Content of Premarket Submissions for Device Software Functions

transcribed by Sam'an Herman-Griffiths

Innolitics introduction 🔗

In November of 2021, the FDA released a draft guidance document titled Content of Premarket Submissions for Device Software Functions. This draft guidance will replace the 2005 guidance document titled Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. We’ve transcribed the PDF draft guidance into HTML here so that we can send our clients links to particular sections of the document.

If you’re overwhelmed by premarket submissions for your SaMD, we can help. We provide turn-key engineering solutions and regulatory consulting services. Contact us if you’d like a team that will help bring your device to the market as quickly as possible. If you have an engineering team, we can help them follow the FDA’s standards and expectations to create compelling and thorough premarket submissions.

Thank you to everyone at the FDA for their efforts to keep patients safe and make device manufacturer’s jobs as easy as possible through these documents.

Preamble 🔗

This draft guidance was issued on November 4, 2021.

For questions about this document regarding CDRH-regulated devices, contact the Digital Health Center of Excellence at digitalhealth@fda.hhs.gov. For questions about this document regarding CBER regulated devices, contact the Office of Communication, Outreach, and Development (OCOD) at 1-800-835-4709 or 240-402-8010, or by email at ocod@fda.hhs.gov.

Contains Nonbinding Recommendations

I. Introduction 🔗

This guidance document is intended to provide information regarding the recommended documentation sponsors should include in premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions, which are functions that meet the definition of a device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act).1 The recommendations in this guidance document pertain to device software functions, including software in a medical device (SiMD) and software as a medical device (SaMD).2 When final, this document will replace FDA’s Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices3 issued on May 11, 2005, and it will update FDA’s thinking related to the documentation FDA recommends sponsors include for the review of device software functions in premarket submissions. This guidance identifies the software information generally necessary for evaluating the safety and effectiveness of a device in a premarket submission. The recommendations in this guidance also may help facilitate FDA’s premarket review. This guidance describes information that would be typically generated and documented4 during software development, verification, and design validation. The least burdensome approach was applied to identify the minimum amount of information that, based on our experience, would generally be needed to support a premarket submission for a device that uses software. During premarket review, FDA may request additional information that is needed to evaluate the submission. For example, in order to demonstrate a reasonable assurance of safety and effectiveness for devices that use software, documentation related to the requirements of the Quality System Regulation (QSR) (21 CFR Part 820) is often a necessary part of the premarket submission. As part of QSR design controls, a manufacturer must “establish and maintain procedures for validating the devices design,” which “shall include software validation and risk analysis, where appropriate.” (21 CFR 820.30(g)). The documentation recommended in this guidance is based on FDA’s experience evaluating the safety and effectiveness of device software. However, sponsors may use alternative approaches and provide different documentation so long as their approach and documentation satisfies premarket submission requirements in applicable statutory provisions and regulations. For the current edition of the FDA-recognized consensus standard(s) referenced in this document, see the FDA Recognized Consensus Standards Database.5 For more information regarding use of consensus standards in regulatory submissions, please refer to the FDA guidance titled Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices6 and Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research7 The contents of this document do not have the force and effect of law and are not meant to bind the public in any way, unless specifically incorporated into a contract. This document is intended only to provide clarity to the public regarding existing requirements under the law. FDA guidance documents, including this guidance, should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidance means that something is suggested or recommended, but not required.

II. Background 🔗

The purpose of this guidance is to describe FDA’s thinking on the recommended documentation sponsors should include in premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions. This thinking recognizes recent changes to the FD&C Act made by the 21st Century Cures Act (Cures Act), which amended section 520 of the FD&C Act and excludes certain software functions from the device definition. It also considers the rapidly evolving nature of digital health and recent FDA recognized consensus standards related to software. This guidance, as described in Section III (Scope), is intended to complement other existing guidance documents that provide recommendations related to software, including the guidance documents listed below. The following guidance documents represent a subset of FDA guidances with digital health content8 relevant to premarket software documentation activities. Please note the list is not exhaustive and is subject to change:

FDA encourages the consideration of these guidances when developing device software functions and preparing premarket software documentation.

The emergence of consensus standards related to software has helped to improve the consistency and quality of software development and documentation, particularly with respect to activities such as risk assessment and management. When possible, FDA harmonized the terminology and recommendations in this guidance with software-related consensus standards, such as the following examples. The following standards are not intended to represent an exhaustive list and are subject to change:

The Agency encourages the consideration of these FDA recognized consensus standards when developing device software functions and preparing premarket software documentation.

III. Scope 🔗

For the purposes of this document, FDA refers to a software function that meets the definition of a device as a “device software function.” For example, a device software function may control a hardware device or be part of a hardware device16 (i.e., Software in a Medical Device, or SiMD) or be a device without being part of a hardware device17 (i.e., Software as a Medical Device, or SaMD).18 For any given product, the term “function” is a distinct purpose of the product, which could be the intended use or a subset of the intended use of the product. For example, a product with an intended use to analyze data has one function: analysis. A product with an intended use to store, transfer, and analyze data has three functions: (1) storage, (2) transfer, and (3) analysis. As this example illustrates, a product may contain multiple functions.

This guidance is intended to cover:

This guidance applies to all types of premarket submissions that include one or more device software function(s). Premarket submissions include:

This guidance does not apply to automated manufacturing and Quality System software19 or software that is not a device. For further information or to clarify the documentation expectations, please contact the responsible FDA review division.

