outlined in 21 CFR Part 830, with specific focus on the criteria for marking devices, maintaining product identification, and fulfilling reporting obligations.

The primary components of UDI include:

• Device Identifier (DI): A unique numeric or alphanumeric code specific to a particular version or model of a device, where it remains consistent across all distribution channels.
• Production Identifier (PI): This part encodes the manufacturing date, lot or batch number, serial number, and other variable information pertinent to the device’s specific instance.

For software classified as SaMD, both the DI and PI may contain critical metadata reflecting the specific version of the software. The FDA’s Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices outlines how these identifiers should be applied in premarket submissions. It emphasizes the importance of transparency regarding software updates, functionality changes, and risk assessments related to versioning.

Versioning in UDI for SaMD and Software

Version control is pivotal for effective UDI management in software. As software is frequently updated to address bugs, improve functionality, or even expand capabilities, it can directly impact the UDI compliance status. Here’s a step-by-step guide on how to handle versioning:

Step 1: Establish a Versioning System

Start by creating a robust versioning protocol that correlates with both internal tracking and regulatory compliance requirements. Your versioning system should provide clear indicators (e.g., major vs. minor updates, beta versions) and include an audit trail documenting changes. This aids in ensuring that the software label content aligns with the current capabilities and variations present in the market.

Step 2: Assign Unique UDIs for Each Version

Every version of the software should have a unique DI assigned to it according to regulatory expectations. This involves:

• Updating the UDI every time significant changes are made.
• Maintaining version history for oversight and compliance verification.
• Ensuring the GUDID (Global Unique Device Identification Database) is updated with the latest device identifiers and production identifiers.

For example, if a SaMD version 1.0 is updated to version 1.1 introducing new features, the DI must change accordingly to ensure proper traceability.

Step 3: Review and Update Labels Regularly

The device label content should always reflect the current version of the software. Compliance requires that these labels are not only displayed on the device but also made available digitally. Establish a framework for routinely reviewing labels with each software iteration to ascertain that all information remains accurate.

Step 4: Conduct Risk Analysis for Updates

Each version should undergo a risk analysis to determine whether changes could impact safety or effectiveness. Document this assessment as part of the premarket submission process, ensuring that software updates do not compromise previously established safety protocols.

Managing eIFU in Relation to UDI for Software and SaMD

As UDI compliance evolves, so must the management of electronic Instructions for Use (eIFU). The use of eIFU documents provides a significant advantage in updating labels in a timely manner without the need for physical label changes. However, there are specific guidelines to adhere to:

Step 1: Ensure Accessibility of eIFUs

The FDA recommends that manufacturers ensure eIFU documents are easily accessible to users. This may involve maintaining a designated online platform or integrating access points within the software itself.

Step 2: Synchronize Version Control Across eIFUs

Digital labeling solutions must be updated in line with software versions. Similar to physical labels, each eIFU should include the respective version number, DI and PI, and clearly define the intended use. Synchronization fosters consistency across all user touchpoints.

Step 3: Comply with Global UDI Harmonization Initiatives

Global UDI harmonization is an increasingly critical factor for companies operating cross-border. Entities such as the International Medical Device Regulators Forum (IMDRF) are actively working towards creating a unified approach to UDI standards across jurisdictions. Therefore, keeping abreast of these developments is imperative, especially as it pertains to international distribution and marketing efforts.

Adhering to both FDA’s standards and regulatory requirements in the EU and UK, such as those provided under the Medical Device Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR) ensures that compliance with multiple regions can be achieved seamlessly.

Documentation and Reporting Obligations

Proper documentation is central to ensuring UDI compliance not only for regulatory submission but for any audits or inspections. Key responsibilities include:

Step 1: Document UDI Assignment

Maintain clear records detailing how each UDI was assigned, including the rationale for any changes made across software versions. The documentation must provide transparency about how the device was tested, including any supporting data correlating with regulatory expectations.

Step 2: Submit to GUDID

The UDI data must consistently be submitted to the GUDID. As updates occur, ensure that the database reflects the current status of identifiers. Failure to report changes can result in non-compliance, leading to penalties or market withdrawal of the device. The FDA offers guidelines on establishing and maintaining an account in GUDID, which are a necessity for proper compliance.

Step 3: Maintain Training Records

Human factors play a significant role in compliance. Training staff on UDI regulations, label content requirements, and risk assessment for software changes assists in cultivating an intentional culture of quality and compliance. Documentation of such training must also be retained.

Conclusion

Maintaining UDI compliance for software and SaMD is multifaceted and requires more than just accurately generating identifiers. It encompasses effective version control, rigorous risk analysis, and robust documentation practices. RA/QA professionals must remain vigilant to adapt to changing regulations and harmonization efforts globally. The successful navigation of these complexities will contribute toward safer medical devices and better healthcare outcomes. By implementing these systematic steps and staying informed on compliance trends, professionals can fulfill regulatory expectations while enhancing device safety and efficacy.