Is a cybersecurity patch or update a reportable event under the Reports of Corrections and Removals regulation? (21 CFR Part 806) The FDA issued a guidance document recently entitled, “Postmarket Management of Cybersecurity in Medical Devices.” It explains that a patch or update to correct and/or prevent a cybersecurity breach or weakness does not necessarily require a report under Part 806. Whether the District Office recall coordinators still expect a report is not addressed. The ONC established the Information Sharing Analysis Organization (ISAO) that provides a forum for manufacturers to voluntarily participate in what could be seen as a self-help group. Participation in the ISAO gives you a pass on reporting under Part 806. Why? The FDA cannot address the overwhelming volume and aggressive evolution of cybersecurity problems with medical devices. Sadly, the problems involve more than devices themselves, it cascades into bad publicity and patients become alarmed due to the publicity of cybersecurity attacks. The problem is not limited to devices alone, healthcare facilities find their software systems are held ransom until they pay for a restoration, a coercive extortion. Without institutional software, current medical care procedures grind back to a manual program, much like a flashback to SOPs in the 1950s. Patients on life support and life sustaining devices are placed in immediate danger. The National Institute of Standards and Technology (NIST) is trying to make headway in providing guidance on how to manage these kinds of issues that plague devices and health care organizations. Neither you nor the FDA can keep up with preventative measures. Hackers are ahead of the game. The webinar will address how the federal government is creating a forum for manufacturers to share information and their experiences concerning cybersecurity. Maybe reporting a patch or update under Part 806 is an acceptable cost for not participating in the ISAO program. There are issues lurking behind the use of the ISAO forum. Make sure you consider the issues that are included in this webinar. Areas Covered in the Session : FDA Guidance and Strategy Industry wide approach Regulatory relief from required reports Management of Health Information National Institute of Standards and Technology Cybersecurity guidelines Business risks vs. benefits for application interface programs (AIP) Hospital extortion FBI warning to the medical device industry Who Will Benefit: Regulatory Affairs Departments Quality Assurance Departments Software Design Engineers Manufacturing Departments Compliant Departments Hospital Risk Departments Software Program Marketers IT Security Departments Marketing Departments Home Healthcare Services Healthcare Information Protection Departments Capital Venture Firms Medical Device Consultants


Variants: *

Learn More

Areas Covered in the Session :

  • Review the current regulatory requirements and guidances (CFR, EU GMPs, ISO, etc.) for environmental monitoring.
  • Discuss issues of sampling methods, selection of sampling sites and the justifications for them.
  • Review the issue of contamination control as an important aspect of EM programs.
  • Discuss the issue of action and alert limits, trending of data and the handling of excursions.
  • What are the most common deficiencies cited by regulatory auditors when auditing environmental monitoring programs?
  • Attendee question and answer period.

Who Should Attend:

  • QA/QC Teams
  • Manufacturing Teams
  • Engineering Teams
  • Validation Teams
  • Regulatory affairs Teams
  • Management Teams
single rec
recor corp