United States medical device QA/RA blog

News and commentary on regulatory changes.

Final US FDA Guidance on Post-market Cybersecurity Risk Management


  • The US FDA has issued final guidance regarding post-market cybersecurity risk management for medical devices.
  • The final guidance comes about a year after the FDA published draft guidance on managing medical device cybersecurity risks.

US FDA final guidance on medical device post market cybersecurity risk managementMedical device regulators in the US have published final guidance addressing post-market cybersecurity risks for applicable devices and software products.

The new FDA document follows draft guidance issued by the agency in early 2016, and includes recommendations for manufacturers to identify and monitor cybersecurity risks associated with their marketed devices. The final guidance also outlines a risk framework registrants should utilize to determine whether changes they make to their devices to address cybersecurity vulnerabilities warrant reporting to the FDA.

The new post-market cybersecurity risk management guidance applies to devices already marketed in the US, as well as those used as parts of interoperable systems and that contain software that qualifies as a medical device.

Emergo will further analyze the new FDA guidance to determine any significant changes or additions to the draft version on which we reported in January 2016.

For more information on US medical device regulatory approaches to cybersecurity, read our whitepaper on the topic.

Read by 50,000+ device professionals worldwide.

Stay updated on changes to global medical device regulations.RADAR