FDA Offers (draft) Guidance on Cyber Security

The FDA has issued a draft guidance document on the expected content of premarket submissions with respect to medical device cybersecurity.  This guidance targets individual medical devices rather than the network they may be resident on, and it also includes non-networked devices. The FDA notes that both networking capability and  portable media increase vulnerability. The latter issue might be called intermittent or remote connectivity. Guidance documents tell interested people what the FDA’s current thinking is relevant to its regulatory authority, in this case the review of 510(k), PMA and related submissions. A draft guidance is in effect what the FDA is thinking about thinking. Drafts go through a comment period (90 days in this case) after which the FDA contemplates the comments and, after an unspecified time, either issues a guidance document, issues a revised draft, withdraws the draft, or just lets it sit there. Since guidance documents are not requirements, there is standard language that you can use an alternate approach if you can justify it. An open question for me is whether even a draft sufficiently establishes an FDA expectation that should be followed in the interest of a smooth submission review.There are many draft guidances currently under comment or post-comment review, including the long awaited guidance on medical apps discussed here. The current relatively brief draft has three interesting sections. The first defines the cybersecurity issue,...
Source: Medical Connectivity Consulting - Category: Technology Consultants Authors: Tags: connectivity Standards & Regulatory Wireless Medical Devices Source Type: blogs