CyberMed
ServicesCyberSprintEventsResourcesAboutContactGet The Guide
← Back to resources

Software Design Specification for IEC 62304 and FDA Compliance

2025-11-24Jose Bohorquez

Complete guide to creating Software Design Specifications that meet IEC 62304 clause 5.4 and FDA documentation requirements. Includes checklists, examples, and common pitfalls.

Creating Software Design Specifications that satisfy both IEC 62304 technical requirements and FDA documentation expectations requires understanding the distinct role of detailed design documentation. This guide clarifies terminology, explains how the SDS relates to other IEC 62304 documents, and specifies what belongs in each section to meet IEC 62304 clause 5.4 requirements.

FDA guidance emphasizes that "SDS should be sufficient to ensure that the work performed by the software engineers who created the device software function was clear and unambiguous, with minimal ad hoc design decisions." This underscores a critical principle: the SDS should be created as a prospective activity to guide design and development, not documented retrospectively after implementation.

IEC 62304 Software Decomposition Terminology

IEC 62304 (section 3) defines three specific terms to identify software decomposition levels. Understanding these definitions clarifies what the SDS must document:

Software System (IEC 62304 3.27): An integrated collection of Software Items organized to accomplish a specific function or set of functions. This is the highest level of software organization.

Software Item (IEC 62304 3.25): Any identifiable part of a computer program, including source code, object code, control code, control data, or a collection of these items. Software Items can be subdivided into smaller Software Items or Software Units.

Software Unit (IEC 62304 3.28): A Software Item that is not subdivided into other items. This is the lowest level of decomposition and the primary focus of the SDS. Units should be implementable and verifiable independently.

Software Detailed Design Process and the Software Design Specification Document

IEC 62304 clause 5.4 defines the Software Detailed Design process. The primary output of this process is the Software Design Specification document.

Software Detailed Design (IEC 62304 clause 5.4): The development activity/process where software items and units are decomposed and their detailed implementation is specified. This process includes subdividing software into units, developing detailed interface specifications, and documenting how requirements are implemented.

Software Design Specification (SDS): The document that results from the Software Detailed Design process. This document contains the technical design details showing how software functions.

While IEC 62304 refers to the "Software Detailed Design process," companies typically call the resulting document a "Software Design Specification" or "Detailed Design Document." The document name varies, but the process is always "Software Detailed Design" per IEC 62304 clause 5.4.

The SDS describes how the requirements in the Software Requirements Specification are implemented. These details must be sufficient for unambiguous implementation with minimal ad hoc design decisions.

Key principle: Create the SDS prospectively to guide design and development, not retrospectively after implementation. Creating the SDS before or during development ensures that design decisions are intentional, documented, and traceable.

How the SDS Relates to Other IEC 62304 Documents

IEC 62304 requires numerous documents throughout the software development lifecycle. Three documents are particularly relevant for understanding what belongs in the Software Design Specification:

Software Requirements Specification (SRS) - IEC 62304 clause 5.2
The SRS defines WHAT the software must do: functional requirements, performance requirements, and safety requirements. This document establishes the baseline needs that all design must satisfy.

Software Architecture Document (SAD) - IEC 62304 clause 5.3
The architecture document defines system structure: major software items, subsystems, relationships between components, and high-level interfaces. The SAD documents architectural patterns and major design decisions that shape the overall system.

Software Design Specification (SDS) - IEC 62304 clause 5.4
The SDS provides detailed design: The SDS fleshes out and gives design details to the software items and units defined in the architecture. For each unit, the SDS specifies internal workings, detailed interfaces, algorithms, data structures, and implementation-level details needed for development.

Relationship: The architecture defines the major software items and units. The SDS provides the detailed design for those items and units. The SDS references architectural decisions rather than duplicating them, then adds implementation-level detail that the architecture does not provide.

What Belongs in Architecture vs. SDS

The boundary between architecture and detailed design determines what goes in each document:

Content Type Architecture (5.3) Detailed Design/SDS (5.4)
Scope System/subsystem level, defines software items Module/unit level, details the items defined in architecture
Components Major software items and subsystems, their responsibilities Detailed design of individual units within the items
Interfaces Between major software items Function/method signatures, parameters, return values for units
Data Flow Between major components Within components, implementation-level algorithms
Design Rationale Why this architecture pattern How to implement within that pattern
Detail Level High-level structure and organization Implementation-ready specifications

The architecture answers "what are the major software items and how do they relate?" The SDS answers "how is each unit within those items designed and implemented?"

