User interface design activities, formative and summative evaluation structure, and risk management integration remain core process requirements.
Explicit separation of usability process from risk management, hazard-related use scenario focus, and training as a permitted risk control option — AMD1:2020.
Documented usability process — often a gap when usability is ad hoc; bidirectional link between use-error analysis and the risk management file required.
Maps to
IEC 62366: §4.1.1 USABILITY ENGINEERING PROCESS
ISO 13485: §7.3.2 Design and development planning
Pre-QMSR Part 820 (legacy QSR): §820.30(b) Design and development planning.
Requirement text
The manufacturer shall establish, document, implement, and maintain a usability engineering process, as defined in Clause 5, to provide safety for the patient, user, and others (including bystanders and third parties). Per §4.1.1, the process must address user interactions including transport, storage, installation, operation, maintenance and repair, and disposal — covering user interface design, formative evaluation during development, and summative (validation) evaluation prior to release. Risk control activities related to the user interface must be integrated with the overall risk management process.
Why this clause exists
The usability engineering process requirement exists because user interaction errors are among the most frequent root causes of serious adverse events in medical devices — and those errors are systematically preventable through design rather than training. FDA's MAUDE database documents class-wide use-error patterns in infusion pump families spanning more than two decades: dose-entry interfaces that permitted clinically plausible but lethal entries — decimal-point displacement, kg/lb confusion, mL/hr versus mL/dose ambiguity — caused patient deaths that could not be attributed to device malfunction because the devices functioned exactly as designed. The interface design was the failure. IEC 62366 clause 4.1.1 codifies the process obligation because without a documented, lifecycle-integrated usability engineering process, there is no organizational mechanism to detect hazard-related use scenarios early, design controls that reduce use-error probability, or verify through structured human-factors testing that those controls are effective before the device reaches the field. The process integration requirement — specifically, that UI risk controls feed back into the ISO 14971 risk file — exists because usability and risk management produced disconnected artifacts in most manufacturers prior to the 2015 edition, leaving hazard analyses ignorant of known use-error failure modes.
What changed
IEC 62366-1:2015 replaced the 2007 first edition with a major restructuring. The standard was split into Part 1 (normative requirements) and Part 2 (IEC TR 62366-2, informative guidance and methods). The scope broadened to include hazards of all types including psychological hazards, not just direct physical hazards.
The standard introduced a formative/summative evaluation framework not present in 2007. The 2007 requirement to identify primary operating functions was removed — instead, the 2015 version mandates identification and evaluation of hazard-related use scenarios.
Amendment 1 (2020) refined the standard without making fundamental process changes: it updated the normative reference from ISO 14971:2007 to ISO 14971:2019, aligned terminology (e.g., ISO 13485 reference updated to 2016 edition), added training explicitly as a permissible option alongside information for safety in the §4.1.2 risk-control priority hierarchy, introduced the concept of 'use difficulty' (close calls and near-misses that do not result in an actual use error), added a normative §5.10 and Annex C pathway for evaluating a User Interface of Unknown Provenance (UOUP) — covering legacy, inherited, and third-party UI components — and replaced 'action error' with 'physical mismatch' in the use-error taxonomy. The consolidated edition is designated IEC 62366-1:2015+AMD1:2020 CSV.
Common gaps (what we see in audits)
- Usability engineering disconnected from risk management — The 2020 amendment requires bidirectional exchange between risk management (ISO 14971) and usability engineering. Auditors look for a direct link between use errors identified in the Usability File and hazards listed in the ISO 14971 Risk File. Many manufacturers run these as parallel but disconnected processes.
- No documented usability engineering process — Many manufacturers, especially smaller companies, have no formal usability engineering process. They may perform some usability activities ad hoc but lack the documented process with defined activities, responsibilities, and deliverables that IEC 62366-1:2015+AMD1:2020 CSV requires. Usability is treated as optional UX polish rather than a safety-related regulatory requirement.