FDA最新网络安全指南解读：如何精准应对发补要求？

2025年6月27日，FDA更新《医疗器械网络安全：质量体系考虑因素和上市前提交内容》指南，取代2023年版本，合规要求再升级！

小编从数十个成功案例中，基于2025年最新指南及eSTAR提交实战经验，总结出FDA发补重点判断技巧，助你高效应对发补：

1. 明确缺项型

句式特征：

"You provided XXXXX documentation; however, you did not provide..."

应对策略：

① 直接对照指南原文（通常紧跟在此类表述后）补充缺失文件和内容

② 典型场景:缺少SBOM、未提交未解决异常清单、缺少风险评估。

发补案例:

案例说明：划线部分为本发补点的缺项描述，后续内容为eStar提交要求和指南内容。

You provided XXXXX documentation; however, you did not provide a list of the unresolved anomalies (bugs or defects). When responding, we also recommend utilizing a standardized defect classification system, or taxonomy, for each anomaly, such as ANSI/AAMI SW91's Classification of defects in health software. Adequate unresolved software anomalies documentation is important to understand the potential impacts of the anomalies on device performance and to demonstrate that appropriate measures have been taken to ensure anomalies will not affect safe and effective use of the device or result in adverse health effects for the patient such as misdiagnosis of disease states in patients, which is a safety concern. Therefore, as recommended in the "Unresolved Software Anomalies" section of FDA's guidance document "Content of Premarket Submissions for Device Software Functions"(https://www.fda.gov/media/153781/download), please provide:

• a description of the anomaly;

• identification of how the anomaly was discovered and, where possible, identification of the root cause (s) of the anomaly;

• evaluation of the impact of the anomaly on the device's safety and effectiveness, including operator usage and human factors considerations;

• outcome of the evaluation;

• risk-based rationale for not correcting or fixing the anomaly in alignment with your risk management plan or procedure(s).

2. 内容不充分型

句式特征：

"You provided XXXXX documentation; however, the documentation is not adequate"

三级排查法：

① 自查清晰性：确认文档是否存在描述模糊

② 对标指南：核查eSTAR表单是否严格按照说明进行填写100%覆盖必填项

③ 审核误判可能性：若前两项无问题，可能FDA官员Missing it！

发补案例：

3. 争议沟通技巧

证据优先：在Pre-Sub会议中提供带书签的PDF文件，直接定位到争议内容所在页码

数据说话：针对"not adequate"质疑，说明详细证据（如漏洞扫描覆盖率≥95%的测试报告）