# 1. Regulatory References **Regulatory references:** IEC 62304, para. 5.3.1 and 5.3.2 [class B, C] **Relevant other documentation:** * SOP Software Development * User needs / stakeholder requirements * Design input / software requirements * (...) # 2. Software Systems In compliance with DIN EN 62304, we subdivide our software on three levels: software systems, software components and software units. > Here, describe your internal software systems. The IEC 62304 defines those as an “integrated collection of > software items organized to accomplish a specific function or set of functions.” > > NOTE: Ideally, you would add an illustrating diagram to the Annex and reference it here. ## 4.1. Frontend > Enter description, for example: > > * Function: user interface display > * Software safety classification and rationale > * Runtime > * Deployment > * User groups ## 4.2. Backend > Enter description, for example: > > * Function: managing patient data and medical images. > * Software safety classification and rationale > * Runtime (e.g. JVM) > * Deployment (e.g. Docker container) > * User group ## 4.3. Algorithm > Enter description, for example: > > * Function: taking medical images as input and output a prediction. > * Software safety classification and rationale > * Runtime (e.g. JVM) > * Deployment (e.g. Docker container) > * User group # 6. Software Units > Describe your internal software units. The IEC 62304 defines those as a “software item [any identifiable > part of a program, i.e. source code, object code, control code, control data, etc.] that cannot be > subdivided into other items”. For example: > > * Wearable device poller (regularly checks whether wearable device has new data and downloads it) > * Notification service (sends messages to Apple / Google for push notifications of mobile apps) > * (...) # 7. Database > Describe your databases. For example: > > * Relational database: Postgres v14 # 8. IT Security ## 8.1. Encryption of data \ ### 8.1.1. Data at rest \ ### 8.1.2. Data in transit > Example content: > > * Data in transit is encrypted with state-of-the-art encryption, e.g. SSL, TLS. > * Additionally, we create a Virtual Private Network (VPC) which prevents the Compute Instances from being > exposed to the public internet. The algorithm and the database are therefore not publicly reachable; they > are only reachable by the backend. --- Template Copyright [openregulatory.com](https://openregulatory.com). See [template license](https://openregulatory.com/template-license). Please don't remove this notice even if you've modified contents of this template.