Comparison Table of Revision and Change of Guiding Principles for Medical Device Software Registration Review
Recently, the CMDE of the NMPA has issued the Guidelines for the Examination of Medical Device Software Registration (revised in 2022). The new version has revised its content and requirements regarding the concept, survival cycle, validation, testing, validation and functional use of the medical device software.
| Serial Number & Item | Old Edition | New Edition |
| 1. Status of guidelines | This guideline is a generic guideline for medical device software | This guideline is a foundational guideline for the digital health guideline system and a common guideline for medical device software |
| 2.Scope | This guidance applies to registration declarations for medical device software, including category II and III medical device products, and applicable modes of software development include autonomous development, some using off the shelf software, and all using off the shelf software. | This guidance applies to registration declarations for medical device software, including the class II and III stand-alone software and medical devices containing software components (including in vitro diagnostic medical devices); for registration declarations with self- research software, off the shelf software.
This guidance may also be used as a system verification reference for medical device software, QMS software. |
| 3Key concept | / | Medical middleware is required for proper functioning of medical device software and is therefore considered as an integral part of the medical device software. |
| / | Some support software (such as VTK, ITK) comes with a self-contained algorithm library, and the medical device software development process has integrated the algorithm library related content into its own interior, so the normal operation of medical device software needs the support of these support software. | |
| / | Requisite software: additional medical device software and medical middleware necessary for proper functioning of the medical device software | |
| / | External software environment: system software, general application software, general middleware, supporting software necessary for proper functioning | |
| 4. Survival cycle | Level a provides a summary of the software development survival cycle program, describing the partitioning situations and work tasks at each stage of development.
Level B provides a configuration management plan summary and a maintenance plan summary on a level A basis, describing the tools and processes used. Level C provides a design history document set index form (DHF) on a level B basis. The survival cycle may also submit the manufacturer’s software survival cycle process document or a verification table of the process criteria such as YY / T 0664 Medical Device Software Survival Cycle Process for the replacement of the corresponding description. |
The software survival cycle (also known as the software life cycle) refers to the time cycle during which the software system goes from the concept definition to the end of use and includes stages of software development planning, software requirements analysis, software design, software coding, software testing, software release, software deployment, software maintenance, software shutdown. |
| 5.Survival cycle model | / | The software survival cycle model refers to a set of frameworks containing processes, activities and tasks, spanning the software survival cycle processes from software requirements analysis to software shutdown, each process can be subdivided into several activities, and each activity can be subdivided into several tasks. |
| 6. Software validation | Validation refers to the qualification of the output of a certain stage of development of the software by providing objective evidence that the input requirements are met, including quality assurance activities such as code inspection, design review, testing. | Software validation refers to the qualification of the output meeting the input requirements at a stage of software development, software maintenance by providing objective evidence. Software validation, including source code review, static and dynamic analysis / testing, unit testing, integration testing, system testing, design review, and other series of activities, is the basis for software confirmation. |
| 7. Software test | Level A provides a summary of plans and reports for systematic testing, user testing, describing the conditions, tools, methods, pass guidelines, and results of testing. Level B provides a plan and report of system testing, user testing, outlines the validation activities at each stage of development, and describes the tools, methods, and tasks used. | Software testing is a basic measure of software quality assurance and an important method for software validation, software confirmation, and different classification methods from different angles.
