International – IMDRF guidances address cybersecurity, personalized devices and surveillance

The International Medical Device Regulators Forum (IMDRF) released four final guidances this week that address cybersecurity best practices, verification and validation for personalized medical devices and post-market surveillance communication between regulators.

In 2020, IMDRF published a guidance entitled, Principles and Practices for Medical Device Cybersecurity (N60), that addresses basic expectations for medical device cybersecurity practices. The organization has published two new cybersecurity guidances that build on the N60 guidance that address the software bill of materials (SBOM) and how to mitigate risks for legacy devices.

In 2018, the US National Telecommunications and Information Administration (NTIA) held a meeting with stakeholders to discuss software transparency which led it to recommend use of SBOMs. The SBOM includes a list of components in a device that may affect the cybersecurity of the product…