Generally, the recommendations in this guidance apply to the device constituent part of a combination product20 (such as drug-device and biologic-device combination products) when the device21 constituent part includes a device software function. For more information, contact the FDA review division that will have the lead review for the combination product.

Other FDA guidance documents may recommend additional software-related documentation for inclusion in a premarket submission. For example, recommendations regarding cybersecurity information to include in a device premarket submission can be found in the guidances Content of Premarket Submissions for Management of Cybersecurity in Medical Devices and Cybersecurity for Networked Medical Devices Containing Off-The-Shelf (OTS) Software.22 Section II (Background) references other relevant guidance documents that supplement the recommendations contained in this guidance.

Device software functions subject to specific special controls may require additional software related documentation in a premarket submission. As applicable, please refer to the relevant special controls for the device.

This guidance does not apply to the software-related documentation that may be needed to evaluate postmarket software device issues, including corrections and removals.

While this guidance identifies the documentation sponsors should include in premarket submissions, this guidance is not meant to provide recommendations regarding how device software should be developed, verified and validated. For recommendations on device software development, verification and validation, please consult software-related FDA recognized consensus standards and other software-related FDA guidance documents mentioned in this guidance (e.g., General Principles of Software Validation23).

IV. Definitions 🔗

The following terms are used for the purposes of this guidance:

A. Device Software Function

Software function that meets the device definition in section 201(h) of the FD&C Act. “Software as a Medical Device (SaMD)” and “Software in a Medical Device (SiMD)”24 are device software functions. As discussed above, the term “function” is a distinct purpose of the product, which could be the intended use or a subset of the intended use of the product.

B. Off-the-Shelf Software25,26

A generally available software component used by a device manufacturer for which the manufacturer cannot claim complete software life cycle control (e.g., operating system, printer/display libraries).

C. Serious Injury27

An injury or illness that:

  1. Is life threatening,
  2. Results in permanent impairment of a body function or permanent damage to a body structure, or
  3. Necessitates medical or surgical intervention to preclude permanent impairment of a body function or permanent damage to a body structure. Permanent is defined as irreversible impairment or damage to a body structure or function, excluding trivial impairment or damage.

D. Software as a Medical Device (SaMD)28,29

Software that meets the definition of a device in section 201(h) of the FD&C Act and is intended to be used for one or more medical purposes without being part of a hardware device.30

E. Software in a Medical Device (SiMD)31

Software that meets the definition of a device in section 201(h) of the FD&C Act, and is used to control a hardware device or is necessary for a hardware device to achieve its intended use. Typically, SiMD is embedded within or is part of a hardware device.32

F. Software Verification and Software Validation

This guidance uses the terms “software verification” and “software validation,” which are described in further detail below.

The above descriptions of software verification and software validation are consistent with FDA’s thinking as described in the guidance General Principles of Software Validation.33

V. Documentation Level 🔗

The recommended documentation for a premarket submission depends on the device’s risk to a patient, a user of a device, or others in the environment of use. FDA intends to consider four risk-based factors to help determine the device’s Documentation Level, which is either Basic or Enhanced. The purpose of the Documentation Level is to help identify the minimum amount of information that would support a premarket submission that includes device software functions.

The Documentation Level is based on the device’s intended use.34 Evidence relevant to intended use may include the design of the device. Notably, the Documentation Level is determined by the intended use of the device as a whole—not the individual device function(s).

Basic Documentation should be provided for any premarket submission that includes device software functions where Enhanced Documentation does not apply.

Enhanced Documentation should be provided for any premarket submission that includes device software functions, where any of the following factors apply:

  1. The device is a constituent part of a combination product.35

  2. The device (a) is intended to test blood donations for transfusion-transmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is a Blood Establishment Computer Software.36

  3. The device is classified as class III.37

  4. A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury38, either to a patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations.

The term “probable” in factor #4 above is intended to capture reasonably foreseeable software and hardware risks associated with the device, including those risks resulting from intentional or reasonably foreseeable misuse of the device, prior to the implementation of risk control measures. “Probable” risks also include the likelihood that device functionality is intentionally or unintentionally compromised by inadequate device cybersecurity. The term “probable” is intended to exclude the consideration of purely hypothetical risks, consistent with the use of “probable” in other FDA guidances.39 It is the sponsor’s responsibility to proactively and comprehensively consider risks as part of the device’s risk assessment.

For additional information and examples on assessing the Documentation Level for a device, please refer to Appendix A.

This section reflects FDA’s recommendations for information to be included in premarket submissions for Basic and Enhanced Documentation Levels. This recommended information should demonstrate that practices were employed resulting in traceability for device software functions and demonstrate planning, requirements, risk assessment, design reviews, change management, testing plans and results, and other aspects of good software engineering for device software functions, to help inform a regulatory decision on whether the software is appropriately designed, verified, and validated.

Table 1 below provides an outline of the recommended documentation for each software documentation element and corresponding Documentation Level. Please refer to subsections A-J in this section of the guidance (IV) for more detail.

Table 1. Outline of Recommended Documentation

Software Documentation Elements

Basic Documentation Level

Enhanced Documentation Level

Documentation Level Evaluation (Section IV.A)

A statement indicating the appropriate Documentation Level and a description of the rationale for that level.

Software Description (Section IV.B)

Software description, including overview of operationally significant software features, analyses, inputs, and outputs.