Cell testing is the testing of software units, usually with a white box test. Integration testing is the testing of software items (consisting of several software units, i.e., software modules) and a combination of white box test, black box test, gray box test; Systematic testing is the testing of software systems (consisting of several software items), usually using black box tests, which can be further divided into functional tests, performance tests, concurrent tests, stress tests, interface tests, memory tests, compatibility tests, user interface tests, installation offloading tests, security tests, etc., from a test content perspective. Internal testing refers to tests implemented by the registered applicant and includes a combination of unit testing, integration testing, systems testing, white box testing, black box testing, gray box testing; User testing means that the intended user tests the software system in real or simulated use scenarios, employing black box tests; Third party testing refers to testing of software systems by third party institutions, typically with black box testing. Regression testing refers to software testing used to determine that software updates have not produced undesirable effects and that no new defects are unacceptable with respect to risk have been introduced. |
| 8. Software confirmation | Acknowledgment refers to the qualification of the software as meeting user needs and intended use by providing objective evidence, and generally refers to user testing in a real or simulated use environment. | Software validation is a design validation based on process control, including a series of activities such as user testing, clinical evaluation, and design review. It is necessary to ensure that the software meets user needs and intended use, and that the risks of known remaining defects of the software are acceptable. |
| 9. Software traceable Analysis Report | Level C provides traceability analysis report (relational table of traceability requirements specification, design specification, testing, risk management) on the basis of level B. | The registration applicant shall establish a software traceability analysis process and standardize the requirements for relevant activities of software traceability analysis to ensure the quality of software verification and software validation. Taking into account the actual situation of the industry, the source code traceability analysis activities can be traced back to the software unit (namely listed). |
| 10.Software full version and UDI | / | From the perspective of Unique Device Identification (UDI), the full version of the software is part of the Manufacturing Identification (PI). |
| 11. Test report | The test report provides a photo of the software version interface or lists the software version information. The software with a user interface reflects the software release version and the complete software version, and the software without a user interface reflects the complete software version. The manual indicates the software release version. | |
| 12. Software algorithms | Core algorithms refer to the algorithms necessary to realize the core functions of the software (functions necessary for the software to complete the intended use in the intended use environment), including but not limited to imaging algorithms, post-processing algorithms and artificial intelligence algorithms. The imaging algorithm refers to the algorithm used to obtain medical images or data, the post-processing algorithm refers to the algorithm that changes the original medical image or data to generate new clinical information, and the artificial intelligence algorithm refers to the algorithm that uses artificial intelligence technology for medical image or data analysis.
Algorithm types include well-known mature algorithms and new algorithms. Among them, recognized mature algorithms refer to algorithms derived from public literature, with simple and clear principles, and have been on the market for many years without adverse events, while brand-new algorithms refer to new algorithms derived from clinical research and scientific research. |
Software algorithms can be divided into core algorithms and non-core algorithms from the perspective of importance. The core algorithms are the algorithms necessary to realize the core functions of the software, and vice versa.
From the perspective of complexity, it can be divided into simple algorithms and complex algorithms. The former is simple and clear in principle or based on mature formulas, while the latter is usually based on model research, with many assumptions and many influencing factors. There are also differences in speed and so on. From the perspective of interpretability, it can be divided into white-box algorithms and black-box algorithms. The former can be associated with existing knowledge, while the latter is difficult to establish association with existing knowledge. The former is better than the latter in interpretability. |
| 12. Software function | / | Software functions have different classification methods from different perspectives. From the perspective of importance, it can be divided into core functions and non-core functions. The core functions refer to the functions necessary for the software to complete the intended use in the expected usage scenarios, and vice versa is the non-core functions. .From the perspective of technical characteristics, it can be roughly divided into processing functions, control functions, and safety functions, where processing functions refer to processing medical device data (that is, objective data generated by medical devices for medical purposes) or model-based calculations (such as radiation doses). Model, pharmacokinetic model), control function refers to the function of controlling/driving the hardware operation of medical devices, and safety function refers to the function of ensuring the safety of medical devices. The processing function can be divided into pre-processing function and post-processing function from the perspective of data flow. The former refers to the processing function of collecting human anatomy and physiological information to generate medical device data, and the latter refers to using medical device data to generate diagnosis and treatment information or conduct medical treatment. The processing function of the intervention process; the post-processing function can be divided into simple functions and complex functions from the perspective of complexity. The former refers to the function of operating existing medical information rather than generating new medical information, and the latter refers to generating new medical information function;
From the perspective of the scope of supervision, it can be divided into medical device functions and non-medical device functions. Among them, medical device functions refer to software functions that can be used as the basis for the definition of medical devices, and vice versa, which are non-medical device functions and patient information necessary to achieve medical device functions. The management function belongs to the medical device function. The two should be split as far as possible through modular design. If it is technically impossible to split, the non-medical device functions should be considered as an integral part of the medical device software. |
| 13. Software usage | The use of software can usually be divided into assisted decision-making and non-assisted decision-making, among which assisted decision-making refers to assisting users (such as medical staff, patients) to make medical decisions by providing suggestions for diagnosis and treatment activities; only providing medical reference information without making medical decisions is non-assisted. decision making.
