The latest (June 2023) changes to the FDA’s new premarket submission guidance

Lee Chickering

and

October 16, 2023

Table of Contents

On June 14, 2023, a long-awaited new FDA guidance Content of Premarket Submissions for Device Software Functions replaced the 2005 version which defined the content of software submissions. This guidance outlines key changes software developers, regulatory affairs, and quality professionals need to know about the differences between the original 2005 guidance and the 2023 version.

The recent update brings significant changes to the submission process, particularly in the levels of documentation required based on the risk level of the device. We will guide you through the key points to clarify the FDA’s expectations while offering practical steps for you and your team to meet them without feeling overwhelmed.

Part 1: Software Categorization has changed

In the 2005 version, device software fell into one of three categories: Minor, Moderate, and Major levels of risk. These levels of risk determined the type and amount of design control documentation to submit to the FDA.

In 2023, the FDA has “reduced” the software risk level categories to an Enhanced or Basic construct, changing the degree of design control documentation previously required.

No device software is considered “Minor” anymore. Manufacturers whose device was previously categorized as “Minor” or “Moderate” will need to take a close look at the new requirements for their software documentation.

In a recent webinar, the FDA made it clear that risk analysis is the determining factor for the assigned documentation levels. Companies, per the new mandated eSTAR program, must now complete a thorough Risk Analysis to determine if they qualify as Basic or Enhanced and submit their evaluation. This is called out in the 2023 premarket submission guidance document, Table 1 . Outline of Recommended Documentation—“A statement indicating the Documentation Level and a description of the rationale for that level [is required]."

Enhanced: “Device software function(s) where a failure or flaw of any device software function(s) could present a hazardous situation with a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use.” Device software previously labeled as Major falls under this category along with some Moderate categorizations.

Basic: “Any premarket submission that includes device software function(s) where Enhanced Documentation does not apply”. Device software previously labeled as Minor along with some Moderate falls under this category Generally, devices that fall in the Basic category require less submission documentation than the Enhanced category.

Summary Table of Documentation Level Changes

Part 2: Review of changes for required premarket submission documentation for device software

Here is a step-by-step breakdown of what stayed the same and changes that are now in effect as of August 14, 2023. You can also view our handy tool here to easily view changes based on either the 2005 or 2023 software categorization levels

Alert

  • Documentation Level Evaluation (formerly Level of Concern (LOC)): While the methodology for determining a submission documentation category remains essentially the same, e.g., risk based, the type and amount of documentation changes significantly for previous minor and moderate risk level categories of devices.

  • Software Description: The requirement for this type of documentation remains unchanged. However, the degree of detail required now, in the context of software systems engineering is significantly different, e.g., “overview of significant software features, functions, analyses, inputs, outputs, and hardware platforms”. It also references cybersecurity considerations.

  • Risk Management File (formerly Hazard Analysis): Previously asked for a “summary” subset of the risk analysis process (hazard analysis) in tabular form with specific fields. Now the requirement is to provide a Risk Management File which contains all of the risk analysis information resulting in risk control measures and a benefit/risk analysis. Previously based on a risk/benefit analysis, now overall residual risk is assessed on a benefit/risk basis.

  • Software Requirement Specifications (SRS): Previously, manufacturers of Minor LOC devices could summarize functional requirements. Now, everyone must submit a complete SRS document with appropriate quality assurance properties.

  • System and Software Architecture Design (formerly Architecture Design Chart): Detailed Architecture Design is now required for all software submissions, irrespective of the device risk level.

  • Software Design Specification (SDS): This section poses a unique scenario for Minor and Moderate LOC device software. Now, manufacturers are not required to submit an SDS for Basic risk level devices and Enhanced risk level devices require an SDS along with evidence of traceability to the SRS.

  • Software Development, Configuration, Management, and Maintenance Practices: Documentation requirements have changed for a Minor LOC device. For Enhanced software, a Declaration of Conformity OR extensive documentation that includes all Basic requirements is now required.

  • Software Testing as Part of Verification and Validation: For previous Minor LOC devices, more testing documentation is required, including detailed descriptions of V&V activities, integration, and other processes.

  • Software Version History: All levels are required to continue documenting a history of tested software versions and their date. A new requirement is to provide a brief description of each (tested) version.

  • Unresolved Anomaly List: All levels must provide this documentation.

  • Traceability Matrix: The requirement for an explicit traceability analysis (matrix) has been removed.

Part 3: The Impact of Changes to the FDA 510(k) Pre-market Submission

Over the years there has been a lot of confusion in determining the software LOC. The FDA is clarifying the risk-based activities expected from a Quality Management System.

The updated guidance is more explicit, leaving less room for ambiguity. Accordingly, the FDA expects all companies to comply promptly with the new requirements. Keeping on top of compliance with the latest FDA guidance will help ensure a successful premarket submission and a smoother path to market approval.