GL-04-R4:软件医疗器械(含机器学习)监管指南
GL-04-R4: Regulatory Guidelines for Software Medical Devices (incl. ML)
别名: GL-04 · GL-04-R4 · SaMD Guidelines
软件医疗器械(含 ML)的监管指南,涵盖分类、上市前提交、变更协议、上市后管理。
Regulatory guidance for Software Medical Devices including ML-based, covering classification, pre-market submission, change protocols, post-market.
文件关系
- companion-tosg-moh-aihgle-2
- applies-undersg-health-products-act-2007
原子条款(134)
在搜索器中打开 →这包括风险评估、软件验证与确认、变更控制、可追溯性和持续生命周期管理
This includes risk assessment, software verification and validation, change control, traceability, and continuous life cycle management.
所有医疗器械软件制造商应采用全产品生命周期方法管理快速变化
all medical device software manufacturers should adopt a Total Product Life Cycle (TPLC) approach to manage rapid changes
利益相关者可参考https://www.hsa.gov.sg/medical-devices/guidance-documents获取所有引用的指导文件。
Stakeholders may refer to https://www.hsa.gov.sg/medical-devices/guidance-documents for all referenced guidance documents.
本指南适用于其预期用途符合《健康产品法2007》中医疗器械定义的软件医疗器械。
These guidelines apply to software medical devices whose intended use meets the definition of a medical device under the Health Products Act 2007.
本指南也将定期审查和更新,以反映新兴技术和不断变化的风险。
These guidelines will also be reviewed and updated periodically to reflect emerging technologies and evolving risks.
本指南适用于所有风险分类的软件医疗器械,并定义整个产品生命周期的监管要求。
These guidelines apply to software medical devices in all risk classification and define regulatory requirements across the entire product life cycle.
要加入CMP,公司必须证明其通过遵守ISO 13485/MDSAP和IEC 62304标准来维护设备安全性和有效性的能力。
To enrol in CMP, companies must demonstrate their ability to maintain device safety and effectiveness through compliance with ISO 13485/MDSAP and IEC 62304 standards.
公司必须在CMP批准后一年内提交带有实施记录的声明,之后每年提交年度声明。
Companies must submit a declaration with their implementation record within one year of CMP approval, then submit annual declarations thereafter.
有效的软件医疗器械质量管理体系应包括以下原则:领导力和组织:建立清晰的组织结构,由负责任的领导确保管理支持和治理。
An effective QMS for software medical device should include the following principles: Leadership and organisation: Establish a clear organisational structure with accountable leadership to ensure management support and governance.
所有医疗器械制造商,包括软件医疗器械制造商,应维护质量管理体系以确保制造质量。
All medical device manufacturers, including software medical device manufacturers, should maintain a QMS to ensure manufacturing quality.
有效的软件医疗器械质量管理体系应包括以下原则:生命周期支持过程:包括产品规划、风险管理、文档和记录控制、配置管理和控制、测量、分析和改进,以及外包管理应贯穿软件医疗器械产品实现活动。
An effective QMS for software medical device should include the following principles: Life cycle supported processes: Includes product planning, risk management, documentation and record control, configuration management and control, measurement, analysis and improvement, and outsource management should be applied throughout the software medical device product realisation activities.
医疗器械(包括软件医疗器械)的产品注册申请应以东盟通用提交档案模板(CSDT)格式或国际医疗器械监管机构论坛目录(IMDRF ToC)格式提交给HSA。
Product registration applications for medical devices, including software medical devices, should be submitted to HSA in the ASEAN Common Submission Dossier Template (CSDT) format or International Medical Device Regulators Forum Table of Contents (IMDRF ToC).
所有软件医疗器械,包括A类软件医疗器械,必须在其整个生命周期内安全并按预期运行。
All software medical devices, including Class A software medical devices, must be safe and perform as intended throughout their life cycle.
记录任何被认为不适用要求的理由。
Document the rationale for any requirements deemed not applicable.
应有适当的版本控制和访问权限控制,以便及时追踪软件版本。
There should be proper version control and access rights control to allow timely tracing of the software versions.
即使软件没有物理形式,也必须可追溯。
Software must be traceable even though it has no physical form.
如果以物理形式提供,新加坡注册的软件版本应在设备标签上明确标示。
The registered software version in Singapore should be clearly indicated on device labelling if supplied in a physical form.