The real-time perspective can be subdivided into real-time and non-real-time, the former risk is usually higher than the latter. Therefore, software functions can be divided into auxiliary decision-making functions and non-aided decision-making functions, real-time functions and non-real-time functions from the perspective of software use. |
|
| 14 Security Level Determination Basis | The software security level should be determined in combination with the software’s intended use, usage environment, and core functions (functions necessary for the software to complete the intended use in the intended usage environment).。
Among them, the intended use mainly considers the clinical use of the software (such as diagnosis, treatment, monitoring, screening, etc.) and the degree of importance (such as important role, auxiliary role, supplementary role, etc.), and the use environment mainly considers the place where the software is used (such as hospitals, families, etc.), disease type (such as severity, urgency, infectiousness, etc.), patient population (such as adults, children, elderly, women, etc.) and user types (such as professional users, ordinary users, patients, etc.), the core functions are mainly considered software function type (such as control drive, processing analysis, etc.), implementation method (such as CT image reconstruction using filtered back-projection algorithm or iterative algorithm, abnormal identification using conventional image processing algorithm or artificial intelligence algorithm, etc.) and complexity (such as algorithm scale) , number of parameters, operation speed, etc.). |
The software security level can be comprehensively determined in combination with the intended use, usage scenarios, and core functions of the software.Among them, theintended use mainly considers the type of use of the software (such as treatment, diagnosis, monitoring, screening), the degree of importance (such as important role, reference role, supplementary role), the degree of urgency (such as critical situation, serious situation, ordinary situation), Maturity (mature, brand-new) and other factors, the usage scenarios mainly consider the use places of the software (such as outpatient, surgery, hospitalization, emergency, family, transfer, public places), disease characteristics (such as severity, urgency, contagiousness), Applicable people (such as adults, children, the elderly, pregnant women), target users (such as medical staff, patients) and other factors, the core functions mainly consider the functional types of the software (such as importance, technical characteristics, complexity, maturity), core algorithms (such as importance, complexity, interpretability, maturity), input and output (input data such as medical images, physiological parameters, in vitro diagnostic data, etc., output results such as processing, measurement, analysis, etc.), interface (such as application programs) interface (API), data interface, product interface) and other factors. |
| 15.Whole life cycle quality control | / | Conduct adequate and effective software verification and validation activities prior to market launch to identify software foreseeable risks and reduce them to acceptable levels. Continue to carry out software quality assurance work after listing, identify unforeseen risks in the early stage in combination with user complaints, adverse events and recalls, and take necessary measures to ensure software quality; at the same time, based on the evaluation of software update requirements, implement software update activities to meet the needs of users new requirements, and carry out appropriate software verification and validation activities to ensure the quality of software updates; in addition, software outages consider user notification and follow-up services, data migration, patient data and privacy protection requirements. |
| 16.Software update | Various updates in software version control. | Updates to off-the-shelf software components and external software environments need to be considered, and an impact assessment of the updates to the external software environment is carried out. |
| 17. Quality Management Software | / | Quality management software refers to the application software used for the quality management of medical devices, non-medical device software, and does not need to be registered. Quality management software and medical device software have similarities at the technical level, so the confirmation requirements of quality management software can be considered with reference to the relevant requirements of medical device software. Quality management software can be divided into quasi-independent software and quasi-software components with reference to medical device software. The former includes software used for design and development, software used for process management, etc., and the latter includes software included in production equipment and software included in inspection equipment. |
| 18. Standalone software registry cell division | Independent software with different intended uses should be used as different registration units, which can be roughly divided into treatment planning, diagnosis, monitoring and information management according to intended use. | Independent software with different intended uses, as different registration units, can be divided into assisted decision-making and non-assisted decision-making according to the intended use, and each category can be subdivided into treatment, diagnosis, monitoring, screening and other situations. |
| 19. Principle of cell division for detection | The independent software detection unit is in principle the same as the registration unit
If there are multiple operating environments or multiple release versions, each incompatible operating environment (including cloud computing) or each release version that does not cover each other needs to be used as a detection unit. |
The independent software detection unit is in principle the same as the registration unit
If there are multiple operating environments or multiple release versions, each incompatible operating environment (including cloud computing) or each release version that does not cover each other needs to be used as a detection unit. If the core functions of the software are the same but the types of core algorithms are different, the core functions corresponding to each type of core algorithm need to be detected (the detection object is the core function rather than the core algorithm). Similarly, if the core functions of the software are the same but the core algorithm types are different, the core functions corresponding to each type of core algorithm need to be tested. |
| 20. Clinical evaluation | The stand-alone software should submit data for clinical evaluation in accordance with the technical guidelines for the clinical evaluation of medical devices, without justification of applicable terms. For features implemented using AI algorithms (e.g., CAD like features for computer-aided detection, classification, and diagnosis), clinical trial based clinical evaluation should be submitted.
