FDA Q-Submission Guidance Released – Includes Cybersecurity

The US Food and Drug Administration (FDA) released their final Q-Submission (Q-Sub) Program guidance. The FDA Q-Sub program has been expanded and allows manufacturers to solicit feedback from the FDA prior to submitting their premarket applications for potential or planned medical device Investigational Device Exemption (IDE) applications, Premarket Approval (PMA) applications, Humanitarian Device Exemption (HDE) applications, Evaluation of Automatic Class III Designations (De Novo requests), Premarket Notification (510(k)) Submissions, Clinical Laboratory Improvement Amendments (CLIA) Waiver by Applications (CW), Dual 510(k) and CLIA Waiver by Application Submissions (Duals), Accessory Classification Requests, and certain Investigational New Drug Applications (INDs) and Biologics License Applications (BLAs). This final guidance replaces the draft guidance published in 2017.

According to the guidance, “A Pre-Sub includes a formal written request from a submitter5 for feedback from FDA that is provided in the form of a formal written response or, if the submitter chooses, formal written feedback followed by a meeting in which any additional feedback or clarifications are documented in meeting minutes. Such a Pre-Sub meeting can be in-person or by teleconference as the submitter prefers.  A Pre-Sub provides the opportunity for a submitter to obtain FDA feedback prior to an intended premarket submission (i.e., IDE, PMA, HDE, De Novo request, 510(k), Dual, BLA, IND), Accessory Classification Request, or CW.  The request should include specific questions regarding review issues relevant to a planned IDE, CW, or marketing submission (e.g., questions regarding cybersecurity considerations for the device; nonclinical testing protocols; design and performance of clinical studies and acceptance criteria). A Pre-Sub is appropriate when FDA’s feedback on specific questions is necessary to guide product development and/or submission preparation.

Of particular note above, the final guidance allows for FDA feedback on the cybersecurity measures expected in the premarket submissions. The FDA is prepared to provide feedback on the attack vectors, comments on the applicant’s cybersecurity management plan, proposed risk models for use in assessing the device cybersecurity, and if the described level of security is appropriate for the device risk.

We at Realtime understand how to design in the necessary cybersecurity framework, with all of its facets, into your device to meet the expectations of this guidance.  With its extensive experience in systems, electronics, software, firmware, and test engineering, Realtime has worked with many customers to help them define their products, prototype their designs, and turn their concepts into reality.  Contact The Realtime Group today at 972 985-9100 and let our engineers help bring your concept to life!

See https://www.fda.gov/media/114034/download for more information