The Food and Drug Administration (FDA) recently released a final guidance document, “Content of Premarket Submissions for Device Software Functions.” This document is intended to provide information about the recommended documentation that medical device manufacturers should include in premarket submissions for the FDA's evaluation of safety and effectiveness of device software functions. This document replaces the FDA's “Content of Premarket Submissions for Software Contained in Medical Devices” document issued in May, 2005. Note: This new guidance does not apply to automated manufacturing and quality system software or software that is not a device.

In general, the FDA’s guidance documents do not establish legally enforceable responsibilities. Instead, guidance’s describe the FDA’s current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited.

Highlight of changes to FDA guidance on premarket submissions for device software

Since the last time this document was revised (2005), there have been many updates to this new guidance document that are certainly worth noting. Along with the multiple changes and additions, this guide will help with more clarity in the process of determining software documentation for premarket submission and review of software medical devices, or devices that have a software function.  

Some of the highlights that are important to mention include:

• Changes in terminology to more current trends. For example, the Hazard Analysis is now referred to as the Risk Management File.
  
• The table of contents has been extended and divided into several sections, broken down even further to include documentation type and Documentation Level.
  
• Level of Concern is now referred to as Documentation Levels. Although still guided by the level of product “risk," instead of major, moderate, and minor levels, they are now identified as Basic or Enhanced Levels.  Basic is any premarket submission that includes device software function(s) where Enhanced Documentation does not apply. Enhanced includes device software function(s) where a failure or flaw of any device software function(s) could present a hazardous situation with a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use.
• The Recommended Documentation section (formerly the Software-related Documentation) section has expanded to include more detail and subsections about software requirements, software architecture, software design, software development, software testing, software version history, and unresolved software anomalies.  
• The Software Description has been revised to add reference to guidance about Multiple Function Device products that extends into software operation, software specifics, and software inputs/outputs.  
• The Hazard Analysis is now the Risk Management file and continues to recommend ISO 14971 for guidance. It’s also been extensively revised to include the risk management plan, the risk assessment and risk management report.  
• Newly added Appendix A provides many Documentation Level examples intended to demonstrate the implementation of the Documentation Level risk-based approach. Over 20+ product examples are included in this list.
• Newly added Appendix B provides examples of diagrams for the purpose of demonstrating how the System and Software Architecture Diagram could be implemented into diagrams, and to help show a clear understanding of the system and software.

In addition to this new guidance, the FDA recommends reviewing the following guidance documents (which is not an exhaustive list) for additional support in determining premarket software documentation for submission.

• Multiple Function Device Products: Policy and Considerations
• Off-The-Shelf Software Use in Medical Devices
• Design Considerations and Premarket Submission Recommendations for Interoperable Medical Devices
• General Principles of Software Validation
• Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
• Cybersecurity for Networked Medical Devices Containing Off-The-Shelf (OTS) Software
• Applying Human Factors and Usability Engineering to Medical Devices