TemplateFREE⏱️ 4-8 hours
FDA Regulatory Compliance Template for Health Tech
A structured FDA regulatory compliance checklist for health tech and digital health product teams covering device classification, 510(k) and De Novo...
Updated 2026-03-05
FDA Regulatory Compliance
| # | Area | Criteria | Score (1-5) | Findings | Action Required | Status | |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 |
#1
#2
#3
#4
#5
Edit the values above to try it with your own data. Your changes are saved locally.
Get this template
Choose your preferred format. Google Sheets and Notion are free, no account needed.
Frequently Asked Questions
How do I know if my software is a medical device?+
The FDA considers software a medical device if it is "intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease." Key signals: Does your software analyze patient data to provide clinical recommendations? Does it monitor physiological parameters? Does it control or interface with a medical device? If yes to any of these, it likely qualifies. If your software is purely administrative (scheduling, billing) or meets all four CDS exemption criteria, it is likely exempt.
What is the difference between 510(k) and De Novo?+
A 510(k) submission demonstrates that your device is "substantially equivalent" to an already-cleared device (the predicate). It is the most common pathway for Class II devices. De Novo is for novel devices with low-to-moderate risk where no predicate exists. De Novo creates a new device type and risk classification, which then serves as a predicate for future 510(k) submissions. If you cannot find a suitable predicate device, De Novo is likely your pathway. Pre-submission meetings with FDA help confirm the right approach.
Can we use agile development for FDA-regulated software?+
Yes. The FDA does not mandate a specific development methodology. Many digital health companies use agile or hybrid approaches. The key is that your design controls (21 CFR 820.30) are maintained regardless of methodology. This means requirements are documented and traced to tests, design reviews happen at defined milestones, and changes are controlled through your change management process. Map your sprint ceremonies to design control activities: sprint planning maps to design input, code review maps to design verification, and release validation maps to design validation. For more on managing technical products, the [glossary entry on technical product management](/glossary/technical-product-manager) covers the PM's role in engineering-heavy product work.
How long does the FDA review process take?+
Average review times (as of 2025): 510(k) takes 3-6 months from submission to decision. De Novo takes 6-12 months. PMA takes 12-18 months. These timelines assume a complete submission with no deficiency letters. In practice, most first-time submissions receive requests for additional information (AI letters), which add 2-4 months. Pre-submission meetings significantly reduce the risk of deficiency letters by aligning expectations with the FDA reviewer before formal submission.
What are the SBOM requirements for medical device software?+
The FDA's 2023 cybersecurity guidance requires a Software Bill of Materials (SBOM) for all premarket submissions. The SBOM must list all commercial, open-source, and custom software components including version numbers, known vulnerabilities (CVEs), and component dependencies. The FDA expects SBOMs in a machine-readable format (SPDX or CycloneDX). You must also describe your plan for monitoring and patching vulnerabilities discovered post-market. Automated SBOM generation tools (Syft, Trivy, FOSSA) should be integrated into your CI/CD pipeline. ---
Explore More Templates
Browse our full library of PM templates, or generate a custom version with AI.