Post

Policy for Device Software Functions and Mobile Medical Applications

This guidance outlines FDA's regulatory approach for device software functions and mobile medical applications. It focuses on software functions that meet the definition of a medical device and are either intended to be used as an accessory to a regulated medical device or to transform a mobile platform into a regulated medical device. The guidance clarifies which software functions FDA intends to regulate and which ones will be subject to enforcement discretion based on risk level.

  1. Determine if your software function meets the definition of a medical device
  2. Identify the device classification and applicable regulatory requirements
  3. Implement a Quality Management System compliant with QS regulation
  4. Develop and maintain procedures for:
    • Design controls
    • Risk management
    • Verification and validation
    • Adverse event reporting
    • Corrections and removals
  5. Register establishment and list devices with FDA if required
  6. Prepare and submit appropriate premarket submission if required
  7. Ensure labeling compliance
  8. Maintain records of design, development, and any changes
  9. Monitor post-market performance and report issues as required
  10. Contact FDA for guidance if unclear about requirements for your specific software function

Key Considerations

Non-clinical testing

  • Manufacturers must verify and validate their device software functions along with the computing platform
  • Testing should ensure safe and effective operation of the device

Software

  • Software functions must meet requirements associated with their device classification (Class I, II, or III)
  • Quality System regulation applies to software development and maintenance
  • Software validation and verification required
  • Adequate controls needed for safe distribution, installation and operation

Labelling

  • Must comply with applicable labeling regulations in 21 CFR Part 801 for medical devices
  • Must comply with 21 CFR Part 809 for in vitro diagnostic products

Safety

  • Must implement risk management strategies
  • Must have procedures to identify, analyze, correct and prevent software-related causes of patient/user harm
  • Must report adverse events under Medical Device Reporting requirements

Other considerations

  • ISO/IEC/IEEE 90003: Software engineering – Guidelines for the application of ISO 9001:2015 to computer software
  • ISO 13485: Medical devices – Quality management systems – Requirements for regulatory purposes
  • IEC 62304: Medical device software – Software life cycle processes
  • ISO 14971: Medical devices — Application of risk management to medical devices
  • IEEE Std 1012: IEEE Standard for System, Software, and Hardware Verification and Validation

Original guidance

  • Policy for Device Software Functions and Mobile Medical Applications
  • HTML / PDF
  • Issue date: 2022-09-28
  • Last changed date: 2022-09-27
  • Status: FINAL
  • Official FDA topics: Medical Devices, Digital Health, Premarket, Biologics
  • ReguVirta summary file ID: 9276af0ff554d5adde21a4ee151c32b3
This post is licensed under CC BY 4.0 by the author.