CBER Finalizes Standards Guidance

The US FDA Center for Biologics Evaluation and Research (CBER) finalized the December 2017 draft guidance titled “Standards Development and the Use of Standards in Regulatory Submissions Reviewed in the Center for Biologics Evaluation and Research” today.  The guidance makes clear that CBER recognizes the value and proper usage of standards and further encourages the use of appropriate standards in the development and qualification of CBER-regulated medical products.  The guidance acknowledges that the use of standards can “provide a more efficient evaluation of regulatory submissions, including investigational new drug applications (INDs), biologics license applications (BLAs), new drug applications (NDAs), investigational device exemptions (IDEs), premarket approval applications, and premarket notifications, supplements, and amendments.”  This guidance however does make clear that CBER will not “endorse the activities of specific Standards Development Organizations (SDOs) or recommend specific standards for use in regulatory submissions.”

What about medical devices, particularly that contain software?  While the guidance does not address software directly, the guidance does make clear that “use of consensus standards is not mandatory for medical device regulatory submissions unless the consensus standard has been incorporated by reference into a regulation. For devices regulated by CBER, a sponsor or manufacturer of a medical device may use either standards that have been “recognized” by CDRH or non- recognized standards to support regulatory submissions for medical devices.”  One should consider that IEC 62304 is a recognized standard by CDRH but use of IEC 62304 is not mandated by the regulations.  However, SoftwareCPR would advise the use of an IEC 62304 compliant process for any software developed for use in a medical device since it requires safety risk management activities.

Depending on the intended use, there could be software impact from “Data Standards” and/or “Performance Standards”.  The guidance defines data standards may “describe the data elements and relationships necessary to achieve the unambiguous exchange of information between disparate information systems.”  Performance Standards “state requirements in terms of required results without stating the methods for achieving those results. A performance standard may define the functional requirements for the item, operational requirements, and/or interface and interchangeability characteristics.”

Download the guidance here:  Standards-Development-and-Use-of-Standards-in-Regulatory-Submissions_Final

CDRH maintains a list of Recognized Consensus Standards that can be found at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm.

Click this link to see a search of all SoftwareCPR posts related to consensus standards:  https://www.softwarecpr.com/?s=consensus

About the author

Brian Pate helps medical device companies achieve efficient and FDA regulatory compliant product development to produce higher quality and clinically valued software. He began his career in clinical research in 1985 with the Department of Anesthesiology at UAB developing closed-loop control systems for the automated delivery of gases and control. In 1990, he made the switch from university research to the medical device industry designing control systems, communication interfaces, user interface, and other software for real-time embedded systems and clinical information systems, working for medical device companies including Johnson & Johnson, Baxter Healthcare, and GE Medical. Today, he is a Partner and the General Manager of Crisis Prevention and Recovery LLC (dba SoftwareCPR®), a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software. He has taught the AAMI/FDA course on Software Regulation to FDA Reviewers at FDA and is currently the lead faculty for the public version of that course taught annually along with FDA staff. Brian served on the AAMI/FDA TIR working group that created AAMI TIR32 Guidance on the application of ISO 14971 to Software (later superseded by IEC 80002-1). He later served on the original AAMI/FDA working group that created the AAMI TIR45-2012 TIR Guidance on the use of Agile practices in the development of medical device software and is currently the co-chair leading the creation of the 2nd edition of TIR45. He has served as faculty for all offerings of the AAMI/FDA Compliant Use of Agile Methods public course. Brian also served as an instructor for the AAMI Design Controls course. He is also a member of the Underwriters’ Laboratories Standards Technical Panel 5500, Remote Software Updates. He now serves as a member of the AAMI Software Committee.

Upcoming SoftwareCPR Training Courses:

Public Course – Jan 9-11, 2023 – Risk Management (in-person)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective public training course is now open for registration!

Where:  Tampa, Florida

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Discount Registration through October 31, 2022.  Reserve your spot!

Register here: https://events.eventzilla.net/e/2023-softwarecpr-public-training-course–iso-14971-medical-device-risk-management-a-software-organizations-perspective-2138576610


Public Course – Dec 12-15, 2022 – Being Agile & Yet Compliant (virtual)

COST: 4 half days for $1,920 per person

HOURS: 11 am until 3 pm EDT each day

TRAINING LOCATION: Virtual – live online

Register here:



Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.