Sixteen years after the release of Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, the US Food and Drug Administration (FDA) has published a draft version of an updated Content of Premarket Submissions for Device Software Functions. What’s in the document and why should it concern you? Read on to find that out!
What is it?
Content of Premarket Submissions for Device Software Functions is an updated document issued by the US FDA on November 4, 2021. It identifies the software documentation necessary for evaluating the safety and effectiveness of a device in a premarket submission.
What’s in it?
This document provides information about the recommended documentation manufacturers should include in their premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions. It covers firmware and other software that controls medical devices, standalone software applications, software in general computing platforms, devices with dedicated hardware and software and medical device accessories that include software. These include both Software in a Medical Device (SiMD) and Software as a Medical Device (SaMD). In the draft text, FDA proposes a risk-based approach to the level of documentation that manufacturers need to provide.
Once finalized, this document will replace FDA’s Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, issued on May 11, 2005
What does it mean to medical device cybersecurity?
Here at Irdeto’s Connected Health Cybersecurity team, we’ve reviewed the document and here are some of the key takeaways. If you are a manufacturer of medical devices containing software or devices that are only software, you should review this document to identify what changes are relevant to your products. Although it does not have the force and effect of law and is not binding in any way, it provides you with recommendations that will make the entire premarket submission process more transparent and easier. The biggest change is that FDA is now expecting compliance with key standards like IEC 62304 and AAMI SW 91 that were not published when the 2005 document was released. So, it provides clarity, simplicity and harmonization with current best practices in medical device cybersecurity.
Are you struggling to keep up with the latest medical device cybersecurity standards?
Our expert team is always ready to assist you in coping with this challenge. Feel free to start a conversation with us now!