Reviewing What We Know About LOC in Medical Devices

Remember the 2005 guidance document, Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices? In 2020 that guidance is as relevant as ever, and it can be useful to review what we know about the FDA’s expectations regarding Level of Concern (LOC) in medical devices. LOC is important if for no other reason than it determines what manufacturers should include in their premarket submission. The higher the LOC, the more extensive documentation the FDA “recommends” manufacturers submit.

Since manufacturers must state the LOC in their submission, and describe how they arrived at that LOC, it is important to understand the definition of LOC. As a term of art, Level of Concern means “an estimate of the severity of injury that a device could permit or inflict, either directly or indirectly, on a patient or operator as a result of device failures, design flaws, or simply by virtue of employing the device for its intended use.” For software specifically, LOC also implicates the “role of the software in causing, controlling, and/or mitigating hazards that could result in injury to the patient or the operator.”

Before jumping in to the three different levels of concern, note that LOC is not necessarily related to device classification or hazard or risk analysis. The FDA suggests that LOC be determined before any mitigation of relevant hazards. This means that mitigations, regardless of their effect on the individual hazards, do not necessarily decrease the LOC for a device.


What are the Levels of Concern?


Determining LOC for a Device


Documentation Based on LOC

Remember, LOC is about what documentation should be submitted to the FDA. Just because a manufacturer of a device with a Minor LOC does not have to submit as many documents as a manufacturer of a device with a Moderate or Major LOC, does not mean that the Minor LOC device manufacturer should not perform tests or keep documentation for a potential FDA inspection. The LOC flowchart and suggestions in this guidance are more about clerical ease – they govern paperwork to be submitted, but they do not necessarily excuse a manufacturer from “work” in the software development process.

There is some software documentation that must be submitted for all devices, regardless of the LOC. That list is:

  • Level of Concern Statement
  • Software Description
  • Device Hazard Analysis
  • Traceability Analysis
  • Revision Level History

The list of software documentation that differs based on the LOC is:

  • Software Requirements Specification
  • Architecture Design Chart
  • Software Development Environment Description
  • Verification and Validation Documentation
  • Unresolved Anomalies

In this list, the Moderate and Major LOC devices mostly have similar documentation requirements, although the Major LOC devices have additional requirements for the Software Development Environment Description and the V&V Documentation. Of these five types of documentation, only one category (V&V documentation) is required at the time of submission for Minor LOC devices. However, as previously mentioned, that does not mean that a manufacturer of a Minor LOC device does not need to perform any activity except V&V. This is the case even if a standard purports to exempt that type of device from some documentation – that is not what the FDA intended to convey with their LOC flowchart. When you think of the Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, think of the LOC flowchart as a list of submission requirements that the manufacturer can (and maybe should) exceed for their own records.


Read our initial impression of the guidance here: CBER Software Submission Guidance FDA CDRH

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

Upcoming SoftwareCPR Training Courses:

Public Course – Jan 9-11, 2023 – Risk Management (in-person)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective public training course is now open for registration!

Where:  Tampa, Florida

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Discount Registration through October 31, 2022.  Reserve your spot!

Register here:–iso-14971-medical-device-risk-management-a-software-organizations-perspective-2138576610


Public Course – Dec 12-15, 2022 – Being Agile & Yet Compliant (virtual)

COST: 4 half days for $1,920 per person

HOURS: 11 am until 3 pm EDT each day

TRAINING LOCATION: Virtual – live online

Register here:


Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.