The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the content of premarket submissions for software contained in medical devices. The document provides an overview of the documentation to be included in the premarket submission, as well as additional clarifications regarding the applicable regulatory requirements and recommendations to be followed by medical device manufacturers interested in placing their products on the US market.

It is important to mention that due to its legal nature, the FDA guidance documents do not introduce new rules and requirements themselves, and provisions contained therein are non-binding. Apart from the approach suggested by the FDA, the parties involved are allowed to follow an alternative one, provided it complies with the applicable regulatory requirements and has been approved by the authority in advance. The present guidance describes additional documentation to be included in submissions and highlights the main points to be considered to ensure completeness and clarity of the documents to be submitted.

Additional Documentation 

According to the guidance, the scope of documentation to be submitted by the applicant shall also include the following documents:

  • Software Design Specification (SDS) – a special document that describes the implementation of the requirements for the software device. The FDA further clarifies that while the Software Requirements Specification describes the intended functionality of the device, the Software Design Specification describes the particular way this functionality will be implemented. Hence, the Software Design Specification should demonstrate that the software complies with the initial requirements and also describe the solutions applied when implementing these requirements. In order to ensure completeness and clarity, it could also contain references to other specifications providing additional details. According to the guidance, the document should, in and of itself, provide adequate information to allow for a review of the implementation plan for the software requirements in terms of intended use, functionality, safety, and effectiveness. 
  • Traceability Analysis is a document that links together product design requirements, design specifications, and testing requirements. Additionally, the document describes the particular measures applied by the medical device manufacturer in order to mitigate the identified risks. According to the guidance, this document should provide additional information about the most important aspects associated with the design and development of a medical device, as well as mitigation of hazards associated thereto. The authority additionally emphasizes the importance of ensuring clarity and readability of this document due to the importance and complexity of the information contained therein. 
  • Software Development Environment Description. As stated by the FDA, the scope of documentation to be submitted by the FDA should also include a summary of the software development life cycle plan providing additional information about the software development cycle implemented by the applicant, including details about its specific parts. The scope of information to be included in this document depends on the appropriate Level of Concern. For instance, for Major Level of Concern Software Devices, this document should also include an annotated list of the control/baseline documents generated during the software development process and a list or description of software coding standards. The authority also pays special attention to change management. In particular, any and all changes implemented after placing a medical device on the market should be subject to additional assessment in order to evaluate their impact on the safety, performance, and effectiveness of the device. As in other cases, the scope of information to be provided in this regard should be wider in the case of a Major Level of Concern device, while in the case of a Moderate Level of Concern device, it would be sufficient to provide a summary of the configuration management and maintenance plans. 
  • Verification and Validation Documentation. As mentioned in the initial article, verification and validation play an important role in the testing of software intended to be used for a medical device. The present article also outlines the particular scope of testing documentation to be submitted by the applicant depending on the Level of Concern. 
    • For Minor Level of Concern devices, it will be sufficient to provide basic documentation on testing, provided it contains details about the test pass/fail criteria applied, as well as a resulting summary for testing concluded. 
    • For Moderate Level of Concern devices, additional details would be required, namely, a detailed enough description of validation and verification procedures performed, as well as the results thereof. The Agency additionally emphasizes the importance of ensuring that the Traceability Analysis effectively links these activities and results to [the] design requirements and specifications. 
    • For Major Level of Concern Devices, the scope of information to be submitted should be wider. In particular, the applicant would also have to provide information about the tests that were not passed, as well as any changes to the device implemented in response. The authority also states that documentation provided in [the] submission should include examples of unit integration testing and a summary of the results. 
    • Revision Level History. Apart from the elements described above, the applicant shall provide an overview covering all revisions of the software in the form of a line-item tabulation. The scope of information to be provided includes the respective version numbers and dates, as well as additional details on the changes implemented in particular versions. Additionally, it is necessary to describe differences between the tested and releases versions of the software accompanied by the assessment of impact caused by such differences in the context of the safety- and performance-related matters. 
    • Unresolved Anomalies. As mentioned before, in the case of Moderate and Major Level of Concern software devices, the scope of information to be provided should be wider. In particular, in such cases, it is necessary to provide additional information about any and all unresolved software anomalies. According to the guidance, the information provided with regard to each anomaly should include the indication of the problem, impact on device performance, and any plans or timeframes for correcting the problem (where appropriate). The FDA encourages the applicant to provide additional clarifications regarding the impact caused by all the anomalies in the form of a list with additional descriptions. The same information should also be provided to the intended users of the device to be taken into consideration when using the device. Additionally, it is necessary to provide details about the particular measures implemented in order to mitigate the risks associated with such anomalies. 

In summary, the present FDA guidance outlines the scope of information to be provided by medical device manufacturers or other parties interested in placing medical devices on the US market with regard to the software contained therein. The document provides the list of documents to be included and clarifies the scope of information to be covered by each of them. 

Sources:

https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-content-premarket-submissions-software-contained-medical-devices 

How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple. ​