The article provides a brief overview of the existing regulatory requirements for computer software assurance in the context of medical devices. 

The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to computer software assurance for production and quality system software. The document is intended to provide additional clarifications regarding the applicable regulatory requirements, as well as recommendations to be followed to ensure compliance thereto. At the same time, provisions of the guidance are non-binding in their legal nature and are not intended to introduce new rules or impose new obligations. Furthermore, the authority explicitly states that an alternative approach could be applied, provided such an approach is in line with the current legislation and has been agreed with the authority in advance. It is important to mention that the present document constitutes draft guidance published by the FDA to collect feedback and suggestions from the industry. Once finalized, the guidance will represent the position of the authority about the matter. 

As it is stated by the authority, the present guidance is intended to provide recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system. In particular, the document describes in detail the concept of “computer software assurance” as a risk-based approach to establish confidence in the automation used for production or quality systems, and also highlights the key points which require the most attention. Apart from that, the document outlines methods and testing activities to be used in the course of computer software assurance, as well as for collecting the evidence necessary to demonstrate compliance with the applicable regulatory requirements. 

The document is intended to supplement the guidance document “General Principles of Software Validation”. The document also contains references to the FDA-recognized voluntary consensus standards medical device manufacturers may refer to when demonstrating compliance with the applicable regulatory requirements. 


Regulatory Background 

First of all, the authority mentions its intention to ensure the quality, safety, and effectiveness of medical devices marketed and used in the US through the improvement of manufacturing processes to assist medical device manufacturers in improving their manufacturing quality level. Thus, the idea is to assist medical device manufacturers in complying with any applicable regulatory requirements when manufacturing medical devices. In this respect, the authority additionally emphasizes the importance of ensuring compliance with the requirements set forth by the Quality System regulation, Part 820 describing the way medical device manufacturers should develop, conduct, control, and monitor the production process to ensure that a device conforms to its specifications, including requirements for manufacturers to validate computer system software used as part of production or the quality system for its intended use. The present guidance describes in detail the practices and approaches medical device manufacturers should apply concerning computer and automated data processing systems they use in the manufacturing or quality assessment to ensure the overall quality and safety of medical devices being manufactured. 

Challenges and Needs 

The authority acknowledges the rapid technological development occurring nowadays and strives to make sure the regulatory measures implemented provide sufficient flexibility for novel technologies to be used in medical devices while ensuring their safety and effectiveness. To be aware of the state-of-the-art approaches and solutions, the authority conducts on-site visits to manufacturing facilities involved in manufacturing medical devices. At the same time, medical device manufacturers seek additional legal clarity concerning regulatory requirements to be followed in terms of novel technologies including, inter alia, software-based solutions. The industry expects the approach applied to be adaptive enough to meet changing needs. 

As further explained by the FDA, traditionally, software validation has often been accomplished via software testing and other verification activities conducted at each stage of the software development lifecycle. At the same time, software testing itself in most cases is not sufficient to make sure that it meets the needs related to its intended use. Thus, the FDA guidance on software validation recommends that “software quality assurance” focus on preventing the introduction of defects into the software development process, and it encourages the use of a risk-based approach for establishing confidence that the software is fit for its intended use. It is stated that the application of a risk-based approach for the software used in the manufacturing process would be beneficial in terms of ensuring the proper quality of medical devices manufactured, that is why the present recommendations on software assurance are provided by the FDA. The authority expects that they will facilitate the use of novel technologies and make new medical devices based thereon available to healthcare professionals and patients while allowing medical device manufacturers to achieve and sustain compliance with the current regulatory framework. 

It is also important to mention that the scope of the guidance is not exhaustive in terms of software validation principles. Some of them have already been described by the FDA in separate guidance documents dedicated to the matter. This guidance describes the way a risk-based approach should be applied to the software used in the manufacturing process. In particular, it covers the aspects related to the risks to be considered, testing methods to be used, and also the ways to generate the evidence necessary to ensure compliance with the applicable requirements for manufacturing or quality system software. 

In summary, the present guidance describes the approach to be applied when ensuring the software used in the course of the medical device manufacturing process is fit for its intended purpose. By virtue of the guidance, the authority explains the way the software should be assessed, and also outlines the key points to be taken into consideration in terms of the overall quality, safety, and effectiveness of medical devices being manufactured.



How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.