Skip to content

IDE Submission Readiness Report

Status: Working draft (software handoff prep) Baseline commit: b302dd3 Assessment timestamp: 2026-04-06 14:30 EDT Owner: BionicLoop engineering

1. Purpose

Provide a single, objective readiness snapshot for IDE submission preparation across the controlled quality chain:

RA -> SRS -> SDD -> SVVP/STP -> STR -> RTM

This report is intended to: - identify objective submission blockers - define required disposition and evidence decisions - define closure order and ownership - provide a repeatable final-draft handoff package for the dedicated quality/submission team that will manage formal review, approval, and release

1.1 Engineering ownership boundary

Engineering is responsible for the software handoff package only.

The current packet structure and scope are recorded in IDE_Software_Packet/IDE_Software_Scope_and_Deferred_Items.md and IDE_Software_Packet/IDE_Software_Baseline_Overview.md. The larger controlled-doc set should be treated as source and background material rather than as evidence that every document in the library is part of the current software handoff claim.

The default reviewer-facing entry point for the current packet is IDE_Software_Packet/README.md.

Engineering-owned deliverables in the current IDE-prep lane:

  • software technical risk content in RiskAnalysis.md
  • SoftwareRequirementsSpecification.md
  • SoftwareDesignDescription.md
  • SoftwareVerificationAndValidationPlan.md
  • TraceabilityMatrix.md
  • CybersecurityPlan.md for in-scope software controls only
  • DevelopmentSOP.md
  • CodeReviewLog.md
  • STP/ package plus STR-Execution-and-Reporting-Guide.md
  • software-facing IFU package
  • the IDE package-management docs themselves (Readiness Report, Baseline Freeze Plan, Closure Checklist)

Not owned by engineering in this pass:

  • formal review and approval signatures
  • release authorization and final IDE assembly
  • organization-level quality-system records outside software deliverables
  • final residual-risk acceptance as a quality-management activity
  • cloud / Part 11 closure unless explicitly added to engineering scope

2. Documents Assessed

  • Docs/Quality/README.md
  • Docs/Quality/RiskAnalysis.md
  • Docs/Quality/SoftwareRequirementsSpecification.md
  • Docs/Quality/SoftwareDesignDescription.md
  • Docs/Quality/SoftwareVerificationAndValidationPlan.md
  • Docs/Quality/TraceabilityMatrix.md
  • Docs/Quality/CybersecurityPlan.md
  • Docs/Quality/Cybersecurity_Handoff_Register.md
  • Docs/Quality/Cybersecurity_SOUP_Provenance_Review.md
  • Docs/Quality/Cybersecurity_Embedded_Package_Delta_Review.md
  • Docs/Quality/Cybersecurity_Local_File_and_Permission_Review.md
  • Docs/Quality/Cybersecurity_Dependency_Inventory.md
  • Docs/Quality/Cybersecurity_SBOM_and_Advisory_Process.md
  • Docs/Quality/Cybersecurity_Logging_and_Secret_Review.md
  • Docs/Quality/Cybersecurity_Supplier_Artifact_Request_List.md
  • Docs/Quality/Cybersecurity_Baseline_Acceptability_Recommendation.md
  • Docs/Quality/Cybersecurity_TV_SEC_001_Freeze_Execution_Checklist.md
  • Docs/Quality/DevelopmentSOP.md
  • Docs/Quality/CodeReviewLog.md
  • Docs/Quality/IDE_Software_Handoff_Index.md
  • Docs/Quality/IDE_Software_Handoff_Disposition_Log.md
  • Docs/Quality/IDE_Software_Packet/README.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Baseline_Overview.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Scope_and_Deferred_Items.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Risk_and_Cybersecurity_Summary.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Prior_Testing_Summary.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Verification_Summary.md
  • Docs/Quality/IDE_Software_Packet/IDE_RTM_Audit_Summary.md
  • Docs/Quality/IDE_Software_Packet/IDE_Software_Handoff_Memo.md
  • Docs/Quality/IDE_Software_Packet/IDE_Receiving_Team_Freeze_Disposition_Memo.md
  • Docs/Quality/IDE_Software_Packet/IDE_Formal_Evidence_Execution_Plan.md
  • Docs/Quality/IDE_Software_Packet/IDE_Freeze_Command_Sheets.md
  • Docs/Quality/Evidence/Formal/STR-README-Template.md
  • Docs/Quality/Evidence/Formal/STR-ALG-001/README.md
  • Docs/Quality/Evidence/Formal/STR-AUTO-001/README.md
  • Docs/Quality/Evidence/Formal/STR-SEC-001/README.md
  • Docs/Quality/RegulatoryReferences.md

