Jun 26, 2018
EMERGO SUMMARY OF KEY POINTS:
The US Food and Drug Administration has officially recognized a standard from the American National Standards Institute (ANSI) and UL targeting medical device cybersecurity.
FDA’s recognition of ANSI UL 2900-2-1—Standard for Safety, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems as an official consensus standard now appears in the US Federal Register.
As FDA 510(k) premarket notification and other medical device premarket submissions must now include data showing US market applicants’ efforts to mitigate cybersecurity risks and vulnerabilities, companies may utilize ANSI UL 2900-2-1 to demonstrate the safety of their network-connectable devices and accessories.
The ANSI UL 2900-2-1 consensus standard was developed to provide manufacturers as well as regulators with a consistent framework for cybersecurity risk assessment; the standard applies to all medical devices and accessories, as well as IVD devices, device data systems and health information technology products.
In summer 2017, FDA recognized a related standard, UL 2900-1 Ed. 2017—Standard for Software Security Network-Connectable Products, Part 1: General Requirements, which includes evaluations and assessments of network-connectable devices’ cybersecurity vulnerabilities.
EMERGO SUMMARY OF KEY POINTS:
EMERGO SUMMARY OF KEY POINTS: