My recent work has involved providing regulatory assistance to software medical devices. One thing I have been learning about is how security and privacy is handled with these types of products. Often times I have experienced clients grouping regulatory affairs with privacy and security. Project teams have looked to the regulatory engineers for guidance on how to handle privacy and security of patient data used within the software. This was a new area of focus for me. In my research on privacy and security I looked a lot to internal experts on these to subjects, in addition the FDA has issued a draft guidance titled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.

This draft guidance was very interesting and talks about how using a risk analysis approach to maintain confidentiality, integrity and availability of a secure software product. It also explains what type of documentation is recommended for these types of products for a premarket submission.

At a high level the draft guidance discusses the types of security controls that should be put into place. These control measures include:

I think this topic of cybersecurity is very up and coming in the medical device field because more and more mobile apps and software are being considered standalone medical devices.

--Jillian F. Walker

Image Credit: DeWitt Clinton at

We are passionate about your success. Tell us more about your regulatory and quality needs to learn about how we can help.

Book a Consultation


To display custom copy instead of global copy in this section, please go to Show Global Content for Bottom CTA? toggle in the "Contents" tab to the left, toggle it off, save, and then REFRESH the page editor, the custom text will then show up and ready to be edited.

Turning the global content back on will be the same process, go to the toggle and toggle it back on, save and refresh!