应提交关于软件变更/迭代(例如图形界面、功能、错误修复)的软件版本信息。
Software version information on software changes/iteration (e.g. graphic interface, functionality, bug fixes) should be submitted.
应进行分析验证,以生成安全性和性能的客观证据,通常在验证和确认(V&V)阶段进行。
Analytical validation should be performed to generate objective evidence of safety and performance, typically during the verification and validation (V&V) phase.
软件V&V报告应包括:表明满足规定要求且软件规格符合用户需求和预期用途的客观证据。
Software V&V reports should include: Objective evidence showing that specified requirements are met and that the software specifications met user needs and intended use.
如果验证报告中测试的软件版本与提交注册的版本不同,请提供两个版本的比较,并解释报告如何适用于要注册的版本。
If the software version tested in validation reports differs from the version submitted for registration, provide a comparison of both versions and explain how the reports are applicable to the version to be registered.
软件V&V报告应包括:最终发布前执行的所有验证、确认和测试的结果。
Software V&V reports should include: Results of all verification, validation and tests performed before final release.
制造商还必须实施措施,确保这些医疗设备和系统之间安全、可靠和有效的信息传输和利用。
Manufacturers must also implement measures to ensure safe, secure, and effective information transfer and utilisation among these medical devices and systems.
提供可追溯性分析(例如可追溯性矩阵),将产品设计需求、设计规格和测试要求联系起来,并将已识别的危害映射到已实施的缓解措施及其测试。
Provide traceability analysis (e.g. traceability matrix) that links product design requirements, design specifications, and testing requirement, and maps identified hazards to the implemented mitigations and their tests.
应考虑进行特定验证以解决两个版本之间的重大差异。
The need for specific validation to address significant differences between the two versions should be considered.
软件V&V报告应包括:任何未解决的异常和偏差,以及接受它们的记录评估和理由。
Software V&V reports should include: Any unresolved anomalies and deviations, with a documented assessment and justification for accepting them.
软件医疗设备应设计为准确、可靠、精确、安全且适用于其预期用途。
Software medical devices should be designed to be accurate, reliable, precise, safe, and effective for their intended use.
应提供软件V&V报告以及软件需求规格说明(SRS)。
Software V&V reports should be provided together with the Software Requirement Specification (SRS).
持续上市后监测使制造商能够:在需要时评估和更新风险-收益评估
Continuous post-market monitoring allows manufacturer to: Assess and update the risk–benefit assessment when needed
持续上市后监测使制造商能够:及时发现新的或演变的风险
Continuous post-market monitoring allows manufacturer to: Detect new or evolving risks promptly
对于新的预期用途或新目标人群,制造商必须提供临床证据以建立软件输出与相关临床状况或生理状态之间的关联。
For novel intended purposes or new target populations, manufacturers must provide clinical evidence (see Table 4) to establish the association between the software’s outputs and the relevant clinical condition or physiological state.
持续上市后监测使制造商能够:通过软件更新和标签更新提高安全性和性能
Continuous post-market monitoring allows manufacturer to: Improve safety and performance through software updates (e.g. design changes) and labelling updates (e.g. limitations of use)
除了建立有效的临床关联外,软件医疗器械还应验证其在预期临床环境和目标患者群体中生成准确、可靠和精确输出的能力。
In addition to establishing a valid clinical association, the software medical device should also be validated for its ability to generate accurate, reliable and precise output in the intended clinical environment, on the targeted patient population.
临床评估过程必须建立软件输出与目标临床状况之间的有效临床关联。
The clinical evaluation process must establish a valid clinical association between the software’s outputs and the target clinical condition for the stated intended use.
部署后,收集真实世界数据以确认软件持续保持安全有效。
After deployment, collect real-world data to confirm that the software continues to remain safe and effective.
对于嵌入式软件,基于医疗器械系统(包括硬件组件)评估风险。
For embedded software, evaluate the risk based on the medical device system, including the hardware components.
管理整个软件生命周期的风险,识别并处理所有可预见的危害和故障模式。
Manage risks across the entire software life cycle by identifying and addressing all foreseeable hazards and failure modes.
定义软件的预期使用寿命,并评估所有风险,包括网络安全漏洞,以在使用过程中及软件接近生命周期结束时保护患者。
Define the software’s projected useful life and evaluate all risks, including cybersecurity vulnerabilities, to protect patients throughout use and as the software nears end of life.