Both documents satisfy distinct IEC 62304 requirements. The architecture provides the system organization. The SDS provides detailed specifications for the software items and units that the architecture defines.

When is an SDS Required?

FDA Documentation Expectations

FDA guidance on software documentation (Section V) describes two documentation levels based on device risk. The Documentation Level determines the minimum amount of information that would support a premarket submission. For a complete understanding of all FDA software documentation requirements, see our guide on IEC 62304 to FDA eSTAR mapping.

Enhanced Documentation Level:

Enhanced Documentation should be provided for any premarket submission that includes device software function(s) where a failure or flaw of any device software function(s) could present a hazardous situation with a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use.

These risks should be assessed prior to implementation of risk control measures. Sponsors should consider the risks in the context of the device's intended use (e.g., impacts to safety, treatment, and/or diagnosis), and other relevant considerations.

When determining the Documentation Level, sponsors should consider all known or foreseeable software hazards and hazardous situations associated with the device, including those resulting from reasonably foreseeable misuse, whether intentional or unintentional, prior to the implementation of risk control measures.

For Enhanced level devices, the SDS must be included in the premarket submission package.

Note: FDA recommends Enhanced Documentation for certain categories including devices intended to test blood donations for transfusion-transmitted infections, devices used to determine blood donor and recipient compatibility, automated blood cell separator devices, blood establishment computer software (BECS), Class III devices, and devices that are constituent parts of combination products. (See FDA guidance Section V for complete criteria.)

Basic Documentation Level:

Basic Documentation should be provided for any premarket submission that includes device software function(s) where Enhanced Documentation does not apply.

For Basic level:

  • The SDS does not need to be submitted to FDA with the premarket application
  • The SDS must still be created and maintained in the Device History File (DHF) for Class B and C software to comply with IEC 62304
  • FDA reserves the right to request the SDS during premarket review or post-market surveillance
  • As FDA states: "Sponsors should document this information on the design internally via the DHF for the device. During premarket review, FDA may request additional information on the design, if needed, to evaluate the safety and effectiveness of the device."

Important distinction: "Basic" does not mean "no SDS required." All medical device software for which a failure could cause harm should have an SDS regardless of documentation level. The difference is whether you submit it with your premarket application (Enhanced) or maintain it in the DHF for potential FDA review (Basic).

For example, you might have Class B software per IEC 62304 that qualifies for FDA's Basic documentation level. You still need an SDS documenting your detailed design - you just don't submit it upfront. FDA may request it during review.

FDA Documentation Table: FDA guidance Table 1 provides a comprehensive outline of recommended documentation for Basic and Enhanced levels. For the SDS specifically:

  • Basic Level: "FDA is not recommending SDS as part of the submission. Sponsor should document via DHF if Class B or C. FDA may request more during review."
  • Enhanced Level: "SDS that allows FDA to understand the technical design details; how design implements SRS, and traceability to SRS for intended use, functionality, safety, effectiveness."

IEC 62304 Requirements by Safety Class

IEC 62304 clause 5.4 requirements vary by software safety classification:

Clause 5.4.1 - Refine software architecture into Software Units: Required for Class B and C devices. The manufacturer shall refine the software architecture until it is represented by software units.

Clause 5.4.2 - Develop detailed design for each software unit: Required for Class C only. The manufacturer shall develop and document a detailed design for each software unit.

Clause 5.4.3 - Develop detailed design for interfaces: Required for Class C only. The manufacturer shall develop and document a detailed design for interfaces between software units and external components, as well as interfaces between software units.

Clause 5.4.4 - Verify detailed design: Required for Class C only. The manufacturer shall verify and document that the software detailed design implements the software architecture and is free from contradiction with it.

Important: FDA reviewers often expect Class B or C level documentation regardless of classification, especially for software in newer device categories or devices with novel functionality. Plan for comprehensive SDS documentation unless there is no way in which a software failure could cause harm.

IEC 62304 Requirements for the Software Detailed Design Process (Clause 5.4)

5.4.1: Refine Software Architecture into Software Units

This requirement mandates subdividing the software architecture into units (modules, classes, or functions) and specifying each unit's functional behavior, algorithms, data structures, and design rationale for non-obvious implementation choices.

