Draft Guidance Addresses Device Cybersecurity for Product Lifecycle

Manufacturers of cyber devices must have a plan to keep those devices secure for the product’s entire lifecycle, and sponsors of nonprescription drugs can include some minor labeling changes on an annual report, according to two new draft guidances issued by the FDA.

The cybersecurity draft guidance, “Select Updates for the Premarket Cybersecurity Guidance: Section 524B of the FD&C Act,” proposes that cybersecurity recommendations be incorporated as an entirely new section in the existing Premarket Cybersecurity Guidance. The lifetime cybersecurity plan would be required for any 510(k), Premarket Authorization, ProductDevelopment Protocol, De Novo, or Humanitarian Device Exemption application.

Devicemakers who can’t provide reasonable assurance of cybersecurity could face approval challenges, as the agency says that “With the exponential growth of interconnected devices on the market over the past few years, ensuring cybersecurity has become essential to FDA’s ability to protect the public health and provide reasonable assurance of safety and effectiveness of devices.”

Read the draft cybersecurity guidance here.

To read the whole story, click here to subscribe.

Related Topics