USA – Final FDA Q-Submission guidance includes medical device cybersecurity coverage

  • US FDA publishes final guidance on Q-Submission Program for medical device and IVD manufacturers;
  • Sample Q-Sub questions provided by FDA now include those for cybersecurity-related issues;
  • Final Q-Sub guidance replaces draft guidance issued in 2017.

Finalized US Food and Drug Administration guidance for its Q-Submission (Q-Sub) Program whereby manufacturers solicit feedback from the agency prior to submitting their premarket applications now includes recommendations for cybersecurity-related issues.

Thfinal guidance replaces draft guidance published in 2017, which established a process for medical device and IVD companies to request and obtain FDA feedback on 510(k), Premarket Approval (PMA) and other registration-related issues as well as Investigational Device Exemptions (IDEs) before submitting their premarket applications for formal review.

A major addition to the final FDA Q-Sub guidance are a set of cybersecurity-related questions in Appendix 2 provided as suggested example questions for premarket consulting with the regulator. Inclusion of these questions alongside topics such as regulatory strategy, clinical study and human factors shows the growing awareness (and scrutiny) of the need for cyber-related risk management and mitigation in the device industry…