In brief
The Medical Devices Cluster (MDC) of the Health Sciences Authority (HSA) has released a draft guidance on the Change Management Program (CMP) for Software as a Medical Device (SaMD). CMP is the new optional regulatory pathway that aims to streamline the SaMD regulatory framework and facilitate timely implementation of software changes for registered SaMDs in Singapore.
Further details on the CMP have been released in a consultation paper.
Background
On 26 August 2024, the HSA published a consultation paper setting out the proposed CMP for SaMD for industry consultation.
The HSA recognized that the prevailing regulatory framework may not be suited for the rapidly evolving nature of SaMDs. SaMD product owners face challenges in adhering to regulatory requirements, which consist of ensuring compliance and obtaining regulatory approvals that can impact the timeliness of implementing SaMD changes. Accordingly, the HSA has sought to introduce and adopt a modern regulatory framework that aims to expedite the approval process for certain types of changes.
The CMP is a new optional regulatory pathway incorporated into the HSA’s Premarket Product Registration and Change Notification processes. It streamlines the SaMD Total Product Life Cycle (TPLC)-based regulatory framework to facilitate a timely approval process and improve the effectiveness and safety of SaMD.
This initiative is part of the HSA’s efforts to adopt a modern regulatory framework that embraces agile methodologies and risk-based assessment.
Eligibility and application
To enroll in the CMP, the SaMD product must meet specific eligibility criteria, including adherence to standards for a quality management system (i.e., ISO 13485) and certain life cycle requirements for SaMD (i.e., IEC 62304).
An application for the CMP can be made through a premarket product registration or Change Notification (CN) application for SaMD registered on the Singapore Medical Device Register (SMDR).
Submission Requirements
Key submission requirements include documents demonstrating the following quality assurance processes:
- Timely review of recognized standards through the SaMD TPLC: Demonstrate that processes are in place to enable timely review or gaps analysis.
- SaMD versioning and traceability processes: Demonstrate processes throughout the SaMD TPLC to enable identification and post-market traceability/follow-up in the event of software changes and/or field safety corrective actions.
- Cybersecurity and data safety management: Ensure accreditation of international safety standards or risk analysis, surveillance, timely detection and management of cybersecurity-related threats.
- Safety issues management, including adverse events and FSCA reporting: Demonstrate proactivity and efficiency in responding to safety-related issues.
- Risk management of third-party and open-source software: This includes monitoring potential hazards and risks, implementing risk control measures, etc.
- Post-market data analysis and change management: Establish processes to consistently improve the SaMD and ensure potential safety risks are identified and mitigated.
Pre-specified changes
The CMP also introduces the concept of pre-specified changes, which are upcoming anticipated changes that can be implemented without undergoing a new CN application, provided they meet certain criteria and are documented in the initial submission.
This allows for a more efficient regulatory review process.
However, changes resulting in an alteration of SaMDs’ intended use, indication for use and method of use, and changes to device particulars published on the SMDR are excluded from making pre-specified changes.
* * * * *
The industry consultation is ongoing until 21 October 2024.
The HSA has been taking an active stance in respect of the governance of SaMDs. Our previous alert sets out the HSA’s updates to its SaMD regulatory framework in 2022, which shows the rapidly evolving landscape of SaMDs in Singapore.
* * * * *
© 2024 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.