Sixteen years after the release of Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, the US Food and Drug Administration (FDA) has published a draft version of an updated Content of Premarket Submissions for Device Software Functions. What’s in the document and why should it concern you? Read on to find that out!
What is it?
Content of Premarket Submissions for Device Software Functions is an updated document issued by the US FDA on November 4, 2021. It identifies the software documentation necessary for evaluating the safety and effectiveness of a device in a premarket submission.
What’s in it?
This document provides information about the recommended documentation manufacturers should include in their premarket submissions for FDA’s evaluation of the safety and effectiveness of device software functions. It covers firmware and other software that controls medical devices, standalone software applications, software in general computing platforms, devices with dedicated hardware and software and medical device accessories that include software. These include both Software in a Medical Device (SiMD) and Software as a Medical Device (SaMD). In the draft text, FDA proposes a risk-based approach to the level of documentation that manufacturers need to provide.
Once finalized, this document will replace FDA’s Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, issued on May 11, 2005
What does it mean to medical device cybersecurity?
Here at Irdeto’s Connected Health Cybersecurity team, we’ve reviewed the document and here are some of the key takeaways. If you are a manufacturer of medical devices containing software or devices that are only software, you should review this document to identify what changes are relevant to your products. Although it does not have the force and effect of law and is not binding in any way, it provides you with recommendations that will make the entire premarket submission process more transparent and easier. The biggest change is that FDA is now expecting compliance with key standards like IEC 62304 and AAMI SW 91 that were not published when the 2005 document was released. So, it provides clarity, simplicity and harmonization with current best practices in medical device cybersecurity.
How can you influence the final document?
FDA is accepting feedback on the draft until February 2, 2022. Under the MDUFA IV commitments, the agency is supposed to deliver final guidance within 12 months of the end of the draft comment period. And on December 16, 2021, FDA will host a webinar for medical device manufacturers and other stakeholders to discuss the draft guidance. This is your chance to have your say.