FDA has indicated that they “envision a future state where the medical device ecosystem is inherently focused on device feature and manufacturing practices that promote quality and patient safety.” This comes at time when manufacturers are not only creating more novel devices, but also reinventing how devices are manufactured. This means that “one size fits all” regulations with strict guidelines on how to manufacture devices, are no longer possible. This guidance document is another step forward in the agency’s movement towards integrating a risk-based approach to the full life cycle of a medical device. By guiding FDA staff and industry on how to apply a risk based approach to things like software in the manufacturing process, the agency is allowing the industry to grow at a faster rate while being more direct on what and how software shall be governed.
Computer Software Assurance (CSA) is a risk-based approach for establishing and maintaining confidence that software is fit for its intended use. CSA requires manufacturers to examine the software, how it impacts the end product and ultimately, how it impacts the end users. This methodology will reduce requirements for the software, of which the potential impact on the end product is low and will allow sponsors to allocate those resources to the high risk software.
The FDA has broken the CSA Risk Framework into four sections:
1. Identifying the Intended Use
2. Determining the Risk-Based Approach
3. Determining the Appropriate Assurance Activities
4. Establishing the Appropriate Record
Assuming the document is published, it will require manufacturers to re-examine how the manufacturing and quality related software are evaluated, tested and documented. Instead of having a generic software validation requirement, each manufacturer will be asked to justify the validation requirements and also maintain records that provide a responsible assurance that the software will not cause harm to the product and ultimately the end user.