The standard does not dictate unit size. IEC 62304 states: "The granularity of software units is defined by the manufacturer." Each unit should be implementable and verifiable independently. In object-oriented systems, a unit might be a class and its methods. In procedural code, a module and its functions. In embedded systems, a task, driver, or handler.

Applies to: Class B and C devices

5.4.2: Develop Detailed Design for Each Software Unit

Required documentation includes the detailed design for each software unit of the software item. This encompasses the unit's functional behavior, algorithms, data structures, and design rationale for non-obvious implementation choices.

The design specifications should be detailed enough that "the work performed by the software engineers who created the device software function was clear and unambiguous, with minimal ad hoc design decisions" (FDA guidance).

Applies to: Class C devices only

5.4.3: Develop Detailed Design for Interfaces

Required documentation includes detailed design for interfaces between software units and external components (hardware or software), as well as interfaces between software units. This encompasses function signatures, parameters and types, return values, data exchange protocols, and error handling approaches.

The standard requires this detail level because interfaces are where integration issues arise. Clear specifications prevent misunderstandings during development and integration testing.

Applies to: Class C devices only

5.4.4: Verify Detailed Design

The manufacturer shall verify and document that the software detailed design:

  • Implements the software architecture
  • Is free from contradiction with the software architecture

Applies to: Class C devices only

Reference Architecture, Don't Duplicate It

Critical principle: The SDS should reference architectural decisions, not duplicate them.

The architecture document defines the software items and units. The SDS provides detailed design for those items and units. When documenting a unit in the SDS, reference the architectural component it belongs to, then provide the implementation-level detail.

In practice: If the architecture document defines "Module X interfaces with Module Y via API," the SDS specifies exact function calls, parameter structures, and data formats for that API. Reference the architecture's definition and interface decision, then provide detailed specification needed to implement it.

Software Units and Modules: Requirements Checklist

For each software unit in the SDS, document the following:

  • The purpose and responsibility of each unit
  • Technical design details showing how the software functions
  • Provide sufficient detail for unambiguous implementation
  • Data structures used by the unit
  • Algorithms and processing logic
  • State behavior where applicable (state machines, operational modes)
  • Error handling approach (detection, handling, reporting)
  • Critical design decisions and rationale for non-obvious choices

Appropriate Level of Detail

Too high-level (architecture, not detailed design):

  • "The alarm handler processes alarms"
  • Generic descriptions without implementation specifics
  • Missing algorithms, data structures, or specific behaviors

Appropriate detail for SDS:

  • "The alarm handler maintains a priority queue of active alarms, processing them using a heap-based algorithm. When a new alarm arrives, the handler validates the alarm code against the valid alarm table, determines priority based on alarm code lookup, and inserts the alarm into the priority queue. Priority is determined by severity level (Critical > High > Medium > Low) with timestamp as the secondary sort key."

This detail level allows a competent developer to implement the design correctly, including design decisions and their rationale.

Too low-level (essentially code):

  • Pseudocode for every function
  • Line-by-line implementation details
  • Variable naming and code structure

The SDS should not read like commented code. Focus on design decisions and algorithms, not implementation minutiae.

Practical Examples

Alarm Handler Module (SDS-001)
Purpose: Manages device alarm states and priorities
Algorithm: Priority heap for active alarms with O(log n) insertion
Data structures: Alarm priority queue (max heap), alarm history buffer (circular), active alarm map (hash table)
State machine: NORMAL → ALARM_ACTIVE → ACKNOWLEDGED → CLEARED
Error handling: Invalid alarm codes logged and ignored, queue overflow triggers system alert

Data Acquisition Unit (SDS-002)
Purpose: Samples sensor data at 100Hz with synchronized multi-channel acquisition
Behavior: Interrupt-driven sampling triggered by hardware timer, double-buffering for continuous acquisition
Data handling: Ring buffer implementation with 1000-sample capacity per channel
Error handling: Sensor disconnection detected via out-of-range values, missing samples flagged with error marker

Communication Protocol Handler (SDS-003)
Purpose: Implements UART-based device communication protocol per protocol specification v2.1
State machine: IDLE → SYNC → RECEIVE_HEADER → RECEIVE_PAYLOAD → VERIFY_CRC → PROCESS
Message structure: Fixed header (4 bytes), variable payload (up to 256 bytes), CRC-16 checksum
Error recovery: Three retransmission attempts with exponential backoff (100ms, 200ms, 400ms)

Interface Design: Requirements Checklist

  • Document design for interfaces between software units (internal interfaces)
  • Document interfaces between software units and external hardware
  • Document interfaces between software units and external software
  • Specify interface protocols and data formats
  • Specify interface timing and sequencing requirements
  • Provide sufficient detail for correct implementation of interfaces

Why Interfaces Matter

Clear interface specifications prevent integration issues during development. They enable unit and integration testing (testing module integration requires knowing exactly how modules should interact). FDA reviewers specifically check interface completeness because interface failures commonly cause software defects.

