functional integration test is carried out for the software units a,b,c and then the software units d,e are integrated.
  • A load test is carried out for component x (consisting of the software units a,b,c,d,e).

You have a lot of freedom and therefore a lot of options. Define the optimal approach and make sure you then implement it as planned.

Please also note that you can combine the integration tests and the system tests, but you should, as always, plan and document this procedure.

 

Chapter 5.1.6 Planning software verification
How do you plan to verify your software? Since verification takes up a significant portion of the development process, this process must be planned very carefully.

Define everything that needs to be created, starting with the test specification, continuing with the design of the tests, through the execution of the tests, to the creation of test reports.

All these are results of verification activities that need to be planned.

For these results, you also need to define when you accept them. An acceptance criterion for a test specification would be, for example, that each requirement must have at least one test case, and the specified test methods must have been applied.

Define what needs to be available and at what time.

Verification planning is a very complex task. This activity is typically defined in one or more test plans (e.g., one test plan per level). These planning activities are often referred to as a "verification strategy."

In such a verification strategy, you can clearly describe the required points and demonstrate how you will proceed. A verification strategy is often found as a project-wide description for all projects. Any necessary details are then provided within the individual project.

 

Chapter 5.1.7 Planning software risk management
Similar to the previous chapter, "Planning Software Verification," software risk management must be planned. Typically, this involves referring to the underlying risk management process and the risk management plan applicable to the project.

If your product is a system with embedded software, software risk management will be part of the risk management of your overall system.

 

Chapter 5.1.8 Planning the documentation
During development, a multitude of artifacts are created, which include not only the source code but also the associated documentation.

This starts with the software system specification, continues with the software architecture, test specifications, etc.

Identify all document types that are created and specify:

  • What is the name of the respective document?
  • What is the document intended for?
  • Who is this document relevant for?
  • How is the respective document created, released and modified and by whom (responsibilities)?

 

Chapter 5.1.9 Planning software configuration management
Configuration management is a very important task in projects. It ensures the unambiguous composition of a product's software.

Configuration elements include all software modules or source code files, as well as SOUP components used. Furthermore, all documents created during software development or maintenance are considered configuration elements.

  • Define what falls under version control
  • Define the tasks and activities. For example, it may be necessary to first conduct a review and create a branch before putting something under version control.
  • Define who is responsible (role). There can be multiple people responsible for different activities. Don't forget your IT department and their interface to ensure regular backups.
  • Define when the components are to be added to the version control system. For example, you can require them to be added after each change and review.
  • Of course, errors in configuration elements also occur. When do you proceed with the problem-solving process? Immediately after something is under version control, or only after a baseline has been established?

Consider the effort required depending on the definition chosen. Determine the appropriate approach for when you should start using the problem-solving process.

 

Chapter 5.1.10 Supporting components to be controlled
As already mentioned in Chapter 5.1.9, not only the source code belongs in version control. You also need to be able to identify the versions of your tools, such as compilers, test frameworks, and similar, at any time. Don't forget the associated configuration files or make files.

Everything you need to rebuild a software version needs to be versioned and controlled. This is the only way to ensure that you can recreate a specific software version at any time.

You will realize how important configuration management is when you receive feedback from the field.

The feedback must be investigated, the cause found, and you will be required to provide a clear statement about which software versions are affected by the potential bug.

 

Chapter 5.1.11 Checking software configuration elements before verification
To begin a reproducible verification, the relevant components must already be versioned and entered into the version control system. Only then can you reference a unique version to which the verification refers.

So, first add the components to the version control system and specify the corresponding versions in your test reports! As mentioned in the previous sections, this doesn't just mean the source code, but everything you need to make verification reproducible. This starts with the specification, continues with the test specification, the tools used, and so on.

Always ask yourself whether you have everything under control so that you can repeat the exact test at a later date and get the same result.

Include all this information in your review!

 

I hope I was able to help you a little with my explanation of the 11 points from 62304 and provide more clarity. The standard always strives to create clarity from the outset to reduce the risk of errors, gaps, etc. Use the software development plan as a tool, as a project target, to clearly present this planning for everyone involved, and to make it clear to everyone what activities and results are necessary. Discuss the plan with the project team; this will help you spread knowledge and identify inconsistencies or gaps. Many eyes see more than two.

If you have any further questions or additional comments or experiences, please let me know. Here, too, the rule applies: more people know more than one!

Standard Post

Written by (Guest) Heiko Schmidt

Heiko Schmidt worked as Team Manager Software/Verification at Maquet Cardiopulmonary GmbH. There, he led the development of software for medical devices such as heart-lung machines and hypothermia/hyperthermia devices, among many others. Today, Heiko Schmidt works as Quality Manager Software/IT at Robert Bosch GmbH in Reutlingen.

 Previous article
Next article

More articles

  • 09/09/2025
  • General, Software

Embedded Software: Everything has an end – Timeouts

In previous blog posts, I have introduced two essential components of a simple and universally applicable software architecture: events with dispatchers, listeners, and data pools. These already allow for many simple use cases ...

Read more
  • 12/11/2024
  • General, Software, Testing, Tools

VectorCAST for efficient unit and integration tests in medical technology

In safety-critical software projects, software quality is paramount. Especially for Class C software, which must be certified according to strict standards such as IEC 62304 (medical technology), it is essential that ...

Read more
  • 08/08/2024
  • General, Electrical Stimulation, Software, Testing

App development in Flutter

Nowadays, apps in the healthcare sector are very important. Apps that can read and process data from medical sensors are particularly useful. Flutter is an open-source framework from Google that is excellent for ...

Read more
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.