From Deficient to Accepted: An FDA Submission Victory

Deficiencies in security risk management documentation put an FDA submission in peril

Information Request letter from the FDA.

It’s your worst nightmare – to be on the receiving end of an IR letter from the FDA. MedAcuity technical experts step in to identify gaps relative to current FDA guidance for security risk management.

fda approved graphic

project snapshot


  • Client filed a 510(k) submission with the FDA for a next-generation medical device
  • In response, they received an information request letter (IR) from the FDA citing the need for clarification on security risk management and to address gaps in the submission
  • The client had 90 days to address the FDA’s concerns with a satisfactory response, or face the delays and increased scrutiny associated with a full resubmission


  • Client had deficient security risk management documentation on file for its legacy system, jeopardizing their ability to obtain pre-market approval of the next-generation system
  • Client received Insufficient guidance from an external third-party consultant which resulted in the IR notification
  • Promptly address and resolve the FDA’s concerns to ensure successful resolution, while also minimizing the potential opportunity cost associated with any time-to-market delay


  • MedAcuity conducted a comprehensive assessment of the FDA submission to identify gaps relative to current FDA guidance for security risk management
  • Reworked SOPs and work instructions for the stalled submission while taking into consideration existing SOPs from previous submissions to ensure that they were still supported
  • Collaborated with the client’s team to update their QMS to close security risk management gaps
  • Created a security architecture and threat model
  • Executed a comprehensive security risk analysis


In alignment with current FDA guidance and TIR57, MedAcuity

  • Ensured the client could implement and verify the security risk controls and documented all the activities in the Security Risk Management Report
  • Client submitted updates addressing security risk management gaps to the FDA; resubmission was accepted and FDA granted premarket approval
  • This project became the ‘gold standard’ for demonstrating how to safeguard a premarket submission package from security risk management deficiencies