An Overview of Medical Device Software Regulations – International Standards and FDA Guidance Documents


Medical Device Software Safety

Safety is the central concern for medical device software development. Development of safe systems is rigorously supported by various regulatory requirements focusing on development process compliance. In other words, a strong emphasis is placed on regulatory oversight and device approval before market release to ensure proper verification and validation of these devices.

Due to the increased complexity of software in the devices requiring regulatory review, the time to pre-market approval has increased tremendously. This results in the impediment of innovations in the field as the success of innovations is often dependent on the speed of time-to-market.

Regional Medical Device Regulations

Two of the largest global bodies responsible for issuing and managing medical device regulation belong to the central governing functions of the US and EU. In the case of the US, the Food and Drug Administration (FDA) issues the pertinent regulation through a series official channels, including the Code of Federal Regulation (CFR) Title 21, Chapter I, Subchapter H, Part 820. In the EU, the corresponding regulation is outlined in the general Medical Device Directive (MDD) 93/42/EEC, the Active Implantable Medical Device Directive (AIMDD) 90/385/EEC, and the In-vitro Diagnostic (IVD) Medical Device Directive 98/79/EC – all three of which have been amended by 2007/47/EC.

International Medical Device Standards

In order to satisfy the regional regulation, there are several international standards published to advise and support medical device companies on their road to compliance. In most countries in the world, the medical device companies need to implement a Quality Management System for which they could use the requirements and guidance provided in ISO 13485.

For a medical device manufacturer to demonstrate that all risks have been identified, analysed, evaluated and mitigated in their development of a safe medical device, a risk management process has to be implemented that would satisfy the requirements outlined in ISO 14971. In the case of developing software as or embedded in a medical device, the guidance on applying the requirements of risk management process to software development can be followed, i.e. Technical Report IEC 80002-1.

IEC 62304, which can be used in conjunction with ISO 13485, offers a framework for the lifecycle processes necessary for the safe design and maintenance of medical device software. As a basic foundation, IEC 62304 assumes that medical device software is developed and maintained within a QMS such as ISO 13485, but does not require an organisation to be certified in ISO 13485.

FDA Guidance Documents

Although ISO 13485 and IEC 62304 are accepted in the majority of countries for QMS and medical device lifecycle process compliance, there are additional requirements outlined by the FDA when the device is to be marketed in the US such as FDA QSR for QMS requirements and FDA Guidance on Premarket Submission for Medical Device Software Requirements, respectively. In addition to these, the FDA Guidance on Off-the-Shelf Software Use in Medical Devices and FDA Guidance on General Principles of Software Validation are widely used in regulatory premarket audits in the US.


All of the above-mentioned international standards and FDA guidance documents provide a process compliance approach to quality and safety of medical device software. To help companies speed up the regulatory compliance process and get their innovative medical devices to market faster, we provide automation of risk management and quality management system implementation.

Read more about SoftComply Risk Manager

Read more about SoftComply eQMS

Leave a Reply

Your email address will not be published. Required fields are marked *