System and Software Architecture Design Chart (Section IV.C)

Detailed diagrams of the modules, layers, and interfaces that comprise the device, their relationships, the data inputs/outputs and flow of data, and how users or external products (including IT infrastructure and peripherals) interact with the system and software.

Risk Management File (Section IV.D)

Risk management plan, risk assessment demonstrating that risks have been appropriately mitigated, and risk management report.

Software Requirements Specification (SRS) (Section IV.E)

The complete documentation, describing the needs or expectations for a system or software, presented in an organized format and with sufficient information to understand the traceability of the information with respect to the other software documentation elements (e.g., risk management file, software design specification, system and software architecture design chart, software testing as part of verification and validation).

Software Design Specification (SDS) (Section IV.F)

none

The complete documentation, including sufficient information that would allow FDA to understand the technical design details of how the software functions, how the software design completely and correctly implements all the requirements of the SRS and how the software design traces to the SRS in terms of intended use, functionality, safety, and effectiveness.

Software Development and Maintenance Practices (Section IV.G)

A Declaration of Conformity to IEC 62304
OR
a summary of the life cycle development plan and a summary of configuration management and maintenance activities.

A Declaration of Conformity to IEC 62304
OR
Basic Documentation Level PLUS
complete configuration management and maintenance plan document(s)

Software Testing as Part of Verification and Validation (Section IV.H)

A summary description of the testing activities at the unit, integration and system levels. System level test protocol including expected results, observed results, pass/fail determination, and system level test report.

Basic Documentation Level PLUS unit and integration level test protocols including expected results, observed results, pass/fail determination, and unit and integration level test reports.

Revision Level History (Section IV.I)

Revision history tabulating the major changes to the software during the development cycle, including date, version number, a brief description of the changes relative to the previous version, and indication of the version on which testing was performed.

Unresolved Anomalies (e.g., Bugs, Defects, or Errors) (Section IV.J)

List of remaining software anomalies (e.g., bugs, defects) annotated with an explanation of the impact on safety or effectiveness, including operator usage and human factors, work-arounds, and timeframe for correction.

A. Documentation Level Evaluation 🔗

A statement indicating the Documentation Level for the device and a description of the rationale for such Documentation Level, as appropriate.

B. Software Description 🔗

An overview of operationally significant software features, including images, flow charts, and state diagrams as needed to adequately explain the software functionality40 should be provided. If the premarket submission is for a modified device, provide the document number of the previous submission and highlight pertinent software changes since the last FDA approval or clearance.

Please consider and provide information to address the questions below when preparing the software description. However, FDA recognizes that these questions and examples may not capture all the unique aspects of a device software function and encourages the inclusion of additional information that will streamline or further FDA’s understanding of the device’s functionality to facilitate the review of a submission.

If the device is a multiple function device product and includes software function(s) that are considered “other functions,” as that term is used in the guidance Multiple Function Device Product: Policy and Considerations, the recommendations described in the aforementioned guidance should be considered when preparing the software description information.

Software Specifics

Software Operation

Software Inputs and Outputs

If any of the information requested above is included in another document, such as the SRS, an annotation and a reference to the document in the submission where this information is located should be provided.

C. System and Software Architecture Diagram 🔗

The purpose of the system and software architecture diagram is to present a roadmap of the device design to facilitate a clear understanding of 1) the modules43 and layers that make up the system and software, 2) the relationships among the modules and layers, 3) the data inputs/outputs and flow of data among the modules and layers, and 4) how users or external products, including IT infrastructure and peripherals (e.g., wirelessly connected medical devices) interact with the system and software. Sponsors should provide the appropriate level of detail in the system and software architecture diagram to convey the information in a manner that can facilitate an efficient premarket review, including descriptive text (in the diagram or in an accompanying document) to explain the architecture diagram where appropriate. A system and software architecture diagram that is not appropriately tailored (e.g., too high level, too detailed, or overly confusing) will likely increase requests for additional information from the FDA review staff. To the extent appropriate, the system and software architecture diagram can be communicated in one or more diagrams and in one or more formats, and may convey different dimensions of the system and software (e.g., cybersecurity architecture, state diagram). If more than one diagram is used, the sponsor should provide a high-level diagram that communicates the overview and points to the other diagrams that provide additional detail. The relationship between diagrams should also be clearly communicated. In general, the sponsor should take note of the following visual, language, and reference considerations when developing an effective system and software architecture diagram:

Visual Considerations

Language Considerations

References

The above considerations are intended to serve as a guide and may not apply in every case or may apply differently for different diagrams. When developing the system and software architecture diagram, manufacturers are encouraged to leverage industry best practices within and outside the medical device industry.

For multiple function device products, the system and software architecture diagram should clearly delineate between the device functions-under-review and the “other functions,” as that term is used in the guidance Multiple Function Device Product: Policy and Considerations. The system and software architecture diagram should include adequate detail to understand how or if the “other function(s)” interact with or impact the device function-under-review.

An example system and software architecture diagram is provided in Appendix B of this guidance, which illustrates one approach to effectively convey the recommended information to facilitate an efficient premarket review of a software system with multiple modules. The example demonstrates how the considerations described in this section can be implemented into a system and software architecture diagram. The modules in the example are intended for illustration purposes only and are not intended to document or represent a comprehensive or complete system and software architecture diagram for a specific medical device or system. The approach illustrated can be applied to any system and software architecture diagram, including standalone SaMD.

