What documentation should be included for Tier 1 and Tier 2 devices?


The FDA recommends premarket submissions for Tier 1 devices with higher cybersecurity risk to include documentation demonstrating how the device design and risk assessment incorporate the cybersecurity design controls of identifying and protecting device assets and functionality and detecting, responding, and recovering design expectations. Tier 2 devices with standard cybersecurity risk should include documentation that either 1) demonstrates they have incorporated each of the specific design features and cybersecurity design controls aforementioned, or 2) provide a risk-based rationale for why specific cybersecurity design controls are not appropriate. Risk-based rationales should leverage an analysis of exploitability to describe likelihood instead of probability.

Related Terms:
No items found.
About the Author
Proxima CRO Team
Dora Huang

Dora Huang is from Houston, TX and is a jack-of-all-trades. Dora is a Regulatory Affairs and Graphics Design Intern for Proxima. She has experience working on projects that vary from engineering water systems to tissue engineering.

Related FAQs:
More Questions? We're here to help!