On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.” In a separate post, we reported on the January 22, 2016 draft version of this guidance document. The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and remediate cybersecurity vulnerabilities. The guidance also outlines circumstances in which the Agency intends to exercise enforcement discretion with respect to the requirements of 21 C.F.R. Part 806 to report actions related to cybersecurity vulnerabilities as device corrections and removals.
We highlight below key ways the final guidance document differs from the earlier draft version:
Continue Reading CDRH Releases Postmarket Cybersecurity Final Guidance