The U.S. Food and Drug Administration (FDA) has issued a final version of its Guidance regarding the post-market management of cybersecurity in medical devices.
Originally published in draft form in January 2016, the Guidance covers software products and applicable devices, and explains numerous cybersecurity risks associated with marketed devices. Additionally, the Guidance provides a risk framework that can help manufacturers determine when device changes that may affect the cybersecurity of a medical device require FDA notification.
The Guidance applies to devices that are currently being marketed throughout the United States. Additional devices covered by the Guidance include technology that qualifies as a medical device, as well as parts of interoperable systems.
Guidance documents issued by the FDA are intended to present the Agency’s current view of a given topic and are not binding on either the FDA or the public. Nonetheless, they offer an important perspective that can help manufacturers and importers achieve compliance with FDA requirements.