The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the content of premarket submissions for device software functions.
Table of Contents
The document is intended to provide additional clarifications on the applicable regulatory requirements, as well as recommendations in respect of documentation to be included in the submissions related to devising software functions. The guidance outlines the scope of information the authority would require to proceed with the review, and also highlights the most important aspects to be considered by medical device manufacturers (software developers) and other parties intended to place their products on the US market. It is also important to mention that FDA guidance documents are non-binding, hence, an alternative approach could be applied, provided such an approach complies with the respective regulatory requirements and has been agreed with the authority in advance.
According to the guidance, the scope of information the authority will expect to receive depends on several safety- and performance-related factors including, inter alia, the risks associated with the use of the device. Based on this, the authority distinguishes two documentation levels: Basic and Enhanced. The latter applies in cases when due to the nature of the device additional information is necessary to complete the assessment. The guidance describes in detail the information an interested party should submit to ensure completeness of the submission and facilitate its review by the FDA.
Among other aspects the guidance outlines the scope of information to be provided about unresolved anomalies (e.g., bugs, defects, errors). According to the guidance, an anomaly stands for any condition that deviates from the expected behavior based on requirements specifications, design documents, standards, or from someone’s perceptions or experiences. As further explained by the FDA, for each anomaly identified, it is necessary to provide:
- A description of the problem itself;
- Details on the way the problem impacts the performance of the product; and
- The actions a responsible party intends to take to eliminate the issue, as well as the respective timeframes within which such actions are to be taken.
In particular, the applicant should provide comprehensive information on the impact caused to the safety and performance of the device in question. For instance, the applicant can provide a list of unresolved anomalies ranked by the risk associated thereto. According to the document, the Agency recommends including defect classification for each anomaly using a defect taxonomy, such as ANSI/AAMI SW91’s Classification of defects in health software.
It is important to mention that in case the aforementioned anomalies would not be resolved completely before the device will become available to customers, the responsible party should duly provide the appropriate risk-based rationale describing why each of them would not harm the safety and performance of the product in general. Moreover, a complete list indicating any unresolved anomalies identified by the party responsible for a medical device should be duly communicated to its potential users to assist them in making an informed decision during the use of the product. As it is stated in the guidance, in all instances where it is practical to do so, any mitigations or possible workarounds for unresolved anomalies should be included in the premarket submission.
Additional Information to be Submitted
The guidance also provides key points to be considered concerning additional information to be provided by the applicant. To assist medical device manufacturers (software developers) in determining the applicable regulatory requirements and correctly interpreting them to achieve and ensure continuous compliance thereto, the Agency provides references to various guidance documents dedicated to the matters related to device software functions.
The document additionally covers the aspects related to the use of Off-The-Shelf Software. In particular, in such cases, the approach based on “Level of Concern” should be applied as well to determine the scope of information to be included in the submission. Thus, the FDA finds it necessary to harmonize the recommendations provided in this guidance and the respective guidance dedicated to the concept of the “Level of Concern”. For this purpose, the present guidance provides the following lists of documentation to be submitted depending on the respective documentation level for Off-The-Shelf (OTS) Software:
- Basic Documentation Level:
- Hazard Analysis,
- Basic Documentation,
- Hazard Mitigations,
- Describe and Justify Residual Risk;
- Enhanced Documentation Level:
- Hazard Analysis,
- Basic Documentation,
- Hazard Mitigations,
- Describe and Justify Residual Risk,
- Special Documentation.
The guidance further refers to the respective guidance document dedicated to the Off-The-Shelf Software concerning the interpretation of the terms and concepts used, such as “hazard analysis” or “describe and justify residual risk”. As explained by the FDA, the information requested as part of the “Special Documentation” includes:
- An assurance to FDA that the product development methodologies used by the OTS software developer are appropriate and sufficient for the intended use of the OTS software within the specific medical device,
- The procedure and results of the verification and validation activities performed for the OTS software are appropriate and sufficient for the safety and effectiveness requirements of the medical device, and
- The existence of appropriate mechanisms for assuring the continued maintenance and support of the OTS software should the original OTS software developer terminate their support.
The authority also mentions that OTS software solutions are mostly used to cover ancillary functions. Consequently, a party responsible for a medical device should duly assess the impact caused by an OTS software used on the overall safety and performance of a medical device.
Another important concept the guidance refers to is a Software of Unknown Pedigree (SOUP), which also stands for the software provided by a third party.
The document contains references to the FDA-recognised voluntary consensus standards the manufacturers may use to demonstrate that their products are compliant with the applicable regulatory requirements. According to the guidance, such an approach would facilitate and streamline the application review, ensuring the timely availability of safe and effective medical devices on the market.
In summary, the present guidance highlights additional aspects to be taken into consideration by medical device manufacturers (software developers) about the scope of information to be provided to the authority, as well as documentation to be included in the premarket submission related to the device software functions. The document provides additional recommendations on the key points to be covered and also provides references to the applicable standards to be followed.
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.