Compliance

SBOM

Software Bill of Materials · software bill of materials · cbom

TL;DR

A formal, machine-readable inventory of every software component (libraries, OS, firmware) shipped in a product — now required by FDA premarket cybersecurity guidance.

An SBOM lists every software component, including transitive dependencies, in a release — typically in SPDX or CycloneDX. FDA's 2023 premarket cybersecurity guidance and EU MDR/IVDR cybersecurity expectations require manufacturers to provide and maintain SBOMs so vulnerabilities (CVEs) can be tracked across the device's lifetime.

V5 attaches an SBOM to each software release record and continuously matches it against CVE feeds to surface relevant vulnerabilities into post-market risk review.

Regulatory anchors

FDA Premarket Cybersecurity Guidance (2023)
EU MDR Annex I §17

Industries that live with this

Medical Devices

How V5 handles it

Document control with hard kiosk-level training enforcement.

Versioned SOPs are only useful if operators are actually trained on the current version. V5 enforces it at the kiosk.

Related terms

IEC 62304 SaMD PMS EU MDR

Want to see SBOM in V5?

Free trial, no credit card, onboard in days, not months.

Start free Book a demo

Back to glossary