Simplifying MedTech Cybersecurity Compliance

In this Issue

From the Editor ????| In Brief ?? |?What's Happening ??? | Featured Post ?? | Sections ? | Postscript ??

From the Editor????

?? Featured Post: Thanks to Jose Bohorquez for highlighting steps for compliance with FDA cyber device requirements for software-equipped medical devices.

?? Plus 10 more HOT new posts, Martin King’s Regulatory Roundup, and the latest 510(k) Clearances from Marcus Engineering, LLC.

Featured Webinar - Join us this Thursday!

Join us this Thursday, Dec. 5, for US MedTech Market Access: Strategic Outlook 2025, featuring speakers Edward Dougherty and Richard Piquett.

In Brief ??

In no special order...

• The FDA issued new guidance on transitional enforcement policy for ethylene oxide sterilization facility changes in Class III devices, shared by Mike B. Wetherington
• Bastian Krapinger-Ruether discussed the future of IMDRF coding as a tool for structured, data-driven PMS.
• A questionnaire on AI in medical devices, jointly published by German and European notified bodies, was highlighted by Stefano Bolletta.
• EU MDR Compliance explained the top-down approach to flipping the QMS triangle for improved quality system management.
• Georg Digel debunked the most dangerous myth about CAPA effectiveness, emphasizing the importance of verification.
• Tibor Zechmeister clarified the intricacies of classification of medical devices under MDR.
• The role of MDSAP in global compliance under EU MDR was explained by Dr. Pallavi Dasgupta.
• Cécile van der Heijden presented insights on competing legislation for medical devices and IVDs, detailing regulatory overlaps.
• Directive 2024/2853, which introduces transformative changes to EU product liability, was discussed by Easy Medical Device.
• Hadas Dahan shared key takeaways from MITRE’s 2024 CWE Top 25, focusing on software vulnerabilities in medical devices.

Featured Post ??

Simplifying MedTech Cybersecurity Compliance

Special thanks to Jose Bohorquez for sharing this clear and helpful diagram this week. Here’s what you need to know to stay compliant with FDA cybersecurity requirements if your medical device has software.

Let's break it down even further...

If your device has software, there’s a 95% chance the FDA considers it a “cyber device.” Compliance comes down to two main activities:

? Pre-Market Activities

1?? Security Architecture

1. Design the system to meet cybersecurity requirements.
2. Identify potential threats and vulnerabilities (threat modeling).
3. Define controls to manage risks and ensure safety.
4. Develop a cybersecurity management plan.

2?? Design & Development

• Implement the design and create a Software Bill of Materials (SBOM).
• Analyze the SBOM for vulnerabilities; mitigate as needed.
• Perform cybersecurity testing and document the results.

? Post-Market Activities

1. Monitor for security incidents and new threats.
2. Regularly scan SBOMs for updates or vulnerabilities.
3. Update threat models and issue patches as needed.
4. Track metrics to measure how effectively you detect and resolve issues.

That’s the big picture.

As Jose Bohorquez said, "there’s more to it," but this gives you the essentials for designing, testing, and maintaining a secure and compliant device.

Sections ?

Regulatory Roundup by Martin King - Week of November 25

Featuring the latest regulatory updates from: ?? ???????????? ?????????????? ???????????????? ???????? ???????????????????? ???????????????? ?????????????????????? ???????????????? ???????????? ???????????????? ?????????????????? ?????????????? ?????????????????? ?????? ???????????????????? ???????????????? ???????????????????? ?????????????? ?????????? ?????????????? ???????????? ???????????????? ???????????????????? ???????????????????? ?????????????????????? ?????????????????????? ?????????? ???????????????????????????? (??????), ???????????????????? ?????? ???????? & ???????? ???????????????????????????? ???????? ?????????? ???????????? ???????????????????????? ??????

Powered by Hoodin.

? 510(k)s at a Glance for the week of November 25, 2024

Marcus Engineering, LLC highlighted 69 new FDA 510(k) cleared devices last week, including 16 first-time clearances. ??

For full details, visit Marcus Engineering’s report.

??? What’s Happening

• Thursday, Dec. 5 - US MedTech Market Access: Strategic Outlook 2025, featuring speakers Edward Dougherty and Richard Piquett.
• Tuesday, Dec. 17 - Preparing for the Article 10 Deadline, What You Need to Know, details and registration to be announced shortly.

Postscript ??

In case you missed it

Now available on demand - Last week's webinar, Maximizing Structured Dialogue for MedTech, featuring speakers Bassil Akra, Marta Carnielli, Alex Laan, Tom Patten, and Michelle Lott, RAC.

Sean