Today, the Food and Drug Administration (FDA) released the draft guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”
The draft guidance provides the FDA’s updated recommendations for the device design, labeling, and documentation to be included in premarket submissions for devices with cybersecurity risks. The technical recommendations in this draft guidance are intended to:
1) ensure better medical device protection against cybersecurity threats that could interrupt clinical operations and delay patient care; and
2) allow for a more efficient premarket review process that would better ensure marketed medical devices are protected against cybersecurity vulnerabilities.
This draft guidance encompasses the following types of premarket submissions for medical devices that contain software (including firmware), programmable logic, and software that is considered a medical device:
When finalized, this guidance will replace the original version of the “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” final guidance issued in October 2014.
The FDA welcomes your comments regarding this draft guidance document. The comment period will be open for 150 days in the Federal Register under docket ID: FDA-2018-D-3443 beginning October 18, 2018.
On January 29-30, 2019, the FDA will host a public workshop to discuss and answer questions about this draft guidance. The workshop is an opportunity to provide feedback on the proposed recommendations including recommendations regarding a Cybersecurity Bill of Materials (CBOM), which could become a critical element in identifying cybersecurity assets, threats, and vulnerabilities in the future.
Additional information about the public workshop, including registration instructions, can be found at https://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm623171.htm.
© 2018, TechNation Magazine. Site designed by MD Publishing, Inc.