A couple of years ago, the FDA articulated its expectations for the ways device manufacturers should address cybersecurity premarket. More recently, FDA released a complementary draft guidance. Last week, my colleagues Al Saikali, Madeleine McDonough, and Tim Moore analyzed that guidance. Key takeaways from the guidance include:
- Cybersecurity programs should be documented, systematic and comprehensive.
- Cybersecurity should be considered throughout the medical device’s entire lifecycle.
- Cybersecurity evaluations should consider a broad range of credible information and potential threats that could compromise a medical device’s essential functions.
You can read their entire analysis here.