Mobile Medical App - Understanding 21 CFR Part 820 Requirements

L

Lancia

Hello Everyone,

I am new to the forum and the 510(k) process. I read a lot of your helpful threads but still have a few questions, if you don't mind.

For the past four months I've been collecting data for a 510(k) for a mobile med app and so far with lots of reading and samples was able to figure out the next step. But once I got to software validation I got lost - questions started to pile up. I am confused of the information that we need to have on file and the software part of the submission. Any help would be greatly appreciated.

So:
The quality regulations Title 21 - How do we go about it? I started reading it, but I do not understand if it is a series of procedures that we need to simply follow, or have to have a file with sections e.g. "Maintenance schedule", etc.? Is it actually something we can do by ourselves or need to hire a consultant?

The software validation - do I submit it in the 510(k) or do I have this on file? Is there a format for it? We do have software validation and verification procedures in place, but not sure if everything is logged or documented to meet FDA requirements. I'm so lost here, I don't know what is the right question to ask. There seem to be so many docs and guidance, that I'm not sure even if I am reading the right one.

Predicate testing - how extensive is it? How do I document the findings? Is there a format to follow? Or is the comparison table enough?


ANY help would be appreciated!
 

Ronen E

Problem Solver
Moderator
Hi Lancia and welcome to the Cove :bigwave:

Fear not. You have come to the right place.

This is your gateway: http://www.fda.gov/downloads/Medica...onandGuidance/GuidanceDocuments/UCM263366.pdf

If you follow through systematically and diligently, you should be fine. Please also note that all Medical Devices are subject to the FDA's General Controls (http://www.fda.gov/MedicalDevices/D...rview/GeneralandSpecialControls/ucm055910.htm) and must comply regardless of classification, unless explicitly exempted or subject to FDA declared enforcement discretion.

The role of the regulatory affairs professional is to work through the (sometime abundant) official guidance, and multiple regulations; decide which parts are applicable in a given context, and how; and plan the most effective and efficient way to comply. This process may be time consuming and errors may occur with varying degrees of consequent delays and costs.

The role of the competent regulatory affairs consultant is to reduce the time required and probability of severe consequences of errors, through utilisation of knowledge and experience, where these lack within the organization. Regardless, most competent consultants WILL need to put in non-negligible time and work in a given situation, to come up with specific responsible answers, except in cases where the questions are few and focused, or where the case at hand is identical to one previously handled (in my experience very seldom two cases are truly identical).

Cheers,
Ronen.
 
Last edited:

yodon

Leader
Super Moderator
Ronen is spot on, as usual and provided excellent references.

Verification is confirmation (with objective evidence) that you have met your requirements. Presuming you have written requirements, establish mapping between the requirements and what you did to test / confirm the requirements are met.

Validation is confirmation (with objective evidence) that your product meets your user needs and intended uses. Often this is done with study groups using the system to show that it's meeting the needs. Software validation is a bit broader in that you also need to have the controls in place to ensure the software will consistently meet user needs. Everyone expects software to change (new features, better interface, etc.) and so you need to have the procedures in place for how you manage the software changes, release changes, and ensure your users continue to have their needs met. Further, if you use "SOUP" (Software of Unknown Provenance" - essentially software you purchase or somehow pull in to your binaries like libraries) then you need to take extra measures to ensure that the SOUP is properly managed, does what it is intended to do, and won't cause issues.

Unfortunately, it's not a simple answer. Having a good regulatory consultant can help put you on the right path. A few hours of consulting time may save you many hours of effort and frustration.
 
Top Bottom