Lexology April 15, 2022
The U.S. Food and Drug Administration (FDA) issued updated draft guidance, “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” which aims to help industry take a more holistic approach to managing cybersecurity, starting in the design and development of their medical devices, and relatedly flags those documents that it recommends be developed and included in device premarket submissions. Below we analyze how the April 2022 draft guidance differs from its October 2018 predecessor, including that it recommends a Secure Product Development Framework (SPDF) to satisfy Quality System Regulation (QSR) requirements with detailed recommendations on how to address cybersecurity as a component of design controls (including an emphasis on robust threat modeling as part of risk assessment),...