The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the content of premarket submissions for the software contained in medical devices. The latest version of the document was issued in May 2005. It is important to mention that the present guidance is not intended to introduce new rules and requirements but to provide additional clarifications and recommendations to be considered to ensure compliance with the applicable regulatory requirements the products covered by the scope of the guidance are subject to. The authority also mentions that an alternative approach could be applied, provided such an approach complies with the applicable regulatory requirements and has been agreed with the authority in advance. 

The present guidance highlights the most important aspects to be considered depending on the type of submission.

The Special 510(k) Program 

According to the guidance, for a premarket submission to qualify for review under the Special 510(k) Program, the device should be a modification of [the] 510(k) cleared device that [the applicant] owns, where the modification does not alter the intended use or the fundamental scientific technology of the device. The authority additionally mentions that in such cases the documentation to be submitted should only cover the aspects related to the modification itself, while it is not required to submit a whole set of documentation describing the medical device in general. The Agency encourages the applicants to submit the regression testing (test plans, description of pass/fail criteria, as well as the testing summary). Under the general rule, the scope of information to be provided about a medical device should be determined depending on the applicable Level of Concern. The FDA also mentions that as long as a Special 510(k) framework refers to the declaration of conformance to design control, a submission could take place only once all the testing has been completed successfully, as the appropriate references should be made in a declaration to be submitted by the applicant. 


The Abbreviated 510(k) Program 

The regulatory requirements for an Abbreviated 510(k) submission are set forth by regulation 21 CFR 807.87, while the present guidance provides additional clarifications and recommendations regarding the scope of information and documentation to be submitted. In this regard, the authority states that the manufacturer may refer to the applicable FDA-recognized standard to demonstrate compliance with the respective regulatory requirements. In such a case, the applicant should provide either a:

  • A statement that testing will be conducted and meet specified acceptance criteria before the product is marketed; or
  • Declaration of conformity to the standard. 

As it was mentioned before, such a declaration could be submitted only upon completion of testing, as it should contain references to testing results. To assist medical device manufacturers in making references to the applicable standards, the Agency recommends the following recommendations provided in the guidance “Use of Standards in Substantial Equivalence Determinations”. 

Should the standard the applicant refers to require specific testing to be carried out, it will be also necessary to provide additional information about such testing and the way it was performed, including the pass/fail criteria and test results. The authority additionally emphasizes the importance of providing details regarding deviations from testing methods prescribed by the standard, accompanied by the detailed enough justification of such deviations in the context of their impact on safety and effectiveness. 

Additional Aspects 

Apart from the main points described hereinabove, the present FDA guidance provides additional clarifications regarding the aspects to be taken into consideration about software contained in medical devices and applications for marketing approval associated thereto. These aspects include, inter alia, the following ones:

  1. Risk Assessment and Management 
    1. Background. The authority emphasizes the importance of the software development life cycle and risk management activities due to the significant impact they could cause on the safety and performance of a medical device. Hence, all the risks associated with the software should be subject to a rigorous assessment in the course of review of the respective application.
    2. Risk Assessment and Level of Concern. Under the general rule, the Level of Concern associated with the device should be determined depending on the risks associated with the device. To ensure the accuracy of such a determination, the authority recommends taking into consideration the Level of Concern for similar medical devices. To make references to such determination, the applicant should provide a detailed justification.
    3. Risk Management. Under the general rule, FDA considers risk as the product of the severity of the injury and the probability of its occurrence. At the same time, due to the specific nature of issues associated with the software, the approach to be applied should be different, since the failures and malfunctions appear on a systematic basis, hence, the standard approach to probability could not be applied. Due to the aforementioned, the Agency recommends considering the risks associated with the device based on the hazards, assuming that the failure will occur. In this regard, the document also refers to the recommendations provided in the applicable standard ISO 14971. 
  2. Software Change Management. According to the guidance, modifications to the software and ensuring they do not impact the safety and performance of the device require special attention to be paid by the manufacturer. The Agency states that in numerous cases the events of malfunctions and software failures are associated with the software products that were subject to changes and modifications after the initial assessment carried out when placed on the market. Some of the changes are not subject to mandatory review by the regulating authority, however, such changes could also cause or contribute to software failures. Hence, an efficient change control mechanism should be duly developed and implemented by the manufacturer (software developer). 
  3. Blood Establishment Computer Software. According to the guidance, for this type of software, the manufacturer shall submit a complete copy of the User’s Manual, together with all the documentation accompanying the device which covers the aspects related to anomalies and defects. 
  4. Software of Unknown Pedigree (SOUP) refers to the software provided by a third party, while it is not always possible to obtain all necessary documentation for such software. In such a case, the applicant should provide all available information regarding the software and consider this factor in the course of the risk assessment. 
  5. Virus Protection Software falls outside the scope of the present guidance. 

In summary, the present FDA guidance provides additional recommendations regarding the content of premarket submissions related to the software contained in medical devices. The document outlines the scope of information to be submitted depending on the product in question and the application framework. 

How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.