当软件发生变更时,系统评估其新风险或增加的风险,并根据需要实施额外的风险控制措施。
When software changes are made, systematically assess them for new or increased risks and implement additional risk controls as needed.
风险评估的级别应与软件的复杂性、风险等级和预期用途相匹配。
The level of risk assessment should match the software’s complexity, risk class, and intended use.
使用系统化的风险管理方法:(i) 识别所有可能的危害,(ii) 评估相关风险,(iii) 实施缓解措施或控制措施以将风险降低到可接受水平,(iv) 监测和评估缓解措施的有效性。
Use a systematic risk management approach: (i) identify all possible hazards, (ii) assess the associated risks, (iii) implement mitigations or controls to reduce risks to an acceptable level and (iv) monitor and evaluate the effectiveness of mitigation measures.
遵循ISO 14971《医疗器械——风险管理在医疗器械中的应用》中描述的原则。
Follow the principles described in “ISO 14971 Medical Devices — Application of Risk Management to Medical Devices”.
软件医疗设备运行的操作系统(OS)的详细信息,包括整个医疗设备系统的操作系统。
Details of the operating system (OS) the software medical device runs on, including the OS of the overall medical device system.
设备安全性/安全控制有效性的证据已得到验证。
Evidence that the security of the device/ effectiveness of the security controls has been verified.
在产品注册时提交以下信息,适用于在通用计算平台上运行的软件,包括SaMD或连接的医疗设备。
Submit the following information at product registration for software running on general purpose computing platform including SaMD or connected medical devices (e.g. with wireless features or internet-connected and network-connected functions):
实施关于硬件、IT网络特性和IT安全措施的最低必要要求,包括防止未经授权的访问,以确保软件按预期安全使用。
Implement the minimum necessary requirements concerning hardware, IT network characteristics, and IT security measures, including protection against unauthorised access, necessary to ensure the safe use of the software as intended.
持续的计划和流程,以在整个设备使用寿命期间监控、检测和管理网络安全威胁,尤其是在上市后阶段检测到漏洞或漏洞时。
On-going plans and processes to monitor, detect, and manage cybersecurity threats throughout the device’s useful life, especially when a breach or vulnerability is detected in the post-market phase.
已实施的网络安全控制(例如设计控制)
Cybersecurity controls in place (e.g. design controls)
这包括当当前操作系统达到支持终止时解决网络安全问题的持续计划。
This includes on-going plan that address cybersecurity concerns when the current operating system is reaching End of Support.
已知和可预见的网络安全漏洞、关注潜在患者伤害的风险分析以及已实施的缓解措施;
Known and foreseeable cybersecurity vulnerabilities, risk analysis focusing on potential patient harm, and the mitigation measures implemented;
制造商许可证允许制造商分发其制造的软件。
Manufacturer’s licence allows the manufacturer to distribute the software they manufacture.
在整个软件生命周期中维护完整的设备记录。
Maintains complete device records (e.g. customer complaints, distribution records, recall data) throughout the software life cycle.
确保建立上市后监督和响应程序,包括及时有效地管理召回和实施纠正措施的能力。
Ensures procedures are in place for post-market surveillance and response, including the ability to manage recalls and implement corrective actions (e.g. bug fixes, cyber alerts, patches) promptly and effectively, and to identify recurring issues.
确保软件在有效的质量管理体系下开发和制造。
Ensures the software is developed and manufactured under an effective QMS (e.g. ISO 13485).
确保可追溯性,以便在发生FSCA或产品缺陷时追踪到用户。
Ensures traceability so software versions can be tracked to users (e.g. physicians or patients) in the event of a FSCAs or product defects.
所有软件医疗器械经销商应持有医疗器械经销商许可证。
All dealers (manufacturers, importers, and wholesalers) of software medical devices should hold a medical device dealer’s licence for each activity they perform.
记录所有变更并在QMS中保持可追溯性。
Document all changes and keep them traceable within the QMS.
GN-21中描述的所有原则适用于软件医疗器械。
All principles described in GN-21: Guidance on Change Notification for Registered Medical Devices will apply to software medical devices.
