These are sites and organizations that I find useful for software organizations who are considering moving products into medical device markets. I actually maintain this page for me since I find that when I need **that** reference I can never find the darn thing. If it helps you, too, then great!

Updated May 2020

IMDRF

• Software as a Medical Device from the IMDRF
  • The FDA is looking more (and leading this subgroup (aka Consultation) in the IMDRF) to the IMDRF for guidance in this area. Scroll down after the link to see who is involved and what documents were produced. This is really good reading since the FDA is leading the charge here.

FDA References

• 21 CFR Part 820 – Medical Devices Quality System Regulation
  • The quality system regulations.

• Current Code of Regulations for 21 CFR part 11: Electronic Records; Electronic Signatures
  • Currently, enforced with regulatory discretion, but still the go-to for ensuring the integrity of records in any electronic system.
  • Guidance for the Industry (2005)
• Guide to Inspections of Quality Systems
  • The checklist used by FDA inspectors when inspecting device manufacturers.
• Software as a Medical Device
  • New thinking from the FDA around how to regulate software-only devices
• Digital Health Software Precertification (Pre-Cert) Program
  Design Control Guidance for Medical Device Manufacturers(Current as of Dec 2018) The current guidance document on what is required for design control for PMA submissions.
  
• Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices
  • What the FDA expects to see in your Pre Market Approval package, and of course, what you have done.
• IDE Application.
  • Investigational device exemption. Sometimes if the FDA feels a device needs more scrutiny they require this filing. They also helpfully provide a checklist. Even one for your cover letter. No, I’m not kidding.

FDA & Cybersecurity

The FDA has recently focused on cybersecurity. There is a complete section on this with good information.

• Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff
• Applying Human Factors and Usability Engineering to Medical Devices Guidance for Industry and Food and Drug Administration
• Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML) – based Software as a Medical Device (SaMD) (Feedback requested by June 2019)

IEC, ISO, and other standards bodies

• IEC 62304:2015 Medical device software — Software life cycle processes
• ISO 14971:2019 MEDICAL DEVICES — APPLICATION OF RISK MANAGEMENT TO MEDICAL DEVICES
  • Because 62304 does not deal explicitly with risk, this is the go-to for risk management in the standards world…at least for now.
  • ** just updated!