Types of Interfaces to Document

Internal Interfaces connect software units within the system. Document function and method signatures with complete parameter specifications: types, valid ranges, and validation requirements. Specify return values and error codes. Define preconditions (what must be true before calling) and postconditions (what will be true after calling). Note side effects or state changes the function causes.

External Interfaces connect software to other systems: hardware interfaces to sensors, actuators, and displays; network and communication interfaces; file system interfaces; operating system interfaces; third-party library interfaces.

Interface Documentation Template

For each significant interface:

Function: processAlarm(alarmId, priority, timestamp)

Purpose: Add alarm to processing queue with specified priority

Parameters:
  - alarmId: Unique alarm identifier (uint16, range 1-65535)
  - priority: Alarm priority (enum: LOW=0, MEDIUM=1, HIGH=2, CRITICAL=3)
  - timestamp: When alarm occurred (Unix timestamp, uint32)

Returns:
  - SUCCESS (0) if alarm queued successfully
  - ERROR_QUEUE_FULL (-1) if queue at maximum capacity
  - ERROR_INVALID_ID (-2) if alarmId is 0 or out of range
  - ERROR_INVALID_PRIORITY (-3) if priority outside enum range

Preconditions:
  - System initialization complete
  - Alarm queue created and initialized
  - alarmId corresponds to valid alarm in alarm definition table

Postconditions:
  - Alarm added to priority queue in correct priority order
  - Alarm count incremented
  - If alarm is CRITICAL priority, notification callback invoked

Side Effects:
  - May trigger queue-full warning if queue utilization exceeds 90%
  - May cause alarm event log entry

Protocol and Data Exchange Specifications

For communication protocols, specify message formats and encoding (binary vs. text, byte ordering), timing requirements and timeout values, error detection mechanisms (checksums, CRCs) and correction approaches, and state management for connection-oriented protocols.

For data exchange, provide complete data structure definitions, byte ordering (big-endian vs. little-endian), field sizes and data types, and validation rules for each field.

Safety and Risk Controls: Requirements Checklist

  • Identify design elements implementing risk control measures
  • Document safety-critical design features
  • Document segregation between software units (if used for risk control)
  • Document effectiveness of segregation (if applicable)
  • Establish link between hazards and design elements

Implementing Risk Controls in Design

Document how units implement specific risk controls. Link design decisions to risk mitigations explicitly. Example: "Input validation in the processAlarm function implements risk control RC-045 (mitigation for alarm code corruption)."

Safety-critical units require clear, explicit links to risk management. For units implementing risk controls, document:

  • Which specific risk(s) the design element mitigates
  • How the design element provides the mitigation
  • Any limitations or assumptions in the mitigation approach

If segregation between units is used as a risk control measure (e.g., isolating safety-critical functions from non-critical functions), document:

  • Which units are segregated and why
  • The mechanism of segregation (separate processes, memory protection, etc.)
  • How the effectiveness of segregation is verified

Traceability and Design Verification: Requirements Checklist

  • Document traceability from SRS requirements to design elements
  • Demonstrate complete implementation of all SRS requirements
  • Demonstrate correct implementation of all SRS requirements
  • Verify that the detailed design implements (and does not contradict) the software architecture

FDA's example in guidance documents lists System Requirements (SysReq X.Y) and Software Requirements (SWReq X.Y) within each software unit description. This approach can become unwieldy and difficult to maintain.

Recommended alternative approach:

  1. Assign a unique identifier to each software unit (e.g., SDS-001, SDS-002, SDS-003)
  2. Maintain traceability through a separate traceability matrix

Example traceability table:

Software Unit Implements SRS Requirements
SDS-001 (Alarm Handler) SRS-001, SRS-002, SRS-015
SDS-002 (Data Acquisition) SRS-001, SRS-003, SRS-004
SDS-003 (Protocol Handler) SRS-005, SRS-006

This approach:

  • Keeps the SDS focused on design details
  • Makes traceability easier to audit and update
  • Clearly shows which requirements each unit implements
  • Facilitates impact analysis when requirements change

Traceability to Architecture

The SDS provides detailed design for the software items and units defined in the architecture. Reference the architectural component each unit belongs to. Document how the detailed design fulfills the architectural definition.

