Comprehensive Guide to FDA's Updated Premarket Submission Requirements for Device Software Functions

In June 2023, the FDA updated its guidance document, "Content of Premarket Submissions for Device Software Functions",' to provide comprehensive recommendations for the documentation required in premarket submissions for medical devices incorporating software functions. This update aims to streamline the premarket review process and ensure the safety and effectiveness of software-driven medical devices.

Key Objectives of the June 2023 update

1. Update on Documentation Requirements: This guidance updates the previous recommendations from the 2005 guidance document, reflecting the FDA's current thinking and practices.
2. Facilitate Premarket Review: By outlining the necessary documentation, the guidance helps streamline the FDA's premarket review process.
3. Risk-Based Approach: The guidance emphasizes a risk-based approach to determine the level of documentation required, classified as either Basic or Enhanced Documentation Levels.

Scope

The guidance applies to all software functions that meet the definition of a medical device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act). It covers:

• Premarket notification (510(k)) submissions
• De Novo classification requests
• Premarket Approval (PMA) applications
• Investigational Device Exemption (IDE) submissions
• Humanitarian Device Exemption (HDE) submissions
• Biologics License Applications (BLA) .

Documentation Levels

The guidance specifies two levels of documentation based on the risk associated with the software function:

• Basic Documentation Level: For software functions where the failure or flaw is unlikely to cause serious harm.
• Enhanced Documentation Level: For software functions where a failure could result in serious injury or death .

Recommended Documentation Elements

1. Software Description: An overview of the software features, functions, and operational details, including images, flow charts, and state diagrams .
2. Risk Management File: Detailed risk analysis and management plans to identify and mitigate potential hazards associated with the software .
3. Software Requirements Specification (SRS): A document detailing the functional and non-functional requirements of the software .
4. Software Design Specification (SDS): Comprehensive design documentation including architecture diagrams .
5. Verification and Validation Testing: Test plans, protocols, and results demonstrating that the software meets its intended use and performance criteria .
6. Software Version History: A history of all software versions tested, including changes and updates .
7. Unresolved Software Anomalies: A list of any remaining software issues and their impact on device safety and effectiveness .

Additional Considerations

• Software Bill of Materials (SBOM): A key component of the FDA's updated cybersecurity requirements is the inclusion of a Software Bill of Materials (SBOM). An SBOM is a detailed list of all software components, including commercial, open-source, and off-the-shelf software, used in the device. This requirement, effective from October 1, 2023, ensures that manufacturers provide transparency and facilitate the identification and mitigation of vulnerabilities in software components. The SBOM must be machine-readable and include information about the software components, such as versions and licenses, as well as their support status.
• Cybersecurity: Documentation should include a cybersecurity risk management process, addressing risks and emerging vulnerabilities throughout the product lifecycle .
• Use of Consensus Standards: The guidance harmonizes with relevant consensus standards, such as ANSI/AAMI/ISO 14971 and ANSI/AAMI/IEC 62304, to ensure consistency and quality in software development and documentation .

Conclusion

The FDA's "Content of Premarket Submissions for Device Software Functions" guidance provides a structured framework for submitting comprehensive and consistent documentation for device software functions. By adhering to these recommendations, manufacturers can facilitate the FDA's review process and ensure the safety and effectiveness of their software-driven medical devices.

For detailed information and additional copies, you can visit the FDA's guidance document page here .