July 17, 2023
Food and Drug Administration announces revised documentation requirements for medical device software submissions
Manufacturers looking to gain market access for their medical devices were notified by the Food and Drug Administration last month of a new, risk-based approach to determining a device's documentation needs for software functions and regulatory approval.
gives medical device manufacturers information on how to evaluate a device's Documentation Level as either Basic or Enhanced, in place of the previous Level of Concern (LOC) categorization that distinguished devices as Minor, Moderate, or Major. This new guidance is the first substantial update to FDA's documentation procedures for software-related functions since 2005.
The new guidance significantly changes the existing approach and rubric for how a device manufacturer should identify the appropriate level of documentation to include in a regulatory submission for software functions.
Medical device manufacturers must begin following the new guidance for all submissions within 60 days of the initial June 14, 2023, publication date. The FDA Center for Devices and Radiological Health has stated it will also begin reviewing this revised information in applications submitted before the deadline, if included. The most recently released (v4) incorporates the Documentation Level approach per this revised software guidance.
To help sponsors and stakeholders understand FDA's revised evaluation process, a to discuss the final guidance, , which will:
- Discuss the risk-based approach to determining the recommended documentation level for a premarket submission
- Answer questions about the recommendations for information to be included in premarket submissions for the newly designated Basic and Enhanced Documentation Levels
Key changes to documentation requirements for Minor LOC medical device software submissions
The Basic Documentation requirements share some similarities with the Minor LOC documentation requirements; however, the new guidance does include notable differences, such as:
- Requirement of a Risk Management File containing a risk management plan, a risk assessment demonstrating risks have been appropriately mitigated, and a risk management report
- Individual requirements outlined and traced to risk management, the architecture design chart, and verification/validation testing
- Requirement of an Architecture Design Chart
- Requirement of a Software Development Environment Description, which can be satisfied via a Declaration of Conformity to IEC 62304 subclause 5.1, clause 6 and clause 8 among others
- Summary of unit, integration, and system-level verification/validation testing with a system-level testing report including expected results, observed results, and pass/fail determination
- Requirement of an Unresolved Anomalies list
The new guidance also provides a comprehensive list of examples for selecting the correct Documentation Level for a submission as well as style guidelines indicating when visual and language considerations for architecture diagrams should be included.
Documentation Level evaluation for medical device software submissions
FDA's new guidance also provides additional information to assist device makers in evaluating the appropriate Documentation Level for their submission. Specifically, the guidance notes "sponsors should consider all known or foreseeable software hazards and hazardous situations associated with the device, including those resulting from reasonably foreseeable misuse, whether intentional or unintentional, prior to the implementation of risk control measures. This also includes the likelihood that device functionality is intentionally or unintentionally compromised by inadequate device cybersecurity."
This new guidance broadens the scope for devices at the Enhanced Documentation Level and alludes to its and cybersecurity guidance documents.
A comparison of the minimum documentation required by the new guidance
The table below compares the documentation for Minor LOC (2005 guidance) against the new Basic Documentation Level (2023 guidance).
Document Section | Minor LOC (2005 Guidance) | Basic Documentation Level (2023 Guidance) |
---|---|---|
Documentation Level Analysis | Required (called Level of Concern Analysis) | Required (called Documentation Level Evaluation) |
Software Description | Summary Overview Required | Description including overview of software features, functions, analyses, inputs, outputs, and hardware platforms is required |
Risk Management | Required (called Device Hazard Analysis) | Required (called Risk Management File — Plan, Assessment, and Report) |
Software Requirement Specification (SRS) | Summary of functional requirements | Individual requirements that trace to risk management, SDS (if applicable), architecture design chart, and testing |
Architecture Design Chart | Not Required | Required |
Software Design Specification (SDS) | Not Required | Not Required |
Traceability Analysis | Required | Required as a part of the Software Requirement Specification (SRS) |
Software Development Environment Description | Not Required | Summary of lifecycle development plan and configuration/maintenance activities OR IEC 62304 Certification |
Verification and Validation Documentation | Software functional test plan, pass/fail criteria, and results | Summary of unit, integration and system-level testing, and system-level report |
Revision Level History | Required | Required |
Unresolved Anomalies | Not Required | Required |
As seen in the above table, the new guidance requires more software documentation compared to the previous guidance, even for devices considered to have a Minor LOC, which will now require Basic Documentation under the new guidance. For example, the new guidance requires an architecture design chart and listing of unresolved anomalies.
What Can We Help You Solve?
Ä¢¹½tv's multidisciplinary team of medical device, software, artificial intelligence, and regulatory consultants can help clients navigate both the premarket and post-market requirements for medical devices. Our consultants have expertise in bringing devices including software components to market, and we support medical device manufacturers throughout their product's lifecycle.
Regulatory Compliance for Medical Products
Experienced regulatory support for medical devices, pharmaceuticals, and combination products.
Medical Device IP Consulting
Specializing in intellectual property consulting for medical device manufacturing companies.
Medical Device Design & Development Support
Crucial medical device design and development analyses to empower your decision-making.
Life Sciences Due Diligence
Due diligence technical consulting services to help verify the science and technology behind medical devices and related therapeutics.
Product Development
Expert electrical engineering and computer science consulting services for every stage of your product journey.
Biometric Analysis & Data Collection
Consumer electronic product evaluation and testing for biometric human inputs and human performance metrics.