The U.S. Food and Drug Administration (FDA) has released an updated list of frequently asked questions (FAQs) on the agency’s requirements regarding cybersecurity provisions applicable to medical devices.
Published on the FDA’s website, the FAQs address a range of issues critical to achieving compliance with FDA requirements regarding cybersecurity that apply to medical device premarket submissions filed on or after March 29, 2023. Among other issues, the FAQs clarify the definition of a cyber device, identifies the parties and the types of premarket submissions which are subject to the new requirements, and details resources available to device manufacturers to aid in their efforts to achieve compliance.
Although cybersecurity requirements are now applicable to medical device premarket submissions, the FDA says that it will provide a six-month grace period for manufacturers, and will not issue “refuse to accept” (RTA) decisions for premarket submissions filed before October 1, 2023. Instead, until that date, the agency will work collaboratively with those making premarket submissions as part of its deficiency review process.
Read “Cybersecurity in Medical Devices: Frequently Asked Questions” on the FDA webpage.