The US FDA has issued final guidance regarding post-market cybersecurity risk management for medical devices.

The final guidance comes about a year after the FDA published draft guidance on managing medical device cybersecurity risks.

US FDA final guidance on medical device post market cybersecurity risk management Medical device regulators in the US have published final guidance addressing post-market cybersecurity risks for applicable devices and software products.

The new FDA document follows draft guidance issued by the agency in early 2016, and includes recommendations for manufacturers to identify and monitor cybersecurity risks associated with their marketed devices. The final guidance also outlines a risk framework registrants should utilize to determine whether changes they make to their devices to address cybersecurity vulnerabilities warrant reporting to the FDA.

The new post-market cybersecurity risk management guidance applies to devices already marketed in the US, as well as those used as parts of interoperable systems and that contain software that qualifies as a medical device.

Methodize will further analyze the new FDA guidance to determine any significant changes or additions to the draft version on which we reported in January 2016.

For more information on US medical device regulatory approaches to cybersecurity, pay attention to the future on the topic.
[ fda cybersecurity]

Jack Slovick President Methodize Inc P.O. Box 463 Nevis, MN 56467 763.639.0238 (cell)