D. Risk Management File 🔗

The risk management file should be provided as part of the premarket submission and include the following documentation:

E. Software Requirements Specification (SRS) 🔗

The SRS documents the requirements45 for the software which typically specifies inputs and outputs, functions that the software will perform, hardware,46 programming language,47 compiler version, performance,48 interfaces,49 user interaction, error definition and handling, response times, intended operating environment, safety related requirements derived from a risk assessment (Refer to Section VI.D Risk Management File) and all ranges, limits, defaults, and specific values that the software will accept. For additional details on what should be included in the software requirements specification, refer to the guidance, General Principles of Software Validation.50

The QSR requires “a mechanism for addressing incomplete, ambiguous, or conflicting requirements.”51 Each requirement (e.g., hardware, software, user, operator interface, and safety) identified in the software requirements specification should be evaluated for accuracy, completeness, consistency, testability, correctness, and clarity.

A complete SRS document should be provided. The documentation should include a description of the software requirement identification and tracking methodology used to support the traceability of the requirements.

FDA acknowledges that modern development practices may employ incremental or evolutionary software development practices. Additional forms of software requirements might be included in the submission, such as well elaborated stories, use cases, textual descriptions, screen mockups, and control flows. Executable requirements may be provided with additional clarification to support readability.

In order to facilitate a timely premarket review, the following recommendations should be considered in preparing SRS documentation:

Documentation of requirements included in the premarket submission for the device functionunder-review should include adequate detail to describe any expected relationship, utility, reliance, or interoperability with any “other function,” as that term is used in the guidance Multiple Function Device Product: Policy and Considerations.

F. Software Design Specification (SDS) 🔗

The Software Design Specification (SDS) may contain both a high level summary of the design and detailed design information. In terms of the relationship between the Software Requirement Specification (SRS) and the SDS, the SRS describes what the software function will do and the SDS describes how the requirements in the SRS are implemented. The information presented in the SDS should be sufficient to ensure that the work performed by the software engineers who created the software device function was clear and unambiguous, with minimal ad hoc design decisions. Documentation of specifications included in the premarket submission for the device function-under-review should include adequate detail to describe any expected relationship, utility, reliance, or interoperability with any “other function,” as that term is used in the guidance Multiple Function Device Product: Policy and Considerations.

(1) Basic Documentation Level

No SDS documentation recommended in the premarket submission.

(2) Enhanced Documentation Level

A singular SDS document or set of SDS documents that provide the technical design details of how the software functions, how the software design completely and correctly implements all the requirements of the SRS and how the software design traces to the SRS in terms of intended use, functionality, safety, and effectiveness. The software functional units or modules along with the interfaces among them identified in the architectural (i.e., high level) design should be documented with the corresponding detailed (i.e., low-level) design information in the SDS. The information provided for review should be sufficient to ensure that the work performed in developing the software functional units or modules and their interfaces was clear and unambiguous, with minimal ad hoc design decisions. For example, the creation of the SDS is expected to have occurred as a prospective activity where the SDS was used to guide the design, development and testing of the software rather than documented retrospectively after the software design has been implemented by ad hoc design methods.

For additional details on what should be included in the software design specification, refer to the guidance, General Principles of Software Validation.52

G. Software Development and Maintenance Practices 🔗

(1) Basic Documentation Level

For devices that the Basic Documentation Level is appropriate, a Declaration of Conformity to the currently FDA-recognized version of ANSI/AAMI IEC 62304 Medical Device Software - Software Life Cycle Processes may suffice.

Alternatively, a summary of the processes and procedures that are in place to manage the software life cycle development, software configuration and change management and software maintenance activities could be provided. This summary information should include an adequate description of:

(2) Enhanced Documentation Level

For devices that the Enhanced Documentation Level is appropriate, a Declaration of Conformity to the currently FDA-recognized version of ANSI/AAMI IEC 62304 Medical Device Software - Software Life Cycle Processes may suffice.

Alternatively, a complete configuration management and maintenance plan document could be provided in addition to the summary documentation requested for the Basic Documentation Level, as described above.

H. Software Testing as part of Verification and Validation 🔗

Refer to Section IV (Definitions) for important information pertaining to FDA’s thinking on verification and validation, as it relates to this guidance. Additionally, please refer to guidance General Principles of Software Validation53 for additional details regarding FDA’s thinking regarding software testing particularly unit level (module or component) testing, integration level (internal and external interfaces) testing and system level (functional) testing.

Software testing may sometimes involve other device performance testing activities. If the premarket submission leverages information from the performance testing section to address software validation content, the manufacturer is encouraged to appropriately reference the performance testing material to facilitate the navigation between submission sections, reduce instances of duplication, and improve readability.

(1) Basic Documentation Level

The following software testing documentation should be provided:

(2) Enhanced Documentation Level

In addition to the documentation requested for the Basic Documentation Level, unit and integration level test protocols and reports should be provided, including expected results derived from software requirements and design, actual results that are observed and recorded, objective pass/fail determination (i.e., actual results are acceptably equivalent to expected results) and unit and integration test reports. The unit and integration level test reports should demonstrate that the protocols have been acceptably executed with passing testing results and any unresolved anomalies have been acceptably deferred based on a risk assessment for the candidate release version.

I. Revision Level History 🔗

The documentation should include the history of software revisions generated during product development.