Example: "This module provides detailed design for the Data Processing component defined in SAD Section 4.2, implementing the message queue interface specified in SAD Section 5.1."

Traceability to Risk Management

Link each software unit to applicable risk controls. For safety-critical units, document:

  • Which hazards the unit's design addresses
  • Which risk control measures are implemented
  • How the design achieves the risk control

Traceability to Verification

Each unit needs a verification approach. The SDS specifies what to verify (unit behavior and interfaces). The Verification Plan specifies how to verify (test methods, acceptance criteria). Unit test strategy should align with SDS structure.

1. Introduction

Purpose: Orient readers and establish document scope

Content to include:

  • Document purpose and scope
  • Intended audience
  • Related documents (SRS, Architecture, Risk Management File, Verification Plan)
  • Document conventions and notation
  • Revision history

2. Design Overview

Purpose: Provide context before diving into details

Content to include:

  • System context (how this software fits in the overall device)
  • Reference to architecture document and major software items defined there
  • Key design principles and patterns
  • Technology stack and development environment
  • Major design constraints
  • Overview of software unit organization

3. Detailed Design by Software Unit

Purpose: Provide implementation-ready specifications

For each software unit, document:

  • Unit identifier and name
  • Reference to architectural component this unit belongs to
  • Purpose and responsibilities
  • Design details (algorithms, data structures, state behavior)
  • Interfaces (public and internal)
  • Error handling approach
  • Design rationale for non-obvious choices

4. Cross-Cutting Concerns

Purpose: Document design elements that span multiple units

Content to include:

  • Data management: How data is stored, accessed, and protected across units
  • Security: Authentication, authorization, encryption approaches used across the system
  • Logging and diagnostics: System-wide logging strategy, diagnostic capabilities
  • Error handling patterns: Common error handling approaches used across units
  • Performance optimization: System-wide performance considerations
  • Resource management: Memory management, thread management strategies

This section addresses design aspects that don't belong to a single unit but affect multiple units or the entire system.

5. Traceability and Verification

Purpose: Demonstrate complete and correct implementation

Content to include:

  • Traceability matrix: SRS requirements to software units
  • Traceability to architecture: Which units provide detailed design for which architectural components
  • Traceability to risk controls: Which units implement which risk mitigations

Common Pitfalls and How to Avoid Them

Mistake #1: Confusing SDS and SRS

Problem: Treating the SDS like a requirements document rather than a design specification. The document lists requirements using "shall" language without providing technical design details on how those requirements are implemented.

Recognition:

  • Document reads like an SRS with "shall" statements
  • Focus on WHAT the software must do rather than HOW it does it
  • Missing algorithms, data structures, and implementation guidance
  • Lacks design decisions and technical specifications

Solution: Remember the fundamental distinction: SRS describes WHAT; SDS describes HOW. The SDS must provide technical design details showing how software units implement the requirements. Include:

  • Specific algorithms and processing logic
  • Data structures and their organization
  • Design patterns and implementation approaches
  • Technical decisions and their rationale

If your document lists requirements without explaining how software units achieve them, you have an SRS, not an SDS.

Mistake #2: Keeping the SDS Too High Level

Problem: Insufficient detail forces engineers to make important ad hoc decisions during coding. Vague descriptions like "process the data" or "handle errors" leave critical implementation choices undocumented and up to individual developer interpretation.

Recognition:

  • Generic descriptions without implementation specifics
  • Missing details about algorithms, data structures, or control flow
  • No design rationale for technical choices
  • Developers reading the SDS still have major questions about how to implement

Solution: Provide enough detail that competent engineers can implement correctly with minimal ad hoc decisions. This aligns with FDA's requirement that the SDS be "sufficient to ensure that the work performed by the software engineers who created the device software function was clear and unambiguous, with minimal ad hoc design decisions."

