Aug 21, 2017
EMERGO SUMMARY OF KEY POINTS:
- The US FDA has now officially recognized the UL 2900 cybersecurity standard for medical devices.
- UL 2900-1 covers general cybersecurity requirements for network-connectable devices.
- FDA medical device applicants may now declare conformity to UL 2900-1 in order to address cybersecurity requirements as part of their US market registration.
US medical device regulators have officially included a new cybersecurity standard from UL to their list of recognized standards for use in premarket reviews.
The UL standard, now published in the US Federal Register, is UL 2900-1 Ed. 1 2017, Standard for Software Cybersecurity Network-Connectable Products, Part I: General Requirements. The standard covers evaluations and tests of network-connectable devices in terms of vulnerabilities, malware and software weaknesses.
As Emergo previously reported, UL 2900-1 was developed to enable US medical device market registrants to demonstrate that their products meet pre- and post-market cybersecurity requirements found in FDA guidance. Now, FDA registrants may declare conformity to UL 2900-1 in order to address cybersecurity issues related to US market access.
Related FDA and cybersecurity information from Emergo
- US FDA 510(k) consulting support for medical device companies
- Medical device design, process and software validation support
- Regulatory consulting support for mobile medical and telehealth apps
- Webinar: Mapping cybersecurity standards to FDA guidance
Author
- Stewart Eisenhart