This typically takes the form of a line-item tabulation of the major changes to the software during the development cycle, including date, version number, a brief description of the changes in the version relative to the previous version, and an indication of the version testing was performed on, including bench testing, animal testing, and clinical testing, if applicable.

The last entry in the list should be the final version to be incorporated in the released device. This entry should also include any differences between the tested version of software and the released version, along with an assessment of the potential effect of the differences on the safety and effectiveness of the device.

If a manufacturer’s development practices use an iterative methodology, information on any changed software requirements and how they continue to meet the system requirements or design inputs should be provided.

If the revision level history includes a version(s) that corresponds to a previously released version of the software, please highlight in the revision level history document each prior released version and (if applicable) the premarket submission number(s) associated with that release.

J. Unresolved Anomalies (e.g., Bugs, Defects, or Errors) 🔗

An anomaly is any condition that deviates from the expected behavior based on requirements specifications, design documents, standards, or from someone’s perceptions or experiences.

For each unresolved anomaly, indicate the:

Each item should be annotated with an explanation of the impact of the anomaly on device safety or effectiveness, including operator usage and human factors issues. Typically, this anomaly list can be generated as an output of a change control board or similar mechanism for evaluation and disposition of unresolved software anomalies. FDA suggests ranking anomalies based on risk to patient and/or operator (user). Additionally, the Agency recommends including defect classification for each anomaly using a defect taxonomy, such as ANSI/AAMI SW91’s Classification of defects in health software.

If the resolution of any unresolved anomalies will be deferred, a risk-based rationale for why each unresolved anomaly would not impact device safety or effectiveness should be provided.

A list of unresolved anomalies should be communicated to end user(s) as appropriate to assist in the proper operation of the device. In all instances where it is practical to do so, any mitigations or possible work-arounds for unresolved anomalies should be included in the premarket submission.

VII. Additional Information 🔗

A. Regulatory Considerations for Software Functions

Section 3060(a) of the Cures Act amended section 520 of the FD&C Act on December 13, 2016, removing certain software functions from the definition of device in section 201(h) of the FD&C Act. To learn more about FDA’s regulatory considerations for software functions, please consider the following reference materials:

B. Off-The-Shelf (OTS) Software Use in Medical Devices

FDA recognizes the Off-The-Shelf Software Use in Medical Devices (“OTS”) guidance uses “Level of Concern” factors to determine the software content for OTS software. Therefore, after finalization of this guidance, FDA intends to update the OTS guidance to be consistent with this guidance. For example, Table 2 below is derived from “Table 1” in the OTS guidance. Table 2 incorporates the Documentation Levels described in this guidance to help explain how the concepts in this guidance could be represented in a future update to the OTS guidance

Table 2: Documentation Level for Off-The-Shelf Software

Basic Documentation Level Enhanced Documentation Level
Hazard Analysis Hazard Analysis
Basic Documentation Basic Documentation
Hazard Mitigations Hazard Mitigations
Describe and Justify Residual Risk Describe and Justify Residual Risk
Special Documentation

Please refer to the OTS guidance for additional information on what information is requested as part of “hazard analysis,” “basic documentation,”59 “hazard mitigations,” “describe and justify residual risk,” and “special documentation” content. The OTS Guidance describes “Special Documentation” in section V.E. The information requested as part of the “Special Documentation” includes: (1) an assurance to FDA that the product development methodologies used by the OTS software developer are appropriate and sufficient for the intended use of the OTS software within the specific medical device, (2) the procedures and results of the verification and validation activities performed for the OTS software are appropriate and sufficient for the safety and effectiveness requirements of the medical device, and (3) the existence of appropriate mechanisms for assuring the continued maintenance and support of the OTS software should the original OTS software developer terminate their support.

When appropriate, the documentation described in this guidance can be leveraged to address the content described in the OTS guidance. For example, the OTS Hazard Analysis information may be captured as part of the Risk Assessment, as described in this guidance.

Please note, OTS software is typically an “other function,” as that term is used in the guidance Multiple Function Device Product: Policy and Considerations. Therefore, please consider the impact of the OTS software on the device function-under-review and provide information (as recommend in the OTS guidance) about the impact on the device function from the OTS software in a manner consistent with the policy described in the Multiple Function Device Product: Policy and Considerations guidance.

Additionally, please note the term SOUP, Software of Unknown Pedigree, may also be used to describe software from a third party. For additional information on the term SOUP, please refer to the use of the term in the standard ANSI/AAMI/IEC 62304: Medical Device Software - Software Life Cycle Processes.

C. Comparison of Guidance to IEC 62304 and 840 ANSI/AAMI/IEC 62304

FDA recognizes voluntary consensus standards to help facilitate meeting requirements under the statute or regulations. The use of FDA-recognized consensus standards can increase predictability, streamline premarket review, provide clearer regulatory expectations, facilitate market entry for safe and effective medical products, and promote international harmonization (see Recognition and Withdrawal of Voluntary Consensus Standards60).

As of this draft guidance’s publication, both IEC 62304 Edition 1.1 and ANSI/AAMI/IEC 848 62304:2006/A1:2016 Medical device software — Software life cycle processes (henceforth “IEC 62304”), are FDA-recognized voluntary consensus standards. The scope of each standard includes life cycle requirements for medical device software, including the set of processes, activities, and tasks that establish a common framework for medical device software life cycle processes.

