Total Product Lifecycle (TPLC) Management

FDA expects a continuous, circular approach to AI/ML device management, not a linear one.

A circular diagram showing the five stages of the Total Product Lifecycle: Design, Validation, Submission, Monitoring, and Update.TPLCDesignValidationSubmissionMonitoringUpdate

Core Principles for AI/ML Submissions

Transparency

Bias Mitigation

Continuous Learning

Data Governance

Cybersecurity

Click an icon to view details.

Interactive Risk Assessment

Estimate risk priority based on potential harm and likelihood of occurrence. Aligns with ISO 14971 principles.

Negligible
Minor
Serious
Critical
Frequent
Med
High
High
High
Probable
Low
Med
High
High
Occasional
Low
Med
High
High
Remote
Low
Low
Med
High
Selected Risk Scenario: occasionalSeverity: seriousPriority: High

Data Representativeness

Ensure training and test data reflect the target population to mitigate bias.

Age 18-40
Age 41-65
Age 65+
Male
Female

Explainable AI (XAI) Showcase

Visualizing model attention to ensure clinical relevance and build user trust.

Case: Patient A
AI Finding: Pneumonia

Post-Market Monitoring Drift Simulator

Simulate performance drift that could trigger an investigation or model update.

Threshold
Performance OK

Model Performance Metrics

Key validation metrics to include in a Model Card and submission summary.

AUC (Area Under Curve)96%
Sensitivity (True Positive Rate)92%
Specificity (True Negative Rate)94%
Positive Predictive Value89%

Model Update Submission Strategy

Use this decision tree to assess if a model change may require a new FDA submission.

Does the change alter the device's intended use or introduce a new risk?

Regulatory Pathway Advisor

A simplified guide to determine the likely premarket submission pathway for your AI/ML device.

Is there a legally marketed 'predicate' device with the same intended use and technology?

Cybersecurity Threat Modeling

Identify and mitigate common AI-specific vulnerabilities throughout the TPLC.

Data Poisoning
Evasion Attacks
Model Inversion
Adversarial Reprogramming

Data Poisoning

Description: Adversaries intentionally corrupt training data to manipulate model behavior and outcomes after deployment.

Mitigation: Implement robust data validation and anomaly detection in the data pipeline. Use data provenance tracking to identify and isolate suspicious data sources.

  • Establish a formal GMLP framework within the QMS. (GMLP)
  • Integrate AI/ML risk management into ISO 14971 processes.
  • Document data governance, provenance, and bias assessments.
  • Develop a comprehensive Model Card for submission. (Model Card)
  • Create a post-market performance monitoring and update plan.
  • Prepare a 510(k) Summary that clearly explains the AI/ML function to the public. (510(k))
  • Develop a threat model and cybersecurity management plan.
  • Define clear labeling and transparency features for end-users.
  • Ensure validation datasets are independent and representative of the intended patient population.
  • Establish a change control protocol for model updates, defining triggers for new submissions.