FDA Mock Deficiency Review™ — eSTAR, 510(k) & De Novo
Panabistics reviews your submission package the way a skeptical FDA reviewer may approach it, identifying likely deficiencies, weak rationales, inconsistent evidence, and missing documentation before you submit.
Expert-led, reviewer-style regulatory consulting — not a generic checklist or AI tool.
Why This Matters
Completing the required fields in eSTAR does not mean the evidence is adequate for FDA review. Reviewers assess whether the submission is complete, internally consistent, traceable, scientifically justified, and aligned with current FDA expectations.
A submission can appear administratively complete and still trigger an Additional Information request if the cybersecurity, software, labeling, risk management, usability, or performance evidence does not support the device claims.
Panabistics helps identify these issues before FDA does.
This service is not a generic checklist. It is a reviewer-oriented challenge of FDA submission evidence, designed to identify likely Additional Information risks before submission.
Deliverables
FDA-style questions and deficiencies written in the tone and structure of a reviewer challenge.
A practical issue tracker identifying the deficiency, source document, severity, regulatory basis, owner, and recommended remediation.
Assessment of whether claims, risks, controls, test evidence, labeling, software documentation, and submission content align.
A clear readiness assessment identifying high-risk gaps, moderate concerns, and items suitable for cleanup before submission.
Practical next steps to strengthen the package before FDA review.
Support to revise documents, close gaps, and prepare a stronger submission package.
Review Scope
| Area Reviewed | What We Assess |
|---|---|
| Cyber device applicability | Whether FDA cybersecurity requirements apply and whether the rationale is clear. |
| Secure Product Development Framework | Whether the SPDF is adequately described and supported by the submitted documentation. |
| Threat modeling | Whether threats, assets, interfaces, data flows, attack surfaces, and trust boundaries are clearly identified. |
| Cybersecurity risk assessment | Whether cybersecurity risks, controls, residual risks, and patient impact are appropriately connected. |
| SBOM | Whether the SBOM is usable, current, and aligned with the software architecture and third-party components. |
| Vulnerability management | Whether postmarket monitoring, vulnerability intake, triage, remediation, and update processes are credible. |
| Cybersecurity testing | Whether the testing supports the claimed cybersecurity controls and device risk profile. |
| Architecture and data flow | Whether diagrams clearly show interfaces, communication paths, trust boundaries, and update mechanisms. |
| Labeling and IFU | Whether cybersecurity instructions are adequate, user-appropriate, and not overclaimed. |
| eSTAR consistency | Whether cybersecurity content aligns with software, risk management, labeling, system description, and test evidence. |
Cybersecurity Deliverables
FDA-style questions and deficiencies focused on likely cybersecurity review concerns.
Excel-style tracker with issue, source, severity, regulatory basis, recommended fix, and owner field.
Clear readiness summary with go, conditional-go, or not-ready recommendation.
Prioritized steps to strengthen the package before submission.
Support to revise documents, address gaps, and prepare stronger FDA-facing evidence.
Audience
This service is designed for medical device companies preparing or reviewing:
This service does not replace FDA review, cybersecurity testing, penetration testing, software validation, legal advice, or the sponsor’s responsibility for submission content. It is an independent regulatory and submission-readiness review designed to identify likely FDA review concerns before submission.
Expanding Service Line
The FDA Mock Deficiency Review™ service line is designed to support additional review modules as needed.
The FDA Mock Deficiency Review™ service is being launched first with the Cybersecurity Mock Deficiency Review module. Additional review areas may be supported as custom engagements depending on the available submission package, device type, and review scope.
FDA-style cybersecurity package review for eSTAR, 510(k), and De Novo submissions.
Reviewer-oriented challenge of software documentation against FDA submission expectations.
Review of usability and human factors evidence for submission-readiness, task coverage, labeling linkage, and likely FDA questions.
Assessment of risk management file consistency, traceability, risk controls, residual risk, and submission alignment.
Review of IFU, package labeling, app screens, symbols, UDI, cybersecurity instructions, and promotional claims against supporting evidence.
Challenge of performance testing rationale, protocols, acceptance criteria, sample size, and reported results.
Reviewer-oriented challenge of clinical evaluation, clinical study rationale, literature support, equivalence arguments, and clinical evidence adequacy.
Comprehensive mock deficiency review across the complete eSTAR package, available when the full submission package is provided.
Additional review areas available by request: Biocompatibility, Sterilization & Shelf-Life, Electrical Safety & EMC, Predicate / Substantial Equivalence, AI/ML SaMD, IVD evidence, packaging, UDI, and postmarket / PMS-related documentation.
Request a Review
Tell us about your submission pathway, device type, and timeline. We will respond within 24 business hours to discuss scope and next steps.
Kitchener-Waterloo, Ontario, Canada
Within 24 business hours