CBER Finalizes Standards Guidance

The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the use of appropriate standards in the development and qualification of CBER-regulated medical products.  The guidance acknowledges that the use of standards can “provide a more efficient evaluation of regulatory submissions, including investigational new drug applications (INDs), biologics license applications (BLAs), new drug applications (NDAs), investigational device exemptions (IDEs), premarket approval applications, and premarket notifications, supplements, and amendments.”  This guidance however does make clear that CBER will not “endorse the activities of specific Standards Development Organizations (SDOs) or recommend specific standards for use in regulatory submissions.”

What about medical devices, particularly that contain software?  While the guidance does not address software directly, the guidance does make clear that “use of consensus standards is not mandatory for medical device regulatory submissions unless the consensus standard has been incorporated by reference into a regulation. For devices regulated by CBER, a sponsor or manufacturer of a medical device may use either standards that have been “recognized” by CDRH or non- recognized standards to support regulatory submissions for medical devices.”  One should consider that IEC 62304 is a recognized standard by CDRH but use of IEC 62304 is not mandated by the regulations.  However, SoftwareCPR would advise the use of an IEC 62304 compliant process for any software developed for use in a medical device since it requires safety risk management activities.

Depending on the intended use, there could be software impact from “Data Standards” and/or “Performance Standards”.  The guidance defines data standards may “describe the data elements and relationships necessary to achieve the unambiguous exchange of information between disparate information systems.”  Performance Standards “state requirements in terms of required results without stating the methods for achieving those results. A performance standard may define the functional requirements for the item, operational requirements, and/or interface and interchangeability characteristics.”

Download the guidance here:  Standards-Development-and-Use-of-Standards-in-Regulatory-Submissions_Final

CDRH maintains a list of Recognized Consensus Standards that can be found at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm.

Click this link to see a search of all SoftwareCPR posts related to consensus standards:  https://www.softwarecpr.com/?s=consensus

About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.