Module 17 2024

05/12/2024

Chapter 10: Software as a Medical Device

Post-market requirements The regulations will allow for certain SaMD change management processes such as ‘predetermined change control plans’ (PCCPs). Currently, change management processes require all ‘significant’ or ‘substantial’ changes to be reported to either the MHRA or the relevant Approved Body. Predetermined change control plans (PCCPs) are one method of streamlining these processes. PCCPs will be enabled but on a voluntary basis. The MHRA recognizes the need to encourage the use of PCCPs in guidance and may consider mandating them in the future.

The Organisation for Professionals in Regulatory Affairs

71

71

Chapter 10: Software as a Medical Device

SaMD cyber security It is intended that the regulation will require manufacturers of SaMD to meet certain minimum requirements relating to security measures and protection against unauthorized access. It is intended to introduce a requirement as per EU MDR General Safety and Performance Requirement (GSPR) 17.4 (for medical devices) covering cyber security and associated requirements. There is a strong argument to retain alignment with the EU in this area, unless divergence is necessary for the protection of UK patients. AI as a Medical Device The government does not intend to introduce any AIaMD-specific requirements in the legislation.

The Organisation for Professionals in Regulatory Affairs

72

72

36