UDI and Standalone Software - UDI per installation?

[qmvpma]

Hi there,

i am thinking about how far we have to go with UDIs on standalone software and medical apps.

We ship our software as download and as CD.
As far as i understand the regulation we have to create an UDI for each relase of the software and print this an the CD-Label as well as in the "about" screen inside the software.

But do we need to create an UDI for each installation of our software to pull the traceability from the build down to the installed software at the customer's servers?
And how to handle the UDI for medical apps that are distributed by app stores of google or apple?

I could think of an UDI for this in this form: DI + software-version (PI) + License-Key

 

[Stijloor]

A Quick Bump!

Can someone help?

Thank you very much!!

 

[yodon]

Stepping out of my comfort zone but I'll give it a go...

As far as i understand the regulation we have to create an UDI for each relase of the software and print this an the CD-Label as well as in the "about" screen inside the software.

So far that sounds like it aligns with the regulation & guidance.

But do we need to create an UDI for each installation of our software to pull the traceability from the build down to the installed software at the customer's servers?


I could think of an UDI for this in this form: DI + software-version (PI) + License-Key

Here are a few snippets from the (small entity compliance) guidance that frames my answer:

The device identifier (DI) is a mandatory, fixed portion of the UDI that identifies (1) you as the labeler, and (2) the specific model or version of your device.

...

Each DI is used to identify only one version or model. You must assign a new DI if you change a device so that it becomes a new version or model. ... Keep in mind, you as the labeler, and not FDA, decides what is a separate version or model of your device for purposes of requiring a DI.

...

A production identifier (PI) is a conditional, variable portion of the UDI. If you have included any of following information in your device label, that information must also be included in the PI portion of the UDI:
(a) The lot or batch within which a device was manufactured;
(b) The serial number of a specific device;
(c) The expiration date of a specific device;
(d) The date a specific device was manufactured.
(e) For an HCT/P regulated as a device, the distinct identification code required by 21 CFR 1271.290(c).

My first question would be whether you have a unique configuration for each customer? If not, I don't think you would need a PI portion and so your DI would just be the stuff assigned by the IA and your software version number.

And then I rearranged things a bit to isolate my feedback.

And how to handle the UDI for medical apps that are distributed by app stores of google or apple?

There are exceptions listed in the small entity guidance doc but essentially, if it's a device that's not class I exempt, I think you have to comply.

 

[QAengineer13]

I have a question, what category/class does the stand alone software used for IVD falls under?

Because if it falls under Class I as per 21 CFR Part 801, Sec.801.30 (d) The UDI of a Class I device is not required to include a production identifier.

Any inputs?

 

[QAengineer13]

Guidance document from International Medical device regulators forum ( IMDRF) for software UDI assignment criteria and placement Criteria [Refer 10.6] Software as a Medical device (SaMD).

 

[RL-WANG]

Please browse to IMDRF webpage www imdrf org and look for IMDRF Documents.
The latest version (21 March 2019) is available for Unique Device Identification system (UDI system) Application Guide .

 

[RL-WANG]

The direct link is Documents