Standards, Guidance & Notices
Showing 121–128 of 128
IEC
IEC 82304-1:2016
Health software — Part 1: General requirements for product safety
Applies to health software intended to be operated on general-purpose computing platforms. Covers product safety requirements for the complete life cycle.
Published: 2016-10-01
ISO
ISO 13485:2016
Medical devices — Quality management systems — Requirements for regulatory purposes
Specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services.
Published: 2016-03-01
IEC
IEC 62304:2006+AMD1:2015
Medical device software — Software life cycle processes
Defines life cycle requirements for software in medical devices and in vitro diagnostic medical devices. Applies to development and maintenance of medical device software.
Published: 2015-06-01
IMDRF
IMDRF/SaMD WG/N12FINAL:2014
Software as a Medical Device (SaMD): Framework for Risk Categorization and Corresponding Considerations (FINAL 2014)
This core document defines the risk classification framework for SaMD using a two-axis matrix approach. The framework combines clinical context (serious condition, significant condition, or minor condition) with the significance of information provided by the SaMD (treatment, diagnosis, or notification), resulting in four risk categories. This classification scheme provides the basis for regulatory decision-making regarding appropriate oversight levels. The framework is referenced internationally in Japan's Program Medical Device classification system, FDA Digital Health Policy, and EU MDR risk assessment requirements, establishing a harmonized foundation for SaMD regulatory evaluation across multiple jurisdictions.
Published: 2014-09-18
IMDRF
IMDRF/SaMD WG/N10FINAL:2013
Software as a Medical Device (SaMD): Key Definitions (FINAL 2013)
This foundational document establishes international definitions and terminology for Software as a Medical Device (SaMD), distinguishing it from hardware-based medical devices. SaMD is defined as software intended for use in achieving a medical purpose without being part of a hardware medical device. This definition serves as the baseline reference for all subsequent IMDRF SaMD guidance documents and national regulatory frameworks. The FDA, PMDA, and EU MDR all reference this definition in their respective SaMD regulatory frameworks, making it essential to understanding harmonized international SaMD regulation and classification schemes adopted globally.
Published: 2013-12-18
ISO
ISO/TR 80002-1:2009
Medical device software — Part 1: Guidance on the application of ISO 14971 to medical device software
Provides guidance on the application of ISO 14971 to medical device software, addressing software-specific aspects of risk management.
Published: 2009-08-01
FDA
CDRH
CDRH
FDA-Cybersecurity-OTS-2005
Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software
This FDA guidance document (2005) addresses cybersecurity management for network-connected medical devices incorporating off-the-shelf (OTS) software components. The guidance delineates responsibility allocation between manufacturers and healthcare facility information technology personnel, acknowledging shared accountability for device cybersecurity posture. Key technical topics include operating system patch management, antivirus software deployment, network access controls, and authentication mechanisms. The document establishes that manufacturers bear primary responsibility for device design incorporating security controls, while healthcare facilities assume responsibility for network infrastructure, patch management, and periodic security assessments appropriate to their operational environments. While superseded by more contemporary 2023 guidance addressing current cybersecurity threats and FDA regulatory expectations, this 2005 document provides valuable historical context for understanding the evolution of FDA cybersecurity requirements. Manufacturers and healthcare organizations benefit from understanding these foundational cybersecurity management principles, which remain relevant despite advances in threat landscape and technology. The document emphasizes that cybersecurity is a shared responsibility requiring collaboration between device manufacturers and end-users.
Published: 2005-01-14
FDA
CDRH
CDRH
FDA-SW-Validation-2002
General Principles of Software Validation — Final Guidance
This FDA final guidance (Version 2.0) establishes foundational principles for validating medical device software and software used in device design and manufacturing. The document systematically addresses software lifecycle methodologies, verification and validation (V&V) concepts, and documentation expectations. It defines key terminology including validation, verification, and testing, and describes the relationship between software development processes and regulatory submissions. Although IEC 62304 provides a more recent international standard framework, this guidance document remains a critical reference for FDA submissions and regulatory expectations. Manufacturers should apply the lifecycle principles outlined herein to demonstrate software safety and effectiveness. The guidance emphasizes that validation must be commensurate with device risk classification and intended use. It provides practical examples of validation approaches for various software categories and addresses both standalone software (SaMD) and software as a component of hardware devices. The document serves as essential foundational material for understanding FDA's expectations regarding software documentation in premarket applications.
Published: 2002-01-11