The second entry in our cycle covering FDA Guidance on premarket submissions for medical device software, this article describes the way the manufacturers shall determine the scope of information to be submitted to substantiate their applications and also provides document-specific recommendations to be considered to ensure the documents contain all the information required.
The Food and Drug Administration (FDA or the Agency) , the US regulating authority in the sphere of healthcare products, has published a draft guidance document dedicated to the content of premarket submissions for device software functions. Once finalized, the document would provide additional clarifications and recommendations regarding the applicable regulatory requirements to be considered by the medical device manufacturers interested in placing their software products on the market. However, the document itself is not intended to introduce new rules or impose new obligations. Moreover, the provisions thereof are non-binding in their legal nature. The authority additionally emphasizes that an alternative approach could be applied, provided such an approach complies with the respective regulatory requirements and has been agreed with the FDA in advance. The present draft guidance is intended to initiate public discussions on the matter. The authority will analyze feedback and comments received and consider them when preparing the final version of the document.
First of all, the documents provide the definitions of the most important terms and concepts used in the context of device software functions. These terms include, inter alia, the following ones:
- Device Software Function – software function that meets the device defined in section 201(h) of the FD&C Act. “Software as a Medical Device (SaMD)” and “Software in a Medical Device (SMD)” are device software functions. As further explained by the FDA, the term “function” stands for a distinct purpose of the product, which could be the intended use or a subset of the intended use of the product.
- Off-the-Shelf Software – a generally available software component used by a device manufacturer for which the manufacturer cannot claim complete software life cycle control (e.g., operating system, printer/display libraries).
- Software as a Medical Device (SaMD) – software that meets the definition of a device in section 201(h) of the FD&C Act and is intended to be used for one or more medical purposes without being a part of a hardware device.
- Software in a Medical Device (SMD) – software that meets the definition of a device in section 201(h) of the FD&C Act, and is used to control a hardware device or is necessary for a hardware device to achieve its intended use. Typically, SMD is embedded within or is part of a hardware device.
Apart from the ones listed hereinabove, the guidance provides the definitions of such terms as “software verification” and “software validation”.
Documentation: General Principles
The guidance further describes specific principles to be applied when determining the scope of documentation to be provided when filing a submission. According to the guidance, this scope would depend on the risks associated with the use of a medical device in question, as well as other conditions. In particular, the authority would take into consideration several factors by determining the appropriate Documentation Level for each of them. As described by the FDA, the Documentation Level could be either Basic or Enhanced and will describe the scope of information to be submitted about the software subject to review. The aforementioned determination should be based on the intended use of the software product as a whole. In terms of Documentation Levels, the FDA provides the following:
- Basic Documentation should be provided for any premarket submission that includes device software functions where Enhanced Documentation does not apply. Hence, this level describes a minimum scope of information to be provided by the applicant entity to substantiate its submission and ensure the authority has all the information necessary to assess the safety- and performance-related matters associated with the software intended to be placed on the market.
- Enhanced Documentation should be provided for any premarket submission that includes device software functions, where any of the following factors apply:
- The device is a constituent part of a combination product;
- The device (a) is intense to test blood donations for transfusion-transmitted infections, or (b) is used to determine donor and recipient compatibility, or (c) is a Blood Establishment Computer Software;
- The device is classified as class III;
- A failure or latent flaw of the device software function(s) could present a probable risk of serious injury, either to a patient, user of the device, or others in the environment of use. As further explained by the FDA, these risk(s) should be assessed before the implementation of risk control measures. The authority encourages medical device manufacturers to assess the risks associated with the software product they are responsible for concerning its intended use and the way it impacts the safety of patients and/or the treatment process.
Thus, the present draft guidance outlines the scope of cases when additional information regarding the software should be provided since such information is reasonably necessary for the authority to be able to evaluate all the risks associated with the product in the context of its intended use.
Apart from describing the general principles to be applied when determining the scope of information to be submitted, the Agency also provides detailed recommendations regarding the particular documents to be included in the submission dossier for each of the Documentation Levels. Under the general rule, the information such documentation contains should be sufficient to demonstrate that the medical device manufacturer has duly developed and implemented all the measures necessary to ensure the safety and effectiveness, as well as traceability of the software. In particular, the documentation should cover such aspects as planning, requirements, risk assessment, design reviews, change management, testing plans and results, and other aspects of good software engineering for device software functions. The main purpose of providing the aforementioned information is to ensure the authority has all the necessary details to be able to make a regulatory decision about the software subject to review.
The guidance further provides detailed clarifications regarding each type of documentation including, inter alia, the following ones:
- Software Description,
- System and Software Architecture Design Chart,
- Risk Management File,
- Software Requirements Specification,
- Software Design Specification,
- Software Development and Maintenance Practices,
- Software Testing as Part of Verification and Validation,
- Revision Level History,
- Unresolved Anomalies.
It is important to mention that the particular documents to be submitted concerning the points above would depend on the applicable Documentation Level. For instance, in the case of a Basic Level, Software Design Specification is not required, while for Enhanced Level the applicant would have to provide a comprehensive set of documents describing all the important technical aspects related to the software and the way it operates. For such categories as Software Development and Maintenance Practices, or Software Testing as Part of Verification and Validation, the guidance specifies additional information to be submitted in case of the Enhanced Level.
In summary, the present draft guidance issued by the FDA highlights the most important aspects related to the documentation medical device manufacturers (software developers) have to submit when applying for marketing approval. The document specifies the particular criteria to be applied when determining the scope of information to be provided to the authority and also clarifies the requirements about specific documents.
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.