3. Current Readiness Summary

3.1 Strengths already in place

  • End-to-end trace chain structure exists and is internally linked by stable IDs (RA-*, SRS-*, SDD-*, TV-*).
  • Quality docs are centralized in Docs/Quality/.
  • Code review process is documented and actively maintained in CodeReviewLog.md.
  • Formal vs working evidence lanes are defined.
  • Large portions of safety-critical behavior already have mapped tests and documented evidence references.
  • Engineering-owned software-package boundaries are now explicit.
  • Core controlled software docs and the STP package now carry handoff-ready metadata placeholders and revision history.
  • Accepted vs deferred software-scope decisions are now recorded in a dedicated disposition log instead of remaining implicit in draft wording.
  • The cybersecurity package now distinguishes inherited supplier/device controls, BionicLoop-owned local controls, and explicit missing artifact types, with separate provenance, local file/permission, dependency-inventory, logging/secret-review, supplier-artifact-request, and baseline-acceptability support notes.

3.2 Primary software-handoff blockers

  1. RTM audit is now complete at the reviewer-summary level, and the result is that no rows are currently formal-ready; the claimed software baseline still requires freeze-time evidence promotion.
  2. Formal software evidence package closure is incomplete for several high-risk rows (including final Algo formal closure package updates and hardware-backed rows).
  3. Working evidence is still referenced in several RTM rows and must be converted to formal-ready, rerun-needed, or deferred.
  4. Cybersecurity/auth rows are now explicitly split into in-scope vs deferred scope, and supporting review notes plus a dependency inventory now exist. An engineering baseline-acceptability recommendation is now documented, likely upstream import/sync commits for embedded packages are now identified, the curated security-relevant embedded-package delta review is now recorded, the SBOM/advisory ownership/process note is now documented, and the TV-SEC-001 freeze execution checklist now exists, but inherited-control artifacts, tag/release-level provenance closure, freeze-time acceptability disposition, formal in-scope evidence execution, and freeze-time SBOM/advisory execution are not yet complete.
  5. The handoff package manifest and scope log exist, but the readiness package still needs a final baseline SHA and freeze-time rerun-needed list.

