Multiple Function Device Products: Policy and Considerations for Functions Not Subject to FDA Review
This guidance explains FDA's regulatory approach and policy for multiple function device products, which are products containing at least one device function and at least one other function. It clarifies when and how FDA intends to assess the impact of other functions that are not subject to premarket review on the safety and effectiveness of a device function under FDA review.
Recommended Actions
- Document separation strategy between device function and “other functions” in design and implementation
- Conduct and document impact assessment of “other functions” on device function, including:
- Safety impacts
- Performance impacts
- Risk analysis
- Cybersecurity considerations
- Implement appropriate controls and mitigations for identified impacts
- Prepare premarket submission documentation including:
- Description of functions and their interactions
- Risk assessment results
- Performance testing data
- Labeling addressing “other functions”
- Establish process for evaluating modifications to “other functions”
- Maintain documentation in quality system regarding impact assessments and justifications
- Consider cybersecurity controls for interconnected functions
- Validate design including software validation where appropriate
- Prepare clear labeling describing scope of FDA review
Key Considerations
Non-clinical testing
- Performance testing should be conducted considering aspects of “other functions” that impact performance
- Testing should demonstrate that impact to safety or effectiveness is appropriately addressed
- Follow relevant existing regulations, policies, guidances, and FDA-recognized consensus standards
Software
- Software validation required as part of design validation where appropriate
- Architecture and design documents should be included for software with adequate detail about function interactions
- Software requirements documentation should describe functional and non-functional requirements
- Separation in design and implementation recommended between device function and “other functions”
Cybersecurity
- Consider cybersecurity risks when evaluating separation of functions
- Assume “other functions” may be employed maliciously or unintentionally to cause adverse impact
- Implement appropriate cybersecurity controls for interconnected functions
Labelling
- Include description of “other functions” adequate to ensure appropriate use
- Include additional information or limitations associated with “other functions” as needed
- Indications for use should only include device function under review unless positive impact is claimed
Safety
- Conduct risk-based assessment of potential adverse impacts
- Document risk mitigations employed
- Consider impacts to safety associated with risk
- Evaluate if “other functions” introduce new hazardous situations
Other considerations
- Document impact assessment in quality system
- Assess modifications to “other functions” for significant impacts
- Consider shared computational resources and data dependencies
- Evaluate positive and negative impacts on device function
Relevant Guidances
- Content of Premarket Submissions for Device Software Functions
- Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
- Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
- Software Validation for Medical Device Production, Quality Systems, and Device Components
- Design Controls for Medical Device Manufacturers
Related references and norms
- ANSI/AAMI/ISO 14971: Medical devices – Application of risk management to medical devices
Original guidance
- Multiple Function Device Products: Policy and Considerations for Functions Not Subject to FDA Review
- HTML / PDF
- Issue date: 2020-07-29
- Last changed date: 2020-07-29
- Status: FINAL
- Official FDA topics: Medical Devices, Digital Health, Postmarket, Drugs, Premarket, Combination Products, Biologics
- ReguVirta summary file ID: cf9feab7233f06f4ad49aa0a7065c6c0
This post is licensed under CC BY 4.0 by the author.