经销商和注册人必须履行售后义务,包括报告设备缺陷或故障、召回和现场安全纠正措施(FSCA),以及与设备相关的任何严重伤害或死亡。
Dealers and registrants must fulfil post-market obligations, including reporting device defects or malfunctions, recalls and Field Safety Corrective Actions (FSCAs), and any serious injuries or deaths associated with the device.
当医疗器械产品所有者需要采取行动(包括召回)以消除或降低已识别危害的风险时,启动FSCA。
Initiate a FSCA when it becomes necessary for the product owner of the medical device to take action (including recall of a medical device) to eliminate or reduce the risk of the hazards identified.
在服务报告中记录安装的软件版本,并保留这些记录以便追溯。
Document the installed software version in service reports and keep these records for traceability.
当软件医疗器械需要根据FSCA进行修正时,一旦可用,安装软件升级或错误修复。
When software medical devices need correction under FSCA, install the software upgrade or bug fix once available.
制造商必须及时调查报告并实施纠正和预防措施,以管理风险并防止不良事件再次发生。
Manufacturers must investigate reports promptly and implement corrective and preventive actions to manage risks and prevent recurring adverse events.
将所有风险管理过程和行动记录为质量管理体系的一部分。
Document all risk management processes and actions as part of the QMS.
申请人无需在产品注册时提交非医疗器械功能的信息。
Applicants do not need to submit information about non-MD functions during product registration.
制造商必须通过适当的验证和确认来分析并将这些风险降低到可接受的水平。
Manufacturers must analyse and reduce these risks to acceptable levels through proper verification and validation.
软件医疗设备制造商必须制定全面的网络安全策略,涵盖设备整个使用寿命期间的所有可能风险。
Manufacturers of software medical devices that communicate or connect with other systems must develop comprehensive cybersecurity strategies that address all possible risks throughout the device's useful life, not just during development.
所有利益相关者必须共同持续监控、评估、缓解、沟通和应对整个设备生命周期中的网络安全风险和攻击。
All stakeholders must work together to continuously monitor, assess, mitigate, communicate, and respond to cybersecurity risks and attacks throughout the device's life cycle.
制造商应在计划中包括这些考虑因素(非详尽):对设备实施安全设计原则。
Manufacturers should Include these considerations in the plan (non-exhaustive): Implement secure design principles to the device.
执行验证和确认测试以确保安全性和功能性。
Perform V&V testing to ensure security and functionality.
建立上市后计划,包括持续监控、及时检测和应对新出现的威胁。
Establish a post-market plan including ongoing surveillance, timely detection and response to emerging threats.
这些特性必须防止未经授权的使用,检测安全事件和攻击,响应网络安全威胁,并在可能时从可预见的网络风险中恢复。
These features must prevent unauthorised use, detect security incidents and attacks, respond to cybersecurity threats, and recover from foreseeable cyber risks when possible.
从设备设计和开发之初就考虑网络安全。
Consider cybersecurity from the start of device design and development.
识别所有可能的网络安全危害,并包含保护设备的设计特性。
Identify all possible cybersecurity hazards and include design features that secure the device.
监控所有软件(包括第三方软件)中可能影响设备安全与性能的新漏洞和风险。
Monitoring all software, including third-party software, for new vulnerabilities and risks that may affect device safety and performance.
该流程应包括影响评估和后续行动,如威胁遏制、通知受影响方以及漏洞修复。
This process should include impact assessment and follow-up actions such as threat containment, communication to affected parties, and vulnerability fixes.
处理可能危及设备安全与性能、扰乱临床操作或导致诊断或治疗错误的网络安全风险。
Address cybersecurity risks that could compromise device safety and performance, disrupt clinical operations, or lead to diagnostic or therapeutic errors.
风险管理必须:(i) 识别所有可能的网络安全危害,(ii) 评估相关风险,(iii) 实施缓解措施将风险降至可接受水平,(iv) 监控和评估缓解措施的有效性,(v) 向用户传达任何剩余风险。
Risk management must: (i) identify all possible cybersecurity hazards, (ii) assess the associated risks, (iii) implement mitigations to reduce risks to acceptable levels, (iv) monitor and evaluate mitigation effectiveness, and (v) communicate any residual risks to users.
使用漏洞评分系统评估网络安全漏洞的可利用性和严重性。
Use a vulnerability scoring system to assess the exploitability and severity of cybersecurity vulnerabilities.