Ask yourself: If a skilled developer read this specification, could they implement the unit correctly without making important design decisions on their own? If not, add more detail about:

  • Specific algorithms and why they were chosen
  • Data structure organization and access patterns
  • Control flow and state management
  • Error handling strategies
  • Performance considerations and trade-offs

The goal is "clear and unambiguous" specifications that guide implementation, not vague descriptions that force engineers to guess.

Mistake #3: Duplicating Architecture Content

Problem: Copy-pasting architecture content into the SDS creates a maintenance nightmare. When architecture changes, multiple documents require updates, and they can easily get out of sync.

Recognition: Long verbatim sections from architecture document, repeated descriptions, same diagrams in both documents.

Solution: Reference the architecture document: "This unit provides detailed design for the component defined in SAD section 3.2." Then add implementation details that the architecture does not provide.

Mistake #4: Treating SDS as After-the-Fact Documentation

Problem: Writing the SDS after implementation completion results in describing what exists rather than specifying what should be built. When code changes during development, the SDS becomes outdated before review.

Recognition: SDS written at end of development, reads like code comments, includes implementation details without design rationale.

Solution: Write the SDS before or during implementation as actual design specifications. Focus on prescribing "what should be built," not documenting "what was built." Include design decisions and alternatives considered. Update the SDS when significant design changes occur during development.

Mistake #5: Inconsistent Detail Across Units

Problem: Some units receive thorough specifications with algorithms and data structures while others receive barely a sentence. Safety-critical units might lack adequate detail while utility functions get excessive documentation.

Recognition: Wide variation in section lengths, some units have algorithms while others just have purpose statements, no clear criteria for level of detail.

Solution: Create a documentation template for software units. Apply that template consistently to all units. Provide more detail for safety-critical and algorithmically complex units while maintaining a baseline detail level for all units. Review the complete SDS for consistency.

FDA Deficiency Patterns

Common FDA questions about SDS:

  • "Insufficient detailed design documentation for Class C software"
  • "Traceability gaps between software requirements and detailed design"
  • "Missing design rationale for safety-critical algorithms"
  • "Interface specifications incomplete: missing error handling"
  • "Inconsistency between architectural and detailed design documents"
  • "Design specifications too high level - forces ad hoc decisions during implementation"

Practical Next Steps

Self-Assessment Checklist

Completeness:

  • All software units from architecture have detailed design in SDS
  • Every unit has purpose, interfaces, behavior, and data design documented
  • Internal and external interfaces fully specified
  • Design rationale provided for non-obvious choices
  • Cross-cutting concerns documented

Traceability:

  • All SRS requirements traced to implementing units
  • Clear references showing which units provide detailed design for which architectural components
  • Risk controls implemented in design are documented with explicit links

Compliance:

  • IEC 62304 requirements 5.4.1, 5.4.2, 5.4.3, and 5.4.4 are fully met (as applicable to safety class)
  • Detail level appropriate for software safety classification
  • FDA guidance expectations addressed (Basic or Enhanced documentation level)
  • Consistency maintained with architecture documentation

Quality:

  • Consistent level of detail across all units
  • References used appropriately without duplicating architecture
  • Clear distinction from SRS and architecture maintained
  • Specifications detailed enough that competent developer can implement with minimal ad hoc decisions
  • Evidence that SDS was created prospectively

Moving Forward

Review existing SDS against this framework. Identify gaps in current documentation. Update SDS to meet IEC 62304 section 5.4 requirements fully. Ensure consistency with architecture document.

Key principles: The Software Detailed Design process (IEC 62304 5.4) produces the Software Design Specification document. The architecture defines software items and units; the SDS provides detailed design for those items and units. Reference architecture rather than duplicating it. Focus on implementable specifics with proper traceability to requirements and architecture. Create the SDS prospectively to guide development, not retrospectively to document what was built. Provide sufficient detail for clear and unambiguous implementation with minimal ad hoc design decisions.

The Software Design Specification bridges architecture and implementation. Complete, accurate SDS documentation reduces development issues, facilitates FDA review, and creates a solid foundation for verification and maintenance.

References

  1. FDA, "Content of Premarket Submissions for Device Software Functions," FDA Guidance, June 2023. [Online]. Available: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/content-premarket-submissions-device-software-functions

  2. IEC 62304:2006+A1:2015, "Medical device software — Software life cycle processes" [Online]. Available: https://www.iso.org/standard/38421.html

  3. ISO 14971:2019, "Medical devices — Application of risk management to medical devices" [Online]. Available: https://www.