FREQUENTLY Asked Questions
What actions should you take if the change is made solely to strengthen cybersecurity and does not have any other impact on the software or device?
View All FAQs
About the Author
Proxima CRO Team
Isabella Schmitt, RAC
Director of Regulatory Affairs

Prior to joining Proxima, Isabella served as the Senior Regulatory & Quality Manager at a medical device company, where she outlined the regulatory strategy & put together design controls & design history documentation. She was the Dir. of CMC & Quality at a biopharmaceutical company, where she oversaw all manufacturing and analytical processes and timelines and ensured CMC regulatory strategy was sufficient for filings in Europe and the US.

In many cases, a change made solely to strengthen cybersecurity is not likely to require submission of a new 510(k). Cybersecurity updates are considered a subset of software changes that are implemented to strengthen the security of a system, protect information, and reduce disruption in service. FDA expects manufacturers to ensure that such changes do not impact the safety or effectiveness of the device by performing necessary analysis, verification, and/or validation. The manufacturer should refer to FDA’s guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices and Postmarket Management of Cybersecurity in Medical Devices for more information.

Related Terms:
Related FAQs:
More Questions? We're here to help!