There are similarities and differences between the intents and information discussed in this guidance and IEC 62304. Both this guidance and IEC 62304 discuss how to document and communicate software development, maintenance, and risk management processes. However, this guidance document focuses on documentation and communication only as it pertains to facilitating FDA’s complete and efficient review of device software functions subject to premarket submission, whereas the scope of IEC 62304 extends beyond the intent of this guidance and discusses broader perspectives that may not result in documents that are easily reviewed by FDA.

Therefore, this guidance document intends to leverage IEC 62304 in a very specific manner in order to reduce the amount of documentation requested to support a premarket submission for a device software function. Specifically, Section V.G: Software Development and Maintenance Practices offers an alternate approach through which FDA intends to accept a Declaration of Conformity to IEC 62304 in place of a detailed description of software development and maintenance practices (formerly, “Software Development Environment Description”). Sponsors may refer to the guidance document Appropriate Use of Voluntary Consensus Standards inmarket Submissions for Medical Devices61 for more information on preparation of a Declaration of Conformity. Conformity to this consensus standard is voluntary and, as such, an alternate approach is offered. When assessing the appropriate Documentation Level for the device and the overall recommended documentation for inclusion in a premarket submission, please refer to Section V (Documentation Level) and Section VI (Recommended Documentation) of this guidance.

Appendix A: Documentation Level Examples 🔗

The following are examples of devices that demonstrate the implementation of the Documentation Level factors. Please note that these generalized examples do not necessarily account for every possible detail, risk, or consideration a sponsor should evaluate, and should not be taken to mean that the devices described definitely do or do not require a certain Documentation Level. These examples do not define the appropriate Documentation Level for a particular device type. As such, the Documentation Level should be uniquely considered for each particular device or device modification and in consideration of the device’s intended use. When addressing the recommendations in sections V and VI.A of this guidance, FDA encourages sponsors to leverage their device’s risk assessment when providing a rationale for choosing a Documentation Level.

  1. A non-contact infrared thermometer intended for intermittent measurement of body temperature from the forehead

    # Factors Yes/No
    1 The device is a constituent part of a combination product. No
    2 The device (a) is intended to test blood donations for transfusiontransmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is Blood Establishment Computer Software. No
    3 The device is classified as class III. No
    4 A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury either to the patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations. No

    Outcome: The device is class II and is not a constituent part of a combination product, not Blood Establishment Computer Software, and is not intended for use in testing blood donations for transfusion-transmitted infections or determining donor and recipient compatibility. A failure or latent flaw of the device software function(s) would not present a probable risk of death or serious injury to either a patient, user of the device, or others in the environment of use prior to the implementation of risk control measures. Therefore, this device would fall under “Basic Documentation Level.”

  2. An implantable cardiac pacemaker used to treat bradycardia.

    # Factors Yes/No
    1 The device is a constituent part of a combination product. No
    2 The device (a) is intended to test blood donations for transfusiontransmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is Blood Establishment Computer Software. No
    3 The device is classified as class III. Yes
    4 A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury either to the patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations. Yes

    Outcome: The device is not a constituent part of a combination product, is not Blood Establishment Computer Software, and is not intended for use in testing blood donations for transfusion-transmitted infections or determining donor and recipient compatibility. However, the device is classified as a class III device. Furthermore, a failure or latent flaw of the device software function(s) (e.g., algorithm operates as designed but incorrectly senses an ectopic beat) would present a probable risk of death or serious injury to the patient prior to the implementation of risk control measures. Therefore, this device would fall under “Enhanced Documentation Level.”

  3. A facility use continuous ventilator

    # Factors Yes/No
    1 The device is a constituent part of a combination product. No
    2 The device (a) is intended to test blood donations for transfusiontransmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is Blood Establishment Computer Software. No
    3 The device is classified as class III. No
    4 A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury either to the patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations. Yes

    Outcome: The device is not a constituent part of a combination product, is not Blood Establishment Computer Software, and is not intended for use in testing blood donations for transfusion-transmitted infections or determining donor and recipient compatibility. The device is class II. However, a failure or latent flaw of the device software function(s) (e.g., exploited cybersecurity vulnerability compromises device functionality) would present a probable risk of death or serious injury to a patient (e.g., loss of life supporting function) prior to the implementation of risk control measures. Therefore, this device would fall under “Enhanced Documentation Level.”

  4. A Blood Establishment Computer Software or BECS accessory

    # Factors Yes/No
    1 The device is a constituent part of a combination product. No
    2 The device (a) is intended to test blood donations for transfusiontransmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is Blood Establishment Computer Software. No
    3 The device is classified as class III. No
    4 A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury either to the patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations. Yes

    Outcome: The device is not a constituent part of a combination product. It is Blood Establishment Computer Software. The device is class II. However, a failure or latent flaw of the device software function(s) (e.g., exploited cybersecurity vulnerability compromises device functionality) would present a probable risk of death or serious injury to a patient (e.g., loss of life supporting function) prior to the implementation of risk control measures. Therefore, this device would fall under “Enhanced Documentation Level.”

  5. A qualitative in vitro nucleic acid screening test for the direct detection of Babesia DNA and RNA in whole blood samples from individual human donors.

    # Factors Yes/No
    1 The device is a constituent part of a combination product. No
    2 The device (a) is intended to test blood donations for transfusiontransmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is Blood Establishment Computer Software. Yes
    3 The device is classified as class III. No
    4 A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury either to the patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. You should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations. Yes

    Outcome: The device is not a constituent part of a combination product and is not Blood Establishment Computer Software. The device is licensed under a BLA and consequently is not class III. However, the device is intended for use in testing blood donations for a transfusion-transmitted infection where an inaccurate result could result in blood recipient death or serious injury prior to the implementation of risk control measures. Therefore, this device would fall under “Enhanced Documentation Level.”

