FDA grants consensus standard status to ANSI UL 2900-2-1 for medical device cybersecurity

Jun 26, 2018

EMERGO SUMMARY OF KEY POINTS:

US FDA has officially recognized a new consensus standard, ANSI UL 2900-2-1, for assessing network-connected medical device cybersecurity risk.
US medical device market applicants may now utilize ANSI UL 2900-2-1 to demonstrate safety of their network-connected devices, accessories and software.
FDA recognized a related standard, UL 2900-1 Ed. 2017, last year.

US FDA recognizes ANSI UL 2900-2-1 medical device cybersecurity consensus standard 2018 The US Food and Drug Administration has officially recognized a standard from the American National Standards Institute (ANSI) and UL targeting medical device cybersecurity.

FDA’s recognition of ANSI UL 2900-2-1—Standard for Safety, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems as an official consensus standard now appears in the US Federal Register.

Using ANSI UL 2900-2-1 to address FDA cybersecurity requirements

As FDA 510(k) premarket notification and other medical device premarket submissions must now include data showing US market applicants’ efforts to mitigate cybersecurity risks and vulnerabilities, companies may utilize ANSI UL 2900-2-1 to demonstrate the safety of their network-connectable devices and accessories.

The ANSI UL 2900-2-1 consensus standard was developed to provide manufacturers as well as regulators with a consistent framework for cybersecurity risk assessment; the standard applies to all medical devices and accessories, as well as IVD devices, device data systems and health information technology products.

In summer 2017, FDA recognized a related standard, UL 2900-1 Ed. 2017—Standard for Software Security Network-Connectable Products, Part 1: General Requirements, which includes evaluations and assessments of network-connectable devices’ cybersecurity vulnerabilities.

Additional US FDA and medical device cybersecurity resources:

US FDA 510(k) consulting for medical device and IVD manufacturers
Cybersecurity testing for network-connected medical devices and software
Regulatory consulting for digital health and mobile medical apps

Author

Stewart Eisenhart

Search form

Dutch regulators weigh in on no-deal Brexit impact for medical device companies

FDA issues final guidance on devices containing animal-derived materials

Meet Emergo at MEDICA

Impact of the FDA Premarket Guidance of Management of Cybersecurity in Medical Devices

Search form

ANSI UL Medical Device Cybersecurity Standard Receives Official US FDA Recognition

Questions? Request more information from our specialists

Using ANSI UL 2900-2-1 to address FDA cybersecurity requirements

Additional US FDA and medical device cybersecurity resources:

Author

Related

Have questions on what Emergo can do for you?

© 2019 EMERGO by UL. All Rights Reserved.Privacy Terms of Use

Dutch regulators weigh in on no-deal Brexit impact for medical device companies

FDA issues final guidance on devices containing animal-derived materials

Types

Related Service

Meet Emergo at MEDICA

Impact of the FDA Premarket Guidance of Management of Cybersecurity in Medical Devices

ANSI UL Medical Device Cybersecurity Standard Receives Official US FDA Recognition

Questions? Request more information from our specialists

Using ANSI UL 2900-2-1 to address FDA cybersecurity requirements

Additional US FDA and medical device cybersecurity resources:

Author

Related

Have questions on what Emergo can do for you?