List (with Links) of Important Medical Device Software Standards

July 25, 2022

If you’ve done any research on regulatory requirements for medical device software, you know there is a bewildering array of documents out there covering everything from AI to UDI. Clients often ask us which documents are most relevant, so we’ve put together this list as a helpful resource.

By all means, don’t assume this is a comprehensive list of every requirement related to software. The US FDA, for example, publishes 600+ medical device guidance documents, many of which are focused on device-specific, software-centric products. Still, if you go on a downloading frenzy and get most/all of the documents in the list below, you will have an excellent library essential for FDA or EU MDR/IVDR compliance. (Understanding them is another story, but we can help with that.) Of course, you will also want some essential horizontal standards such as ISO 14971:2019 for risk management, and ISO 13485:2016. (Note: Documents with * are not free.)

DOCUMENT TITLE CORE FOCUS PUBLISHER DATE
Machine Learning-enabled Medical Devices: Key Terms and Definitions AI/ML IMDRF May 2022
European Artificial Intelligence Act (proposed draft) AI/ML European Commission April 2021
Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) AI/ML US FDA September 2021
Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations Classification IMDRF September 2014
MDCG 2019-11: Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 – MDR and Regulation (EU) 2017/746 – IVDR Classification European Commission November 2019
MEDDEV 2.1/6 – Guidance Document Medical Devices: Scope, Field of Application, Definition – Qualification and Classification of Standalone Software Classification European Commission July 2016
Software as a Medical Device (SaMD): Clinical Evaluation Clinical IMDRF September 2017
MDCG 2020-1 Guidance on Clinical Evaluation (MDR) / Performance Evaluation (IVDR) of Medical Device Software Clinical European Commission March 2020
ANSI/AAMI 2700-1:2019: Medical Devices And Medical Systems – Essential Safety And Performance Requirements For Equipment Comprising The Patient-Centric Integrated Clinical Environment (ICE) – Part 1: General Requirements And Conceptual Model* Clinical ANSI 2019
Clinical Decision Support Software: Draft Guidance for Industry and Food and Drug Administration Staff Clinical US FDA September 2019
Software as a Medical Device (SAMD): Clinical Evaluation Clinical US FDA December 2017
IMDRF Principles and Practices for Medical Device Cybersecurity (draft) Cybersecurity IMDRF December 2019
Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity (draft) Cybersecurity IMDRF August 2022
Principles and Practices for the Cybersecurity of Legacy Medical Devices (draft)  Cybersecurity IMDRF May 2022
MDCG 2019-16 – Guidance on Cybersecurity for Medical Devices Cybersecurity European Commission June 2020
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations Cybersecurity NIST May 2022
Securing Telehealth Remote Patient Monitoring Ecosystem Cybersecurity NIST/NCCoE May 2021
Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions (draft) Cybersecurity US FDA April 2022
Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Draft Guidance for Industry and Food and Drug Administration Staff Cybersecurity US FDA October 2018
Postmarket Management of Cybersecurity in Medical Devices Cybersecurity US FDA December 2016
Playbook for Threat Modeling Medical Devices Cybersecurity MITRE/MDIC November 2021
ISO/IEC 27001 series of standards on information security* Cybersecurity ISO/IEC Varies
IEEE 11073-10101-2019: IEEE Standard for Health informatics–Point-of-care medical device communication – Part 10101: Nomenclature* Definitions IEEE October 2019
Software as a Medical Device (SaMD): Key Definitions Definitions IMDRF December 2013
Electromagnetic Compatibility Aspects of Medical Device Quality Systems EMC US FDA August 2014
Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices Interoperability US FDA September 2017
ANSI/AAMI/UL 2800-1:2019: Standard For Safety For Medical Device Interoperability* Interoperability ANSI 2019
IEEE 11073-20601-2019: IEEE Health informatics–Personal health device communication – Part 20601: Application profile–Optimized Exchange Protocol* Interoperability IEEE December 2019
IEC 62304:2006: Medical device software — Software life cycle processes* Life Cycle IEC May 2006
IEC 82304-1:2016: Health software — Part 1: General requirements for product safety* Life Cycle IEC October 2016
AAMI TIR45:2012/(R)2018* Life Cycle AAMI April 2018
Policy for Device Software Functions and Mobile Medical Applications Miscellaneous US FDA September 2019
Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices Miscellaneous US FDA September 2019
Off-The-Shelf Software Use in Medical Devices Miscellaneous US FDA September 2019
Software Component Transparency: Healthcare Proof of Concept Report Miscellaneous NTIA October 2019
Software as a Medical Device (SaMD): Application of Quality Management System QMS IMDRF October 2015
IEC 80001-1:2021: Application of risk management for IT-networks incorporating medical devices — Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software* Risk IEC September 2019
IEC/TR 80001-2-3:2012 Application of risk management for IT-networks incorporating medical devices — Part 2-3: Guidance for wireless networks* Risk IEC July 2012
Content of Premarket Submissions for Device Software Functions (draft) Submission Requirements US FDA November 2021
Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices Submission Requirements US FDA May 2005
Deciding When to Submit a 510(k) for a Software Change to an Existing Device Submission Requirements US FDA October 2017
Applying Human Factors and Usability Engineering to Medical Devices Usability US FDA February 2016
MDCG 2018-5: UDI Assignment to Medical Device Software UDI European Commission October 2018
General Principles of Software Validation Validation US FDA January 2002
Radio Frequency Wireless Technology in Medical Devices Wireless US FDA August 2013

Other Resources

The documents in the list above provide niche advice on compliance with broader regulations such as the EU Medical Device Regulation (MDR 2017/745) and FDA Quality System Regulation (QSR 21 CFR Part 820). Be sure to reference appropriate sections within those regulations. If in doubt about which sections apply, simply open the PDF or HTML versions of these documents and do a search for “software.”

Finally, FDA recognizes the huge importance software plays in the safe and reliable operation of medical devices and has been actively trying to ensure that their regulatory model does not impede innovation. They have established the FDA Digital Health Center of Excellence, and we recommend paying a visit to see additional documents and information not listed above. As well, the development of additional FDA guidance related to software has been prioritized by FDA. You may want to refer to this list.

Want to Learn More?

Head still spinning? Oriel STAT A MATRIX offers a variety of training classes focused on medical device software compliance. Our new medical device software regulations and standards training class would be a great place to start. We also offer training on software validation, SDLC, and more.

Please help us keep this list up to date by emailing training@orielstat.com if we have an outdated document, a link is broken, or an essential document is missing. 

Our team is here to help. Call 1.800.472.6477 or contact us online ›