Manufacturers can pick up substantial equivalent contrasts for the same class of software features included on an already marketed medical device product. |
Independent software usually conducts clinical evaluation based on software function, and can conduct clinical evaluation based on software algorithm if necessary.
Non-assisted decision-making software functions are based on core functions to compare medical devices of the same type. New core algorithms, core functions, and intended uses all require clinical evaluation in principle. Simple operation and simple process optimization software functions can be evaluated by non-clinical evidence. The auxiliary decision-making software function is based on the core algorithm to compare the medical devices of the same variety, and the clinical evidence of the selected medical devices of the same variety must be based on clinical trials (including retrospective studies, the same below) in principle. In principle, all new core algorithms, core functions, and intended uses require clinical trials. If a clinical trial adopts an active control design, independent software with the same intended use and equivalent core algorithms or core functions can be selected for comparison. |
| 21. Cyber security | / | Medical device cyber security requires comprehensive consideration of information security and data security from the perspective of cyber security. If medical device software has one or more of the three functions of electronic data exchange, remote access and control, and user access, network security issues must be considered. For specific requirements, please refer to the relevant guidelines for medical device network security. |
| 22. Human Factors and Usability | / | It is recommended to strengthen the human factors design of the user interface of medical device software to improve usability and reduce the risk of misuse by users to an acceptable level. For specific requirements, please refer to the relevant guidelines for human factors design of medical devices. |
| 23. Interoperability | / | Interoperability (aka interoperability) refers to the ability of a medical device to exchange and use information with other medical devices or general purpose equipment through electronic interfaces. The electronic interface includes a hardware interface and a software interface, and the information includes but is not limited to medical images, physiological parameters, in vitro diagnosis and other data and control instructions. Interoperability focuses on the interface design and risks of medical device software. The interface includes internal interface and external interface. The former refers to the interface between software modules, and the latter refers to the interface for users to call. The independent parts of the split medical device The internal interface of the server is regarded as the external interface, such as the internal interface of the server and the client, the master and the slave. From the user’s point of view, the software interface refers to the external interface unless otherwise specified.
The registration applicant needs to consider the requirements for software interface requirements analysis, risk management, verification and validation, maintenance plan and other activities, as well as the design requirements for instructions and labels. The registration applicant can submit a separate interoperability research material, including basic information, requirements specification, risk management, verification and confirmation, and maintenance plan; the software interface requirements can also be reflected in the relevant clauses of the self-developed software research report. |
| 24. Measurement function | / | Measurement functions (also known as quantitative and quantitative functions) can be divided into graphic measurement functions and objective physical measurement functions. The former indirectly reflects the measurement results of objective things based on graphics, and the latter directly reflects the measurement results of objective things. Regardless of the measurement function, it is necessary to combine the measurement error, uncertainty and other factors to clarify the measurement accuracy indicators, such as linearity, precision, repeatability, reproducibility, range limit, display error, etc.
Registration applicants are required to provide research data on the measurement accuracy and inform users in the instructions. In addition, the objective physical measurement needs to specify the accuracy index in the product technical requirements, and the graphic measurement needs to provide warning information about the measurement accuracy in the manual. |
| 25.Remote access and control | / | For remote access versus control (with remote maintenance versus upgrade) functions, performance indicator requirements and network security requirements for the relevant functions need to be clarified, and the specific requirements are detailed in the medical device network security related guidelines.
The registered applicant is required to provide the corresponding research data in software research data, network safety research data, specify the requirements of performance indicators in the technical requirements of the product, and inform the users in the instructions about the use requirements of the corresponding functions (including network safety). |
| 26. Non-medical device function | / | If the medical device software can technically split non-medical device functions, that is, use modular design to distinguish medical device functions and non-medical device functions, the product structure composition should not include non-medical device function modules, and if the instructions contain non-medical device functions. It should be deleted or marked as non-medical device functions, and product technical requirements should not contain non-medical device functions.