  6. A hardware-only hip prosthesis.

    Outcome: This device would not have a Documentation Level because it does not contain software.

Appendix B: System and Software Architecture Diagram Chart Examples 🔗

The examples are intended for illustration purposes only and are not intended to document a comprehensive system and software architecture diagram for a specific medical device or system. The approach illustrated can be applied to any system and software architecture diagram, including standalone SaMD. The examples demonstrate how the considerations described in section VI.C (System and Software Architecture Design Chart) can be implemented into a system and architecture diagram. The example is not intended to represent a complete system and architecture diagram.

Figure 1: Example Architecture Design Chart – Overview of all modules
Figure 2: Example Architecture Design Chart – Detail view of example module #1
Figure 3: Example Architecture Design Chart – Detail view of example module #2
Figure 4: Example Architecture Design Chart – Detail view of example module #3
Figure 5: Example Architecture Design Chart – Detail view of example module #4
Figure 6: Example Architecture Design Chart – Detail view of example module #5

We can help 🔗

If you’re overwhelmed by premarket submissions for your SaMD, we can help. We provide turn-key engineering solutions and regulatory consulting services. Contact us if you’d like a team that will help bring your device to the market as quickly as possible. If you have an engineering team, we can help them follow the FDA’s standards and expectations to create compelling and thorough premarket submissions.

Footnotes 🔗

  1. The term “device” is defined in 201(h) of the Federal Food, Drug, and Cosmetic (FD&C) Act to include an “instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is …intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man … or intended to affect the structure or any function of the body of man…” and “does not include software functions excluded pursuant to section 520(o) of the FD&C Act.” 

  2. See FDA website on “Software as a Medical Device (SaMD),” available at https://www.fda.gov/medicaldevices/digital-health-center-excellence/software-medical-device-samd. 

  3. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-contentpremarket-submissions-software-contained-medical-devices. 

  4. As a reminder, manufacturers of device software must create and maintain software-related documentation in accordance with the requirements of the Quality System (QS) Regulation (21 CFR 820.30 Subpart C – Design Controls of the Quality System Regulation). 

  5. Available at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm. 

  6. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/appropriate-usevoluntary-consensus-standards-premarket-submissions-medical-devices. 

  7. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/standards-developmentand-use-standards-regulatory-submissions-reviewed-center-biologics-evaluation. 

  8. Available at https://www.fda.gov/medical-devices/digital-health-center-excellence/guidances-digital-healthcontent 

  9. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/multiple-functiondevice-products-policy-and-considerations. 

  10. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/shelf-software-usemedical-devices. 

  11. See section VII.B to learn more about referencing Off-The-Shelf (OTS) Software Use in Medical Devices. 

  12. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/design-considerationsand-premarket-submission-recommendations-interoperable-medical-devices. 

  13. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principlessoftware-validation. 

  14. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/content-premarketsubmissions-management-cybersecurity-medical-devices-0. 

  15. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecuritynetworked-medical-devices-containing-shelf-ots-software. 

  16. For the purposes of this guidance, a software function that is “part of a hardware device” is software used to control a hardware device, or software necessary for a hardware device to achieve its intended use. 

  17. Ibid 

  18. Additional resources on determining whether a software product contains device functions are provided in section VII.A. 

  19. As part of Quality System Regulation production and process controls, 21 CFR 820.70(i) states, “When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol. All software changes shall be validated before approval and issuance. These validation activities and results shall be documented.” 

  20. 21 CFR 3.2(e). 

  21. Section 201(h) of the FD&C Act. 

  22. As part of the software validation and risk analysis required by 21 CFR 820.30(g), software device manufacturers may need to establish a cybersecurity vulnerability and management approach, where appropriate. FDA recommends that this approach include a set of cybersecurity design controls to ensure medical device cybersecurity and maintain medical device safety and effectiveness. Such design controls may make it more likely that FDA will find your device meets its applicable statutory standard for premarket review. 

  23. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principlessoftware-validation 

  24. See footnotes 1 and 2. 

  25. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/shelf-software-usemedical-devices. 

  26. See section VII.B to learn more about referencing Off-The-Shelf Software Use in Medical Devices. 

  27. x as defined in 21 CFR 803.3(w). 

  28. For examples, refer to the following FDA webpage: https://www.fda.gov/medical-devices/software-medicaldevice-samd/what-are-examples-software-medical-device. 

  29. See footnotes 1 and 2. 

  30. See footnote 16. 

  31. See footnotes 1 and 2. 

  32. See footnote 16. 

  33. See “General Principles of Software Validation” Guidance, available at https://www.fda.gov/regulatoryinformation/search-fda-guidance-documents/general-principles-software-validation. 

  34. See 21 CFR 801.4 (“…[I]ntended uses… refer to the objective intent of the persons legally responsible for the labeling of an article. The intent may be shown by such persons’ expressions, the design or composition of the article, or by the circumstances surrounding the distribution of the article.”) 

  35. 21 CFR 3.2(e). 

