FDA recognizes Defect Taxonomy Consensus Standard

FDA consensus standard taxonomy

On Jan 14, 2019, FDA recognized ANSI AAMI SW91:2018 Classification of defects in health software.  The FDA recognition statement for this standard does not indicate any specific use in premarket submissions or relevant FDA guidances. It simply states it supports existing policies.  This standard is lengthy and technical in terms of its approach to defect classification and focuses on technical and process root causes rather than clinical safety and effectiveness impact.  One possible use of this standard is to consider some of the types of defects including those in the Annexes when doing software risk analysis and root cause investigations.  Its possible in the future some FDA staff may familiarize themselves with this standard and ask if some of these types of defects have been considered during development, failure analysis, or in defect trending for CAPA.

This standard addresses the gap for an agreed upon or common approach for categorizing software defects to aid in analysis and recognition of trends.  Many companies have their own approach but thus far there has been no way to aggregate data across the industry for the common benefit of all.  SW91 is intended to address this gap and provide a common taxonomy.

Action you should take?  Consider how you could improve the problem resolution or defect handling process at your company using SW91 taxonomy.  Although not addressed in the standard, SoftwareCPR® often recommends identifying and trending defects that compromise risk control measures or contribute to hazards at least in latter stages of product development.

FDA Information:

Link to FDA notice:  FDA FR Recognition List Number 051

Scope/Abstract:  This standard provides a common language for the classification of defects occurring in health software.

Extent of Recognition:  Complete standard

Rationale for Recognition:  This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies.

Relevant FDA Guidance and/or Supportive Publications:  There is no relevant guidance developed at this time.

FDA Technical Contact:  Lisa Simone, FDA/OMPT/CBER/OBRR




About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.