Hi All,
The FDA recently published Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.
Software validation and risk management are key elements of cybersecurity analyses and demonstrating whether a device has a reasonable assurance of safety and effectiveness. FDA requires manufacturers to implement development processes that account for and address software risks throughout the design and development process as part of design controls, as discussed in FDA's regulations regarding design control, which may include cybersecurity considerations.23 For example, these processes should address the identification of security risks, the design requirements for how the risks will be controlled, and the evidence that the controls function as designed and are effective in their environment of use for ensuring adequate security.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------