Today, the Food and Drug Administration (FDA) released the draft guidance "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices."
The draft guidance provides the FDA’s updated recommendations for the device design, labeling, and documentation to be included in premarket submissions for devices with cybersecurity risks. The technical recommendations in this draft guidance are intended to:
1) ensure better medical device protection against cybersecurity threats that could interrupt clinical operations and delay patient care; and
2) allow for a more efficient premarket review process that would better ensure marketed medical devices are protected against cybersecurity vulnerabilities.
This draft guidance encompasses the following types of premarket submissions for medical devices that contain software (including firmware), programmable logic, and software that is considered a medical device:
- Premarket Notifications (510(k))
- De Novo requests
- Premarket Approval Applications (PMAs)
- Product Development Protocols (PDPs)
- Humanitarian Device Exemption (HDE) applications
When finalized, this guidance will replace the original version of the “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” final guidance issued in October 2014.
We welcome your comments regarding this draft guidance document. The comment period will be open for 150 days in the Federal Register under docket ID: FDA-2018-D-3443 beginning October 18, 2018.
Public Workshop
On January 29-30, 2019, the FDA will host a public workshop to discuss and answer questions about this draft guidance. The workshop is an opportunity to provide feedback on the proposed recommendations including recommendations regarding a Cybersecurity Bill of Materials (CBOM), which could become a critical element in identifying cybersecurity assets, threats, and vulnerabilities in the future.
Additional information about the public workshop, including registration instructions, can be found at https://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm623171.htm.
Questions?
If you have any questions regarding this draft guidance document or the public workshop, please contact the Center for Devices and Radiological Health’s Medical Device Cybersecurity Team at CyberMed@fda.hhs.gov, or Suzanne Schwartz at Suzanne.Schwartz@fda.hhs.gov or 301-796-6937.
Thank you,
Food and Drug Administration
Center for Devices and Radiological Health |
|
No hay comentarios:
Publicar un comentario