What is FDA 21 CFR PART 510(k) & Who Needs To Comply?

What is FDA 21 CFR PART 510(k)?

Each person who wants to market in the U.S., a Class I, II, and III device intended for human use, for which a Premarket Approval application (PMA) is not required, must submit a 510(k) to FDA unless the device is exempt from 510(k) requirements of the Federal Food, Drug, and Cosmetic Act (the FD&C Act) and does not exceed the limitations of exemptions in .9 of the device classification regulation chapters (e.g., 21 CFR 862.9, 21 CFR 864.9).

Who is Required to Submit a 510(k)?

The following four categories of medical device manufacturers must submit a 510(k) to the FDA:

(1) Domestic manufacturers introducing a device to the U.S. market
(2) Specification developers introducing a device to the U.S. market
(3) Repackers or relabelers who make labeling changes or whose operations significantly affect the device
(4) Foreign manufacturers/exporters or U.S. representatives of foreign manufacturers/exporters introducing a device to the U.S. market

Who is NOT Required to Submit a 510(k)?

"Preamendment Devices" or "Grandfathered" devices legally marketed in the U.S. by a firm before May 28, 1976 do not require a 510(k) if they have not been:
* significantly changed or modified since then; and
* for which a regulation requiring a PMA application has not been published by FDA
The device must have the same intended use as that marketed before May 28, 1976. If the device is labeled for a different intended use, then the device is considered a new device and a 510(k) must be submitted to FDA for marketing clearance.

What are the sections required for a 510(k) submission?

Section 1.0 – Medical Device User Fee Cover Sheet (Form FDA 3601)
Section 2.0 – CDRH Premarket Review Submission Cover Sheet
Section 3.0 – 510(k) Cover Letter
Section 4.0 – Indications for Use Statement
Section 5.0 – 510(k) Summary
Section 6.0 – Truthful and Accuracy Statement
Section 7.0 – Class III Summary and Certification
Section 8.0 – Financial Certification or Disclosure Statement
Section 9.0 – Declarations of Conformity and Summary Reports
Section 10.0 – Executive Summary
Section 11.0 – Device Description
Section 12.0 – Substantial Equivalence Discussion
Section 13.0 – Proposed Labeling
Section 14.0 – Sterilization and Shelf Life
Section 15.0 – Biocompatibility
Section 16.0 – Software
Section 17.0 – Electromagnetic Compatibility and Electrical Safety
Section 18.0 Performance Testing – Bench
Section 19.0 Performance Testing – Animal
Section 20.0 Performance Testing – Clinical

How does LuitBiz help you become GDPR compliant?



What it means

How LuitBiz helps


25: Data protection by design and data protection by default

Data Minimization, user access limits and limit period of storage and accessibility

Identify who has access and who should have access to regulated documents, customer data and employee data; manage permissions; manage risks like group access; user monitoring, customer data transfer, encrypted directories and data, etc.


30: Records of Processing Activities

Implement technical and organizational measures to properly process personal data.

Identify, discover, and classify sensitive and GDPR eligible documents via full text search functionality; classify customer data, monitor, analyze, and report on user activity on documents, customer and employee data; establish and automate document & data retention policies; generate reports based on type of documents & data, access activity, and more.


17: Right to Erasure and "to be forgotten"

Be able to discover and target specific data and automate removal.

Identify, discover, and classify sensitive and GDPR eligible documents & data; define and automate document & data retention policies. Configure end-to-end document & data deletion rules and easily implement and enforce them for document & customer / employee data retention or deletion.


32: Security of processing

Ensure least privilege access; implement accountability via data owners; provide reports that policies and processes are in place and successful.

Reduce risk and manage access controls: automate and impose document workflows, customer data approval workflows, employee activity workflows and proactively enforce ethical walls and security policies.


33 & 34: Data breach notification

Prevent and alert on data breach activity; have an incidence response plan in place.

Document & data activity monitoring, complaints management, access monitoring, detect suspicious logins, ability to send breach notifications to Supervisory Authority (SA).


35: Data Protection Impact Assessment

Assessment of the purpose, scope and risk associated with processing private data and documents.

Ability to hide documents and keep them private, document access discovery and monitoring, customer and employee data protection, ability to publish DPIAs for employee reference.


15 & 16: Right to Data access and rectification

Be able to give access and rectification rights to data subjects regarding their data and documents.

Ability to retrieve documents & data in seconds and email them to the concerned data subjects for rectification, historical data on emails sent to data subjects regarding their documents.


44: Data transfers to third country or international organization

Permit transfers only to entities in compliances with regulation.

Document & data access policy enforcement via LuitBiz access control.