Design-before-code discipline and documented design artifacts — general software engineering practice that predates IEC 62304.
A1:2015 simplified the obligation to 'document a design' with enough detail for correct implementation. Class C only. Extended applicability to SaMD and health software. [Class C]
Unit-level design detail — algorithm logic, data structures, error handling — and specific design documentation of risk control implementation for safety-critical units.
Maps to
IEC 62304: §5.4.2 Develop detailed design for each software unit
ISO 13485: §7.3.4 Design and development outputs
Pre-QMSR Part 820 (legacy QSR): §820.30(d) Design output.
Requirement text
The manufacturer shall document a design with enough detail to allow correct implementation of each software unit. [Class C]
Why this clause exists
For Class C software, where software failure can contribute to death or serious injury, the gap between architecture and implementation must be closed by documented design artifacts that constrain how each unit is built. A detailed design per 5.4.2 defines the internal logic, data flows, and algorithms for each unit in sufficient specificity that an implementer can code correctly without making safety-relevant design decisions during coding. Without this level of documentation, safety-critical units are implemented based on developer interpretation of architectural intent, and the relationship between the implemented unit and the risk control measures it embodies cannot be objectively verified. Clause 5.4.2 is a Class C-only obligation because this level of design documentation burden is reserved for software whose failure risk is highest.
What changed
Amendment 1 (2015) simplified the clause obligation from 'develop and document a detailed design' (2006 edition) to 'document a design' — removing the prescriptive 'develop and' and the qualifier 'detailed' from the normative text, while retaining the sufficiency standard 'enough detail to allow correct implementation.' The Class C restriction is unchanged. A1:2015 expanded the scope to explicitly include SaMD and health software.
Common gaps (what we see in audits)
- Detailed design at architectural rather than unit level — The design document describes component interactions and interfaces at the architecture level but does not provide per-unit design detail sufficient for implementation. Auditors expect unit-level specificity — algorithms, data structures, error handling — not just module-to-module communication diagrams.
- Risk control implementation detail absent from unit designs — Unit designs for safety-critical units do not document the specific design decision that implements the risk control measure. Without this detail, verification cannot confirm that the code correctly realizes the control — only that the unit broadly functions as described.