Content of Premarket Submissions for Device Software Functions
This guidance provides recommendations for documentation to include in premarket submissions for FDA's evaluation of device software functions. It applies to firmware and software-based control of medical devices, software accessories to medical devices, and software-only functions that meet the definition of a device. The guidance does not apply to automated manufacturing and Quality System software or software that is not a device.
Recommended Actions
- Determine appropriate Documentation Level (Basic or Enhanced) based on risk assessment
- Prepare required documentation package including:
- Documentation Level evaluation and rationale
- Software Description
- Risk Management File
- Software Requirements Specification
- System and Software Architecture Diagram
- Software Development and Configuration Management documentation
- Software Testing documentation
- Software Version History
- Unresolved Anomalies documentation
- For Enhanced Documentation Level, additionally prepare:
- Software Design Specification
- Detailed unit and integration test protocols/reports
- Ensure traceability between software requirements, design, and testing documentation
- Consider cybersecurity throughout software development lifecycle
- Maintain all documentation in Design History File per Quality System requirements
- For combination products or multiple function devices, address additional documentation needs
- Consider submitting Pre-Submission to obtain FDA feedback on Documentation Level determination
Key Considerations
Non-clinical testing
- Software testing documentation should be provided at unit, integration and system levels
- System level test protocol including expected results, actual results, pass/fail determination required
- For Enhanced Documentation Level, additional unit and integration level test protocols and reports required
Software
- Documentation Level (Basic or Enhanced) determined based on risk assessment
- Software Description required, including overview of features, functions, inputs/outputs
- Software Requirements Specification (SRS) required
- System and Software Architecture Diagram required
- Software Design Specification (SDS) required for Enhanced Documentation Level
- Software Development and Configuration Management practices documentation required
- Software Version History required
- Unresolved Software Anomalies documentation required
Cybersecurity
- Cybersecurity considerations should be included in risk assessment
- System architecture should document cybersecurity controls and interfaces
Safety
- Risk Management File required including:
- Risk Management Plan
- Risk Assessment
- Risk Management Report
- Risk assessment should consider hazards and hazardous situations before risk controls
Other considerations
- For combination products, additional documentation may be required
- For multiple function devices, documentation should address impact of “other functions”
- Quality System Regulation requirements must still be met
Relevant Guidances
- Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
- Software Validation for Medical Device Production, Quality Systems, and Device Components
- Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
- Multiple Function Device Products: Policy and Considerations for Functions Not Subject to FDA Review
- Clinical Evaluation of Software as a Medical Device (SaMD)
- Policy for Device Software Functions and Mobile Medical Applications
- Computer Software Assurance for Production and Quality System Software (Draft)
Related references and norms
- ANSI/AAMI/ISO 14971: Medical devices - Applications of risk management to medical devices
- ANSI/AAMI/IEC 62304: Medical Device Software - Software Life Cycle Processes
- ANSI/AAMI SW91: Classification of defects in health software
Original guidance
This post is licensed under CC BY 4.0 by the author.