If the medical device software cannot technically separate the non-medical device functions, the non-medical device functions need to be considered as a part of its own as a whole, focusing on the impact and risks of the non-medical device functions on the medical device software. |
| 27. Implant product design software | / | Due to the high risk of implantable medical devices, the implant product design software belongs to the quality management software, so the software research materials can be submitted with reference to the requirements of the finished software and self-developed software of the serious level. |
| 28. Exception handling | / | Exception handling is used to deal with abnormal conditions of software, and inform users of software abnormal information in time, so as to take risk control measures to ensure safety and effectiveness. |
| 29. Functional Safety and Software Reliability | / | Taking into account the actual situation of the industry, functional safety and software reliability are not required for the time being, and will be taken into consideration when the time is ripe. It is recommended that the registration applicant refer to the relevant standards to strengthen the design work of functional safety and software reliability. If the corresponding work has been carried out, it can be provided in the software research materials. |
| 30. GB/T 25000.51 Implementation requirements | Independent software is written into product technical requirements, “quality in use” does not apply. Software components are not required. | GB/T 25000.51 applies to medical device software, of which “requirements for product description” and “requirements for user documentation” apply to manuals, “software quality requirements” apply to the software itself, and “use quality” does not apply.
Delete GB/T 25000.51 in the technical requirements, and the registration applicant shall submit the GB/T 25000.51 self-test report in the software research materials, or submit the self-test report or inspection report instead of the self-test report. Software components should also be tested according to GB/T 25000.51. |
| 31. Imported medical device software | / | If there are differences between China and foreign countries in the imported medical device software, such as language differences, deletion of software functions, reduction of application scope, etc., it is necessary to submit the Chinese and foreign differences between the application software and the software approved for marketing in the country of origin in the software research materials. |
| 32 Software Research Report | software description document
software identification physical topology Requirements specification: A level provides requirements specification summary, B, C level requires software requirements specification document verification and validation: A level provides test plan and report summary, B, C level requires test plan and report document Traceability Analysis: Grade C provides traceability analysis report Clinical evaluation |
Self-developed software research report
Add: HASH value, delete: scope of application, contraindications Added: Physical connection relationship of prerequisite software Software requirements specification documents are required at level C of A & B and C level. The full text of the test plan and report should be provided at the level C of A & B and C. Both An and B & C are required to submit traceability analysis reports. Delete clinical evaluation. Added: conclusion description |
| 33. External software environment assessment report | The external software environment assessment report is used for the assessment of the external software environment of medical device software (including cloud computing), and is suitable for the initial release and rerelease of medical device software. The content framework is detailed in Table 3, including security level, software identification, functional use, operating environment, risk management, acceptance management, maintenance plan, conclusion, and the level of detail depends on the level of software security. | |
| 34. Technical requirements for independent software products | 2.1.1 Working with object.
Identify the types of objects processed by the software, such as images (such as CT, MRI, X-ray, PET, US, etc.), data (such as ECG, blood pressure, blood oxygen, blood sugar, etc.) |
2.1.3 Input Output
Clarify the input data type of the software (such as medical images, physiological parameters, in vitro diagnostic data, etc.) and the output result type (such as processing, measurement, analysis, etc.). |
| 2.1.3 Data interface
Identify common data interfaces for software (such as Dicom, HL7), product interfaces (standalone software that can be used in conjunction, medical device hardware) |
2.1.4 interface
Define the application program interface (API), data interface (including transmission protocol, storage format, such as DICOM, HL7, JPG, PNG, private protocol and format) and product interface (other independent medical device software and medical device hardware products that can be used jointly) for software to be invoked by users. |
|
| 2.1.4 Specific hardware and software
Identify the independent software and medical device hardware necessary for the software to complete the intended use |
2.1.5 Necessary software and hardware
Specify other independent medical device software (name, model and specification, release version) and medical middleware (name, model and specification, release version) and medical device hardware products (name, model and specification) necessary for the normal operation of the software. |
|
| / | 2.1.11 User error defense
Clarify the software’s defense ability against user operation errors that lead to serious consequences. |
|
| 2.2Quality requirement
Meet the requirements of Chapter 5 of GB / T 25000.51 |
/ | |
| 35 Instructions | The instructions shall comply with the requirements of relevant regulations, normative documents, national standards and industrial standards, reflect all functions of the software (including safety functions), and clarify the release version of the software. | The instructions describe the expected users, use scenarios, intended uses, technical features, use restrictions and fault Countermeasures of each software interface item by item. According to the risk control requirements, the label shall specify the technical characteristics and use restrictions of key software interfaces.
Specify the software release version. If necessary, the instructions shall specify the delivery, installation, setting, configuration, update, use restrictions, warnings and other contents of all ready-made software contained in the external software environment. |
We have given a workshop on digital health several months ago, and will hold another webinar for software, cybersecurity and AI medical devices next month. Please feel free to let us know any questions about digital health via info@bradyknowsmedical.com
