Medical Device CyberSecurity Following the September 2023 FDA Premarket Guidance

This webinar will explain the process of analyzing and minimizing cyber risks for premarket submissions. It will explain how cyber risks are identified and mitigated.

Concepts from the 2023 Guidance will be explained. The cybersecurity program must be carefully planned and documented. The manufacturer no longer can pass cybersecurity responsibility to the network. It is now a joint responsibility. Required documentation will be described including the Software Bill of Materials. A formal security risk analysis must be conducted for each risk, as well as a safety risk. Communication of risks as part of Transparency must be sent to device users.

Why should you Attend: Medical device cybersecurity has become very important to the FDA. They have issued three Guidance’s on the subject; in 2014, 2016 and 2018. In 2022 a draft Guidance was issued that would replace the 2014 and 2018 Guidances and supplement the 2016 Guidance. A Guidance was issued in September of 2023. In 2023 federal legislation gave the FDA legal authority to enforce cybersecurity.

The 2023 Guidance greatly expanded the FDA expectations for cybersecurity and gives concrete examples. FDA expects a proactive extensive risk based program to minimize risk to the user from cyber attacks. We will explain how the Guidance distinguishes Security risk from safety risk

Areas Covered in the Session:

• Guidance Regulation and legislation Cybersecurity plan risk based analysis vulnerabilities, threats, and threat modeling Software Bill Of Materials risk communication to users updating process transparency requirements documentation requirements

• company management
• IT personnel
• Development Engineers
• Production Management
• QA/ QC personnel
• Software developers
• Cybersecurity , ISAO, risk,