This JIS standard specifies cybersecurity activities that medical device manufacturers must implement in addition to the software lifecycle processes defined in JIS T 2304, corresponding to IEC 81001-5-1:2021. The document establishes requirements for managing security risks throughout the product lifecycle, addressing threats related to unauthorized access, data integrity, and system availability. Enacted on February 25, 2023, and effective from April 1, 2024, this standard was developed by JEITA (Japan Electronics and Information Technology Industries Association) as a draft originator. The standard is positioned as a conformance specification for Article 12, Paragraph 3 of Japan's Medical Device Basic Requirements Standards (Yakuhin Kikai Kihon Youken Kijun). Manufacturers should integrate the cybersecurity activities outlined herein with their existing software development processes to ensure comprehensive protection against evolving security threats throughout the device lifecycle.

This JIS standard specifies usability engineering processes for analyzing, specifying, developing, and evaluating safety-related human factors in medical devices, corresponding to IEC 62366-1:2015+Amendment 1:2020. The document establishes requirements for identifying and mitigating use errors that could result in harm to patients or operators, integrating human factors engineering into the device development lifecycle. Manufacturers must characterize the intended use environment, identify hazards associated with user interactions, develop mitigations through design and training, and conduct usability validation studies. The standard operates in conjunction with JIS T 14971 (risk management), as use-related risks must be identified and controlled through systematic usability engineering. The processes defined ensure that medical device designs accommodate user capabilities, limitations, and context of use to prevent foreseeable misuse. By systematically applying usability engineering principles, manufacturers reduce the likelihood of use errors and associated patient harm throughout the device lifecycle.

This technical report provides practical guidance on developing, implementing, and maintaining medical device risk management systems in accordance with JIS T 14971:2020 and its parent standard ISO 14971:2019. Published concurrently with JIS T 14971:2020 on October 1, 2020, the document offers detailed explanations and examples to support manufacturers in applying risk management principles effectively. The guidance clarifies the relationship between ISO 14971 requirements and other standards such as IEC 62304 and IEC 62366-1, demonstrating how risk management integrates with software lifecycle and usability engineering processes. Manufacturers should consult this technical report to understand implementation best practices, including hazard analysis methodologies, risk estimation approaches, risk control strategies, and residual risk evaluation techniques. The document addresses sector-specific considerations applicable to various medical device types and provides case studies demonstrating risk management in practice. This non-normative guidance helps organizations establish robust risk management culture and documentation while ensuring compliance with both Japanese regulatory requirements and international standards.

This JIS standard specifies terminology, principles, and processes for applying risk management to medical devices, including Software as a Medical Device (SaMD) and In Vitro Diagnostic devices (IVD), corresponding to ISO 14971:2019. The 2020 revision strengthens provisions for addressing security risks and aligns terminology with JIS T 0063:2020 (vocabulary for medical device risk management). Manufacturers must establish and maintain a risk management system that identifies hazards, estimates risks, implements controls, and verifies their effectiveness throughout the device lifecycle. The standard provides a structured approach to ensure patient safety by reducing risks to acceptable levels. As the foundational risk management framework under Japanese medical device regulations, this standard works in conjunction with other lifecycle standards such as JIS T 2304 and JIS T 62366-1. The document replaced JIS T 14971:2003 and represents Japan's adoption of evolving international risk management best practices.

This JIS standard specifies quality management system (QMS) requirements for medical devices across their entire lifecycle, from design and development through manufacturing, storage, distribution, installation, servicing, and disposal, corresponding to ISO 13485:2016. The document establishes the foundational QMS framework required for medical device manufacturers to obtain manufacturing and sales licenses and manufacturing registration under Japan's Pharmaceutical Affairs Law (Yakuhin Kikai Hou). Manufacturers must establish documented procedures for design control, risk management, supplier management, production and process controls, verification and validation, nonconforming product management, corrective and preventive actions, and post-market surveillance. The standard emphasizes management responsibility, resource provision, competence and training, and management review to ensure consistent product quality and safety. Organizations must maintain traceability, manage changes, and implement effective management of product recalls. This QMS standard serves as the regulatory foundation integrating all other technical standards (IEC 62304, ISO 14971, IEC 62366-1) into a coordinated governance structure.

This JIS standard specifies software lifecycle processes for embedded software in medical devices and Software as a Medical Device (SaMD), corresponding to IEC 62304:2006+Amendment 1:2015. The document defines development and maintenance requirements according to safety classes A, B, and C, establishing a comprehensive framework for software development activities. Originally enacted in 2006, the standard was revised in 2017 to align with the 2015 amendment of the international standard. Manufacturers must comply with this standard when developing medical device software to ensure systematic control of design, development, verification, validation, and post-market activities. The lifecycle processes encompass requirements analysis, design specification, implementation, verification, and validation phases tailored to device risk classification. This standard serves as a foundational requirement under the Pharmaceutical Affairs Law (Yakuhin Kikai Hou) for medical device approval and registration in Japan.