InputsPlanning
OutputsDMR
Standards/Guidances Inputs
Cybersecurity Gang
Software Gang

Medical Device Software Planning...

(I’m familiar ish with the hardware / classic design controls process but software is new. So we’re mapping 62304 / FDA requirement deliverables onto the design controls buckets)

FDA-specific architecture views

FDA may be expecting certain views such as detailed connectivity diagrams, update paths, and segregration controls.

Software Architecture Design

High-level structure of software components and physical / logical interfaces (Arch is input because it defines/locks the interfaces)

SRS

Software Requirements Specification (Detailed functional/performance/safety requirements for each software component)

Software Config Mgmt Plan

Version control, traceability, change mgmt

Development Environment Documentation

(Tools, compiler/interpreter, development standards) --> Build reproducibility

Software Safety Classification Documentation ??

(Just put this in the SDP?)

Coding Standards

SDP

Software Development Plan (Lifecycle, roles, tools, system integration)

Cybersecurity Management Plan

(Proactive controls for devices, cloud & data) [FDA Premarket Cybersecurity 2023]

FDA MDDS Guidance (Does this apply to backend server?) (Sept 2022)

FDA Device Software Functions Premarket (June 2023)

FDA General Principles of Software Validation

FDA Cybersecurity Premarket (Sept 2023, Mar 2024 for updates draft. Draft is expected to be incorporated in 2025 if FDA still exists.)

FDA Cybersecurity for Off-The-Shelf Software (Jan 2005)

FDA Cybersecurity Postmarket (Dec 2016)

Data Privacy & PII Documentation

(Evidence of encryption / access control mechanisms for PII [HIPAA/GDPR/FDA)

Secure Design Controls

(?? FDA wants us to follow a SPDF) So... is this the features built into the device, like auth/auth/encryption/secure updates? Or is this the software development process? [FDA Cybersecurity Guidance]

Software Detailed Design

Module-specific designs (eg encryption for PII, or stim algorithms) [Account for chosen components/processors, what are memory constraints, timing based on clock speeds ???]

Key: Grey is 62304

Key: Baby blue for FDA