4. Gap Register (Submission Critical)

Gap ID Category Current State Submission Risk Required Closure
IDE-G01 Document control Core docs now use final-draft handoff metadata, but baseline freeze SHA and receiving-team approval fields remain intentionally open Freeze package could still be assembled against the wrong baseline if SHA is not filled at freeze time Fill baseline freeze SHA and receiving-team completion fields at actual freeze / review time
IDE-G02 Requirement language Accepted/deferred wording is now explicit for the current software handoff set Remaining risk is drift between SRS, SDD, SVVP, and RTM scope language Keep disposition log and trace docs synchronized at each freeze candidate
IDE-G03 RTM closure Most rows are In progress with partial evidence links Traceability not demonstrably complete Update each in-scope row to formal evidence link and Complete or approved deviation
IDE-G04 STP completeness STP package metadata and TV-* ownership map now exist, but executed formal evidence is still incomplete Protocol package can be reviewed, but not all rows can be claimed closed yet Keep STP package as handoff-ready protocol set and finish evidence audit separately
IDE-G05 Package ownership Engineering-vs-quality ownership is now enumerated, but must remain stable at freeze time Freeze package can over-claim scope if later edits blur the boundary again Treat handoff index + disposition log as mandatory freeze companions
IDE-G06 Cybersecurity scope Local vs deferred auth/cloud rows are now explicit, and the package now includes a cyber handoff register plus provenance, curated embedded-package delta review, local file/permission, dependency-inventory, SBOM/advisory process note, logging/secret-review, supplier-artifact-request, baseline-acceptability notes, and a TV-SEC-001 freeze checklist. Likely upstream import/sync commits for embedded packages are now identified, but supplier/FDA inherited-control artifacts, tag/release-level provenance closure, freeze-time acceptability disposition, freeze-time SBOM/advisory execution, and formal TV-SEC-001 evidence are still open Software package could still overstate security closure if inherited-control and local-control claims do not have the right artifact support Complete the cyber handoff register, close remaining provenance items (tag/release mapping if available), record receiving-team freeze disposition against the documented baseline-acceptability recommendation, execute the formal freeze-time SBOM/advisory artifact, execute TV-SEC-001 using the prepared checklist, audit RA-009 / TV-SEC-*, and promote formal TV-SEC-001 evidence
IDE-G07 Evidence lane discipline RTM references include working/dev evidence Weakens software handoff defensibility Restrict claimed closure evidence to formal lane; move working evidence to support-only narrative or rerun list

5. Disposition Writing Rules

5.1 Avoid in handoff-ready final-draft docs

  • provisional
  • temporary (unless explicitly marked as investigational control with transition requirement and date-bounded disposition)
  • in progress
  • pending team review
  • partial (as final status)
  • vague future tense such as planned for in-scope release commitments

5.2 Preferred replacement pattern

Every unresolved statement must be rewritten as one of: - Accepted for this IDE submission with implementation and verification reference - Deferred from this IDE submission with rationale, risk impact, and approval owner/date - Out of scope for this IDE submission with justification and trace reference

  1. Lock the engineering-owned software package boundary and identify the exact document set in scope.
  2. Lock SRS wording and disposition unresolved software requirements or defer them explicitly.
  3. Align SDD and SVVP language to the accepted software scope.
  4. Build handoff-ready STP docs and connect them to TV-*.
  5. Audit RTM evidence into three buckets: formal-ready, rerun-needed, deferred.
  6. Prepare the software handoff index and explicit deferred-items list for the receiving quality/submission team.
  7. Keep the packet review folder current as the default reviewer-facing summary set.

7. Immediate Next Actions

  1. Execute the smallest formal evidence set defined in IDE_Formal_Evidence_Execution_Plan.md, starting with STP-ALG-001, STP-AUTO-001, and TV-SEC-001.
  2. Use the prepared formal STR shell paths under Docs/Quality/Evidence/Formal/ and the shared README template so freeze runs land in the formal lane with consistent metadata.
  3. Replace remaining handoff-language reliance on Docs/Quality/Evidence/Working/.
  4. Close remaining provenance items (tag/release mapping if available), record freeze-time disposition for the documented baseline file/permission/debug-logging recommendation using IDE_Receiving_Team_Freeze_Disposition_Memo.md, and close formal in-scope cyber evidence status.
  5. Fill final baseline SHA in the package manifest and controlled-doc headers at freeze time.
  6. Use the packet review folder and handoff memo as the primary review set while preserving the larger library as background/support material.

8. Output Artifacts Produced in This Pass

  • Docs/Quality/IDE_Submission_Readiness_Report.md (this file)
  • Docs/Quality/IDE_Submission_Closure_Checklist.md
  • Docs/Quality/IDE_Software_Handoff_Index.md
  • Docs/Quality/IDE_Software_Handoff_Disposition_Log.md
  • Docs/Quality/IDE_Submission_Agent_Brief.md
  • Docs/Quality/IDE_Software_Packet/