FDA Guidance on Cybersecurity in Premarket Submissions

M. Jason Brooke
March 31, 2023

It's official... the FDA has published a guidance that restates the statutory requirement to include cybersecurity-related information in your Premarket Submission for almost all Medical Devices. Specifically, this requirement applies to devices that contain software (i.e., SaMD or SiMD), are able to connect to the internet, and could be vulnerable to cyber threats. Beyond what is a restatement of the statute, the guidance offers two points of importance: 1) as of March 29, 2023, new submissions must contain the requisite cyber information, and 2) as of October 1, 2023, the FDA will begin to refuse to accept submissions that do not have the requisite cyber information.

For those who didn't read the statute when it was enacted, the Agency copied and pasted the text for you. As stated, the submission must contain:

Note that the statute also requires the manufacturer to 1) design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cyber secure, and 2) make available post market updates and patches to the device and related systems to address a) known unacceptable vulnerabilities and b) critical vulnerabilities that could cause uncontrolled risks.

If you haven't already integrated cybersecurity into your quality and regulatory activities (not to mention your product design), you are already behind!

Join the newsletter

Fill out this form to get started.

Stay in the loop with exclusive insights and valuable updates about the medical device industry and FDA approval!

Thank you! Keep an eye on your inbox for updates.
Oops! Something went wrong while submitting the form.