Cybersecurity is the art of protecting networks, devices, and data from unauthorised access or criminal use. It is the practice of ensuring confidentiality, integrity, and availability of information.
Cybersecurity is the preventing the theft / modification of e-records by unauthorised access. A growing concern for all – legal, financial, consumer, personal, and the FDA. t's a recent concern for the medical products industries, a result of their increased reliance on networked electronic software, records and signatures. Initially there were regulations such as 21 CFR Part 11 in the U.S. and Annex 11 in Europe. But they are insufficient to prevent this growing threat. The
FDA and news media have emphasised the prevalence of cybersecurity issues, such as data / identity theft, and hacking which pose hazards to many activities and businesses / industries. Cybersecurity is an issue that will only increase over time, as records become more electronic, and communications are more networked or accessible to outsiders / hackers. As a result the FDA has mandated further requirements to be taken by regulated industries to better control this threat, in validations, CGMP documentation, submissions to the Agency.
Why You Should Attend:
Due to the growth of the cybersecurity threat to electronic records, computer-controlled manufacturing, and medical devices, the US FDA has issued Guidances for Industry, e.g.:
- “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software Document”
- “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”
- "Content of Premarket Submissions for Device Software Functions"
- "Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act"
- “Postmarket Management of Cybersecurity in Medical Devices”
This seminar will focus on the key issues raised by the FDA, not just for devices, but expectations for industry. Cybersecurity in the medical products industries is coming under increased regulatory review. The Agency leaves the how of cybersecurity compliance up to the manufacturer, as long as the principles in the guidances are met in the resulting product and/or system; and on electronic-specific tools / techniques to achieve CGMP compliance. Updates, upgrades, new revisions / releases, service packs, and similar are automatically uploaded to a company’s systems, which can pose security risks, with the potential for introduction of compromised code, retrieval of confidential data, data integrity issues, and similar; and render previous computer systems’ verification and validations worthless. The necessary role of the system administrator adds another area of concern. This webinar will consider how cybersecurity is introduced into the CGMPs, design control (21 CFR 820.30) for devices, and post-production by the CAPA system, among others.
Areas Covered in the Session :
- Cybersecurity and the FDA
- Key Guidance Documents on Cybersecurity
- FDA’s enforcement approaches
- Latest Draft Guidance:
- Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software Document
- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
- Content of Premarket Submissions for Device Software Functions
- Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act
- Postmarket Management of Cybersecurity in Medical Devices
- Network vunerablities issues
- Cloud, updates and other concerns
- FDA’s regulatory approach; Examples
- Design, security tools and other requirements
- NIST and related cybersecurity considerations
- Validation and unique documentation requirements
Who Should Attend:
- Quality Assurance Departments
- Regulatory Affairs Departments
- Research and Development Departments
- Software development, programming, documentation, testing teams
- Manufacturing Departments
- Engineering Departments
- Operations Departments
- Production Departments
- Purchasing Departments
- Consultants; others tasked with product, process, electronic records software V&V responsibilities
Course Director: JOHN E. LINCOLN
John E. Lincoln, is Principal of J. E. Lincoln and Associates LLC, a consulting company with over 36 years experience in U.S. FDA-regulated industries, 22 of which are as an independent consultant. John has worked with companies from start-up to Fortune 100, in the U.S., Mexico, Canada, France, Germany, Sweden, China and Taiwan. He specializes in quality assurance, regulatory affairs, QMS problem remediation and FDA responses, new / changed product 510(k)s, process / product / equipment QMS and software validations, ISO 14971 product risk management files / reports, Design Control / Design History Files, Technical Files, CAPA systems and analysis.
He’s held positions in Manufacturing Engineering, QA, QAE, Regulatory Affairs, to the level of Director and VP (R&D). In addition, John has prior experience in military, government, electronics, and aerospace. He has published numerous articles in peer reviewed journals, conducted workshops and webinars worldwide on CAPA, 510(k)s, risk analysis / management, FDA / GMP audits, validation, root cause analysis, and others. He writes a recurring column for the Journal of Validation Technology. John is a graduate of UCLA.