Cybersecurity

Cybersecurity is a growing concern for all – legal, financial, consumer, personal, and …

 Cybersecurity is a recent concern for the medical products industries, a result of their increased reliance on networked electronic software, records and signatures.  Initially there were regulations such as 21 CFR Part 11 in the U.S. and Annex 11 in Europe.  But more must be done to ensure the integrity of CGMP documents / records.  Cybersecurity is an issue that will only increase over time, as records become more electronic, and communications are more networked or accessible.

 As a result, the US FDA has issued the following Guidances for Industry:

1.       “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software     Document”,  issued on: January 14, 2005; and

             2.      “Content of Premarket Submissions for Management of Cybersecurity in Medical                                     Devices”, issued on: October 2, 2014; and

3.      “Postmarket Management of Cybersecurity in Medical Devices” -- Draft Guidance, issued             on: January 22, 2016

As the titles above indicate, the focus is on medical devices.  But the principles can and should be applied to a company’s computerized systems as well.  In this article, we will also focus on devices, but will also draw attention to company computerized systems where appropriate, to flag related potential problems with an e-records based QMS, computer-facilitated production and/or test / lab equipment / systems.

Of necessity, cybersecurity in the medical products industries is coming under increased regulatory review.  Regulatory agencies leave the how of cybersecurity compliance up to the manufacturer, as long as the principles in the guidances are met in the resulting product and/or system.  Related issues are primarily addressed by the CGMPs, specifically design control (21 CFR 820.30) for devices, and post-production by the CAPA system, among others.

- jel@jelincoln.com