Standards, Guidance & Notices
Showing 111–120 of 128
ISO
ISO 14971:2019
Medical devices — Application of risk management to medical devices
Specifies terminology, principles and a process for risk management of medical devices, including software-only medical devices.
Published: 2019-12-01
AAMI
TIR
TIR
AAMI TIR102:2019
U.S. FDA 21 CFR mapping to the applicable regulatory requirement references in ISO 13485:2016 Quality Management Systems
Technical information report providing a mapping of US FDA 21 CFR 820 requirements to the regulatory requirement references in ISO 13485:2016. Developed by AAMI QM/WG 01 to help US industry identify applicable regulatory requirements through an ISO 13485 quality management system.
Published: 2019-08-30
NIST
FIPS
FIPS
FIPS 140-3
Security Requirements for Cryptographic Modules
The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems. This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems) as defined in Section 5131 of the Information Technology Management Reform Act of 1996, Public Law 104-106 and the Federal Information Security Management Act of 2002, Public Law 107-347.
This standard shall be used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments. The security requirements cover areas related to the s
Published: 2019-03-22
EU
MDCG
MDCG
MDCG 2019-2
Guidance on application of UDI rules to device-part of products referred to in article 1(8), 1(9) and 1(10) of Regulation 745/2017
MDCG 2019-2 — Guidance on application of UDI rules to device-part of products referred to in article 1(8), 1(9) and 1(10) of Regulation 745/2017 — (February 2019)
Published: 2019-02-01
AAMI
TIR
TIR
AAMI SW91 ED1:2018
AAMI SW91 ED1:2018
This AAMI technical information report establishes a standardized
classification system for defects identified in health software,
including software embedded in medical devices and Software as a
Medical Device (SaMD). The document defines defect categories based
on type, severity, and origin within the software development
lifecycle, enabling consistent defect tracking, root cause analysis,
and process improvement. The classification scheme supports
compliance with IEC 62304 software lifecycle requirements and FDA
quality system expectations, and is referenced in the context of
cybersecurity vulnerability management and postmarket surveillance
activities. Currently under reaffirmation review by the AAMI SM-WG08
Software Defect Classification Working Group (as of April 2025).
Published: 2018-11-02
EU
MDCG
MDCG
MDCG 2018-5
UDI assignment to medical device software
MDCG 2018-5 — UDI assignment to medical device software — (October 2018)
Published: 2018-10-01
JIS
Std
Std
JISQ13485
JIS Q 13485:2018 Medical devices - Quality management systems - Requirements for regulatory purposes (equivalent to ISO 13485:2016)
This JIS standard specifies quality management system (QMS) requirements for medical devices across their entire lifecycle, from design and development through manufacturing, storage, distribution, installation, servicing, and disposal, corresponding to ISO 13485:2016. The document establishes the foundational QMS framework required for medical device manufacturers to obtain manufacturing and sales licenses and manufacturing registration under Japan's Pharmaceutical Affairs Law (Yakuhin Kikai Hou). Manufacturers must establish documented procedures for design control, risk management, supplier management, production and process controls, verification and validation, nonconforming product management, corrective and preventive actions, and post-market surveillance. The standard emphasizes management responsibility, resource provision, competence and training, and management review to ensure consistent product quality and safety. Organizations must maintain traceability, manage changes, and implement effective management of product recalls. This QMS standard serves as the regulatory foundation integrating all other technical standards (IEC 62304, ISO 14971, IEC 62366-1) into a coordinated governance structure.
Published: 2018-04-20
IMDRF
IMDRF/SaMD WG/N41FINAL:2017
Software as a Medical Device (SaMD): Clinical Evaluation (FINAL 2017)
This document specifies the clinical evaluation framework for SaMD, defining a three-layer structure for evidence of effectiveness: analytical validation, technical verification, and clinical validation. Manufacturers should determine the depth of clinical evidence required based on the SaMD risk category established in the N12 framework. The document provides guidance on what constitutes appropriate clinical evidence for each risk level and serves as the baseline for clinical evaluation requirements in regulatory submissions. This framework is referenced in FDA, PMDA, and EU MDCG approval processes, establishing harmonized expectations for clinical documentation and evidence standards in SaMD regulatory submissions globally.
Published: 2017-09-21
FDA
CDRH
CDRH
FDA-Interoperability-2017
Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices
This FDA final guidance addresses design and regulatory considerations for medical devices that communicate electronically with other devices, health information systems, or electronic health records (EHR). The document emphasizes that interoperable devices must maintain safety and effectiveness across diverse clinical environments and integration scenarios. Manufacturers should incorporate risk management per ISO 14971 to identify and mitigate hazards associated with data exchange, system interoperability, and information integrity. Key design considerations include error detection and correction mechanisms, data validation and reconciliation procedures, interface standardization (HL7, DICOM, or equivalent standards), and cybersecurity protections ensuring confidential and accurate information exchange. Premarket submissions for interoperable devices must include technical documentation describing data exchange protocols, interface specifications, validation testing demonstrating accurate data transmission and receipt, and labeling clearly defining compatible systems and valid use cases. The guidance establishes that interoperability requirements should be addressed through systematic design controls incorporating software development processes per IEC 62304 where applicable. Manufacturers should validate interoperability across representative healthcare information technology environments. The guidance recognizes that interoperable devices create complex system-level risks requiring comprehensive validation approaches extending beyond individual device testing.
Published: 2017-09-06
JIS
Std
Std
JIST2304
JIS T 2304:2017 Medical device software - Software lifecycle processes (equivalent to IEC 62304:2006+Amd.1:2015)
This JIS standard specifies software lifecycle processes for embedded software in medical devices and Software as a Medical Device (SaMD), corresponding to IEC 62304:2006+Amendment 1:2015. The document defines development and maintenance requirements according to safety classes A, B, and C, establishing a comprehensive framework for software development activities. Originally enacted in 2006, the standard was revised in 2017 to align with the 2015 amendment of the international standard. Manufacturers must comply with this standard when developing medical device software to ensure systematic control of design, development, verification, validation, and post-market activities. The lifecycle processes encompass requirements analysis, design specification, implementation, verification, and validation phases tailored to device risk classification. This standard serves as a foundational requirement under the Pharmaceutical Affairs Law (Yakuhin Kikai Hou) for medical device approval and registration in Japan.
Published: 2017-03-01