如果需要额外的安全措施,制造商必须实行漏洞披露,与所有受影响的用户和利益相关者有效沟通。
If additional safety measures are needed, manufacturers must practise vulnerability disclosure to communicate effectively with all affected users and stakeholders.
发现新的网络安全漏洞时,进行风险评估。
When a new cybersecurity vulnerability is found, perform a risk assessment.
此信息应包括受影响设备的识别、漏洞影响以及可用的缓解措施或补偿控制。
This information should include identification of affected devices, vulnerability impact, and available mitigations or compensating controls.
应用ISO 14971医疗器械风险管理标准,解决医疗器械安全与安保问题。
Apply ISO 14971 Medical devices — Application of risk management to medical devices risk management to address medical device security and safety.
在整个软件生命周期中持续执行并记录此过程。
Conduct and document this process consistently throughout the software life cycle.
实施及时检测和分析漏洞与威胁的流程。
Implementing a process for timely detection and analysis of vulnerabilities and threats.
网络安全和安全管理应并行进行。
Cybersecurity and safety risk management should be conducted in parallel.
该评估应评估(i)患者伤害的可能性,(ii)设备性能可能受损,(iii)漏洞被利用的难易程度,(iv)被利用后的伤害严重程度。
This assessment should evaluate (i) the potential for patient harm, (ii) possible compromise of device performance, (iii) how easily the vulnerability can be exploited, and (iv) the severity of harm if exploited.
评估还应考虑现有安全措施,以确定网络安全风险是否可接受。
The assessment should also consider existing safety measures to determine if the cybersecurity risk is acceptable.
当网络安全要求作为已识别危害的缓解措施时,将其映射到特定的威胁和漏洞。
Map cybersecurity requirements to specific threats and vulnerabilities when they served as mitigation measures for the identified hazards.
即使在存在残余网络安全风险的情况下,设备也必须保持其预期功能和基本性能。
The device must maintain its intended functionality and essential performance even in the presence of residual cybersecurity risks.
进行全面的安全测试,确保代码没有重大已知漏洞,并且在设计和开发的验证与确认阶段有效实施安全控制。
Conduct comprehensive security testing to ensure code is free from significant known vulnerabilities and security controls are effectively implemented during verification and validation stage of design and development.
软件医疗器械制造商应在整个软件生命周期中实施全面、结构化的网络安全风险管理计划。
Manufacturers of software medical devices should implement a comprehensive, structured cybersecurity risk management plan throughout the software life cycle.
该计划应包括在操作系统接近支持终止(EOS)时处理相关问题的流程。
The plan should include processes to address concerns when the operating system approaches end-of-support (EOS).
作为上市后管理的一部分,他们应积极监控威胁,并制定计划以检测和应对新出现的风险。
As part of post-market management, they should actively monitor for threats and have a plan to detect and respond to new and emerging risks.
参与安全威胁和漏洞更新信息的沟通与共享,例如通过信息共享组织(ISAO)和信息共享与分析中心(ISAC)。
Involve in the communication and sharing of updated information about security threats and vulnerabilities, such as through Information Sharing Organisations (ISAOs), Information Sharing and Analysis Centres (ISACs).
为制造商、用户或双方制定恢复计划,以便在网络安全事件后将设备恢复正常运行状态。
Create a recovery plan for the manufacturer, user, or both to restore the device to normal operating condition following a cybersecurity incident.
制定计划,概述如何定期或针对已识别漏洞更新软件以维持设备的持续安全性和性能。
Create a plan which outlines how software will be updated to maintain ongoing safety and performance of the device, either regularly or in response to identified vulnerabilities.
制定主动计划,在整个设备使用寿命期间监控、识别、评估和响应新发现的网络安全漏洞。
Establish a proactive plan to monitor, identify, assess and respond to newly discovered cybersecurity vulnerabilities throughout the device's useful life.
设备标签必须明确说明软件医疗设备的操作系统要求,特别是对于在通用计算平台上运行的软件,包括SaMD。
Device labelling must clearly state the OS requirements for software medical devices, particularly for software that runs on general purpose computing platforms, including SaMD.
制造商必须在软件医疗设备达到EOS之前向用户提供及时沟通和充分支持。
manufacturers must provide timely communication and adequate support to users before software medical devices reach EOS.