Post

Content of Premarket Submissions for Device Software Functions

This guidance provides recommendations for documentation to include in premarket submissions for FDA's evaluation of device software functions. It applies to firmware and software-based control of medical devices, software accessories to medical devices, and software-only functions that meet the definition of a device. The guidance does not apply to automated manufacturing and Quality System software or software that is not a device.

  1. Determine appropriate Documentation Level (Basic or Enhanced) based on risk assessment
  2. Prepare required documentation package including:
    • Documentation Level evaluation and rationale
    • Software Description
    • Risk Management File
    • Software Requirements Specification
    • System and Software Architecture Diagram
    • Software Development and Configuration Management documentation
    • Software Testing documentation
    • Software Version History
    • Unresolved Anomalies documentation
  3. For Enhanced Documentation Level, additionally prepare:
    • Software Design Specification
    • Detailed unit and integration test protocols/reports
  4. Ensure traceability between software requirements, design, and testing documentation
  5. Consider cybersecurity throughout software development lifecycle
  6. Maintain all documentation in Design History File per Quality System requirements
  7. For combination products or multiple function devices, address additional documentation needs
  8. Consider submitting Pre-Submission to obtain FDA feedback on Documentation Level determination

Key Considerations

Non-clinical testing

  • Software testing documentation should be provided at unit, integration and system levels
  • System level test protocol including expected results, actual results, pass/fail determination required
  • For Enhanced Documentation Level, additional unit and integration level test protocols and reports required

Software

  • Documentation Level (Basic or Enhanced) determined based on risk assessment
  • Software Description required, including overview of features, functions, inputs/outputs
  • Software Requirements Specification (SRS) required
  • System and Software Architecture Diagram required
  • Software Design Specification (SDS) required for Enhanced Documentation Level
  • Software Development and Configuration Management practices documentation required
  • Software Version History required
  • Unresolved Software Anomalies documentation required

Cybersecurity

  • Cybersecurity considerations should be included in risk assessment
  • System architecture should document cybersecurity controls and interfaces

Safety

  • Risk Management File required including:
    • Risk Management Plan
    • Risk Assessment
    • Risk Management Report
  • Risk assessment should consider hazards and hazardous situations before risk controls

Other considerations

  • ANSI/AAMI/ISO 14971: Medical devices - Applications of risk management to medical devices
  • ANSI/AAMI/IEC 62304: Medical Device Software - Software Life Cycle Processes
  • ANSI/AAMI SW91: Classification of defects in health software

Original guidance

  • Content of Premarket Submissions for Device Software Functions
  • HTML / PDF
  • Issue date: 2023-06-14
  • Last changed date: 2023-08-14
  • Status: FINAL
  • Official FDA topics: Medical Devices, Digital Health, Drugs, Premarket, Biologics
  • ReguVirta summary file ID: 4b07aa49f15a0d5693d10ec91511ddba
This post is licensed under CC BY 4.0 by the author.