The first article of the cycle provides an overview of the regulatory background for device software functions and describes the applicability of the respective draft guidance document issued by the FDA.
The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a draft guidance document dedicated to the content of premarket submissions for device software functions. The present document constitutes a draft published to inform the industry and initiate public discussions. Once finalized, the document will provide additional recommendations to be considered by medical device manufacturers (software developers) and other parties involved. It is important to mention that guidance documents published by the FDA are non-binding in their legal nature. Moreover, an alternative approach could be applied, provided such an approach complies with the respective regulatory requirements and has been agreed with the authority in advance.
The present document outlines the scope of information to be included in premarket submissions filed by medical device manufacturers (software developers) about the software products they are going to place on the US market. In particular, the guidance highlights the main points to be addressed to ensure the authority will have sufficient information to be able to assess the matters related to the safety and effectiveness of the product in question. The document refers to the concept of device software functions – the ones that are falling within the scope of the definition of a medical device set forth by the Federal Food, Drug, and Cosmetic (FD&C) Act. The recommendations and clarifications provided in the guidance could be applied in the case of software in the medical device (SMD) and software as a medical device (SaMD). It is also important to mention that the present draft guidance is intended to replace the Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices issued earlier by the FDA.
The present guidance indicates the particular aspects to be addressed in submission to facilitate the review and simplify the process by ensuring the authority receives all the information necessary to evaluate the safety- and performance-related matters. The Agency also mentions that the information outlined in the guidance is usually created in the course of basic activities related to the development process, including verification and design validation. However, the authority reserves the right to request additional information it reasonably needs to complete the review. For instance, medical device manufacturers are usually requested to provide information and documentation related to the Quality System Regulation (QSR) which establishes specific design controls. At the same time, as it was mentioned before, software developers are allowed to apply alternative approaches, provided such approaches are in line with existing legislation.
The document also refers to the FDA Recognized Consensus Standards that could be used to demonstrate compliance with the applicable regulatory requirements.
First of all, the authority provides an overview of the applicable legislation which addresses various aspects related to the matter. In particular, the current regulatory approach is based on the aforementioned FD&C Act as amended by the 21st Century Cures Act, by the virtue of which certain software functions have been explicitly excluded from the definition of a medical device. The Agency also acknowledges that technologies used for software intended for medical purposes are developing rapidly, so it is important to ensure the applicable legislation is up to date and efficiently addresses the most important safety- and performance-related matters.
To assist medical device manufacturers (software developers) and other parties involved in interpreting and applying the provisions of existing legislation, the FDA issues numerous guidance documents describing specific aspects and providing additional clarifications and recommendations to be taken into consideration. This guidance include, inter alia, the following ones:
- Multiple Function Device Products: Policy and Considerations;
- Off-The-Shelf Software Use in Medical Devices;
- Design Considerations and Premarket Submission Recommendations for Interoperable Medical Devices;
- General Principles of Software Validation;
- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices;
- Cybersecurity for Networked Medical Devices Containing Off-The-Shelf (OTS) Software.
The guidance documents listed hereinabove contain important information to be considered about respective processes and procedures.
As it was mentioned before, medical device manufacturers may also make references to the respective harmonized standards to demonstrate compliance with the applicable regulatory requirements. According to the guidance, in the context of the content of premarket submissions for software functions, the references could be made to such standards as:
- ANSI/AAMI/ISO 14971: Medical devices – Applications of risk management to medical devices
- ANSI/AAMI/ISO 62304: Medical Device Software – Software Life Cycle Process
- ANSI/AAMI SW91: Classification of defects in health software
According to the guidance, these standards should be considered by medical device manufacturers (software developers) in terms of assessing compliance with the respective requirements and preparing information for premarket submission.
As it is stated by the Agency, the scope of the present draft guidance covers software functions that meet the definition of a medical device. This includes, inter alia, software functions used to control hardware devices or being parts thereof; as well as software products that are medical devices on their own. As further explained by the FDA, the term “function” stands for a distinct purpose of the product, which could be intended use or a subset of the intended use of the product. Consequently, the number of functions the product has would depend on the number of purposes it is intended to be used for. Thus, the scope of the present guidance covers such software products as:
- Firmware and other means for software-based control of medical devices;
- Stand-alone software applications;
- Software intended to be operated on general-purpose computing platforms;
- Dedicated hardware/software medical devices; and
- Accessories to medical devices when those accessories contain or are composed of software.
The FDA also mentions that the recommendations provided in the document are applicable for all types of premarket submissions, such as:
- Premarket Notification (510(k));
- De Novo Classification Request;
- Premarket Approval Application (PMA);
- Investigational Device Exemption (IDE);
- Humanitarian Device Exemption (HDE); and
- Biologics License Application (BLA).
At the same time, the scope of the document does not cover the products that are not devices.
In summary, the present draft guidance published by the FDA addresses the regulatory matters related to the software functions in terms of applying for marketing approval. The document outlines the applicable legislation describing the way the provisions contained therein should be interpreted about the information an interested party should provide when filing the initial submission.
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.