  36. Blood establishment computer software (BECS) is a device used in the manufacture of blood and blood components to assist in the prevention of disease in humans by identifying ineligible donors, by preventing the release of unsuitable blood and blood components for transfusion or for further manufacturing into products for human treatment or diagnosis, by performing compatibility testing between donor and recipient, or by performing positive identification of patients and blood components at the point of transfusion to prevent transfusion reactions. This generic type of device may include a BECS accessory, a device intended for use with BECS to augment the performance of the BECS or to expand or modify its indications for use (21 CFR 864.9165). 

  37. See 21 CFR 860.3(c)(3). 

  38. See 21 CFR 803.3(w). 

  39. Example guidances that distinguish between “probable risks” and “purely hypothetical risks” include, but are not limited to: (1) Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions - Guidance for Investigational Device Exemption Sponsors, Sponsor-Investigators and Food and Drug Administration Staff available at: https://www.fda.gov/regulatory-information/search-fda-guidancedocuments/factors-consider-when-making-benefit-risk-determinations-medical-device-investigational-device; and (2) Factors to Consider When Making Benefit-Risk Determinations in Medical Device Premarket Approval and De Novo Classifications available at: https://www.fda.gov/regulatory-information/search-fda-guidancedocuments/factors-consider-when-making-benefit-risk-determinations-medical-device-premarket-approval-and-de 

  40. FDA may request additional architecture charts to address the cybersecurity risks associated with a device. Refer to the guidance document, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, for more information. 

  41. If a device uses OTS software, FDA may request additional information in premarket submissions. Please refer to section VII.B of this guidance and the guidance document, Guidance for Off-The-Shelf Software Use in Medical Devices, for more information. 

  42. More information on interoperable medical devices is available at: https://www.fda.gov/regulatoryinformation/search-fda-guidance-documents/design-considerations-and-pre-market-submission-recommendationsinteroperable-medical-devices. 

  43. For purposes of the system and software architecture diagram, this guidance considers a module to be a discrete unit or architectural item within the system or software. A module could represent, for example, a finished hardware device within a system of hardware and software products, a hardware component within a finished hardware device, a finished software product within a system of software products, or a software function within a finished software product. A module is not specifically meant to describe code-level software functions, although such code-level software functions could be considered modules if appropriate. The sponsor should determine what constitutes a module in the context of its system and software. 

  44. Available at http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-140918-samd-framework-riskcategorization-141013.pdf. 

  45. The term “requirements” is used in this section as part of the term “Software Requirements Specification”, and does not refer to a regulatory requirement. 

  46. Hardware requirements generally include, but are not limited to, requirements related to: microprocessors, memory devices, sensors, energy sources, safety features, and communications. 

  47. Programming language requirements generally include, but are not limited to, requirements related to program size requirements or restrictions, and information on management of memory leaks. 

  48. Software performance and functional requirements generally include, but are not limited to, requirements related to algorithms or control characteristics for therapy, diagnosis, monitoring, alarms, analysis, and interpretation with full text references or supporting clinical data, if necessary. Software performance and functional requirements may also include: device limitations due to software, internal software tests and checks, error and interrupt handling, fault detection, tolerance, and recovery characteristics, safety requirements, and timing and memory requirements. 

  49. Interface requirements (e.g., external, user, internal) generally include, but are not limited to, both communication between system components and communication with the user such as: printers, monitors, keyboard, mouse, cloud servers, peripheral medical devices, mobile technology platforms. 

  50. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principlessoftware-validation. 

  51. See 21 CFR 820.30(c) (“Design input. Each manufacturer shall establish and maintain procedures to ensure that the design requirements relating to a device are appropriate and address the intended use of the device, including the needs of the user and patient. The procedures shall include a mechanism for addressing incomplete, ambiguous, or conflicting requirements. The design input requirements shall be documented and shall be reviewed and approved by a designated individual(s). The approval, including the date and signature of the individual(s) approving the requirements, shall be documented.”). 

  52. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principlessoftware-validation. 

  53. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-principlessoftware-validation. 

  54. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/changes-existingmedical-software-policies-resulting-section-3060-21st-century-cures-act. 

  55. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/general-wellnesspolicy-low-risk-devices. 

  56. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/policy-device-softwarefunctions-and-mobile-medical-applications. 

  57. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/medical-device-datasystems-medical-image-storage-devices-and-medical-image-communications-devices. 

  58. Available at https://www.fda.gov/medical-devices/classify-your-medical-device/how-determine-if-your-productmedical-device. 

  59. Please note “Basic Documentation” is only applicable to the Off-The-Shelf Software Use in Medical Devices (OTS) guidance and is NOT the same as “Basic Documentation Level.” “Basic Documentation” is described in the OTS guidance as the answers to questions pertaining to the description of OTS software; whereas “Basic Documentation Level” is described in this guidance as one of two levels of documentation recommendations used to help identify the minimum amount of information that, based on FDA’s experience, would generally be needed to support a premarket submission for a device that uses software. 

  60. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/recognition-andwithdrawal-voluntary-consensus-standards. 

  61. Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/appropriate-usevoluntary-consensus-standards-premarket-submissions-medical-devices. 

Get Medtech Software Tips

Subscribe using RSS

How frequently are they sent?

We send out tips about once a month.

What will I read?

Articles about software development, AI, signal and image processing, medical regulations, and other topics of interest to professionals in the medical device software industry.

You may view previous articles here.

Who creates the content?

The Innolitics team, and experts we collaborate with, write all of our articles.

Want to know more?

Contact us.