FDA Adds UL 2900 for Medical Device Cybersecurity to List of Recognized Standards
Regulatory Updates | Digital Health Products
EMERGO SUMMARY OF KEY POINTS:
- The US FDA has now officially recognized the UL 2900 cybersecurity standard for medical devices.
- UL 2900-1 covers general cybersecurity requirements for network-connectable devices.
- FDA medical device applicants may now declare conformity to UL 2900-1 in order to address cybersecurity requirements as part of their US market registration.
US medical device regulators have officially included a new cybersecurity standard from UL to their list of recognized standards for use in premarket reviews.
The UL standard, now published in the US Federal Register, is UL 2900-1 Ed. 1 2017, Standard for Software Cybersecurity Network-Connectable Products, Part I: General Requirements. The standard covers evaluations and tests of network-connectable devices in terms of vulnerabilities, malware and software weaknesses.
As Emergo previously reported, UL 2900-1 was developed to enable US medical device market registrants to demonstrate that their products meet pre- and post-market cybersecurity requirements found in FDA guidance. Now, FDA registrants may declare conformity to UL 2900-1 in order to address cybersecurity issues related to US market access.