eSTAR Submission Support

To assist you in preparing your FDA submissions, BioT provides documentation structured to align with the FDA’s eSTAR (Electronic Submission Template and Resource) Non-IVD version 5.5.

The eSTAR template standardizes the content and structure expected in premarket submissions, with dedicated sections for software and cybersecurity documentation. BioT’s documentation is organized to match these requirements, enabling you to efficiently integrate it into your overall submission.

eSTAR Documentation Mapping

The table below outlines how BioT documentation maps to specific eSTAR requirements, including document names and the corresponding input sections in the eSTAR PDF.

eStar Category	eStar Document Type	Biot Document Name	Inputs for eStar PDF
Software	Software/Firmware Description	SRS-0001	Section 2: "Overall Description"
	Risk Management File	QRM-0003 Risk analysis table
	Software Requirements Specification	SRS-0001
	System and Software Architecture Design (SAD) Chart	SDD-0001	Section 2: "System Overview", Section 3: "System Architecture"
	Software Design Specification (SDS)	SDD-0001
	Software Life Cycle Process Description	QDC-00013 Software Life Cycle Procedure
	Software Testing as part of Verification & Validation	STD-001 Software Test Description STR-001 Software Test Report
	Software Version/Revision Level History	SVD-0001 Software Version Description
	Unresolved Software Anomalies	SVD-0001 Software Version Description	Section 2.7: "Possible Problems and Known Errors"
Cybersecurity	"Risk Management - Security risk management report detailing a separate, parallel, and interconnected security risk management process"	CS-003 BioT Cybersecurity Report
	Risk Management - Threat Model	CS-003 BioT Cybersecurity Report	Section 3.3: "Threat Modeling" STRIDE is the threat modeling method.
	Cybersecurity Risk Assessment	CS-002 BioT Cybersecurity Risk Assessment	Uses Exploitability for likelihood
	Software Bill of Materials (SBOM) file	SBOM.zip
	SBOM - software level of support and end-of-support date for each software component	OTS-001 Off-the-Shelf Software Documentation
	SBOM - Safety and Security Assessment of vulnerabilities	Snyk_issues-detail
	Assessment of Unresolved Anomalies	CS-003 BioT Cybersecurity Report	Section 5.2: "Anomalies and Vulnerabilities"
	Cybersecurity Metrics - data from monitoring cybersecurity metrics	CS-003 BioT Cybersecurity Report	Section 5.3: "Measures and Metrics"
	Cybersecurity Controls	CS-003 BioT Cybersecurity Report	Section 4.2: "Architecture of Security Controls" Includes: A) Authentication controls B) Authorization controls C) Cryptography controls D) Code, data, and execution integrity controls E) Confidentiality controls F) Event detection and logging controls G) Resiliency and recovery controls H) Firmware and software update controls
	Architecture Views	CS-003 BioT Cybersecurity Report	Section 4.3: "Security Architecture Views" Includes: A) Global System View B) Multi-Patient Harm View C) Updatability/Patchability View D) Security Use Case Views."
	Cybersecurity Testing	CS-003 BioT Cybersecurity Report	Section 5.1: "Testing Reports" Includes A) Security requirement testing B) Vulnerability testing C) Penetration testing
	Cybersecurity Labeling	CS-003 BioT Cybersecurity Report	Section 8: "Labeling for Cybersecurity Risks"
	Cybersecurity Management Plan	CS-001 BioT Cybersecurity Management Plan	Section 10: "Cybersecurity Post-market Management Plan" includes a description of and justification for the timelines to make patches on a regular cycle and out-of-cycle.
	Interoperability Risk Assessment / Verification and Validation	CS-001 BioT Cybersecurity Management Plan	Section 5: "Interoperability Considerations"

How to Use

You may use the mapped documents:

In combination with device-specific additions (e.g., custom risks or test cases)
As standalone supporting documents for the cloud infrastructure component