Cybersecurity Unauthorized (Feb 2023)

12.0
RAC Credits
Virtual ProgramsVirtual Programs
Tuesday, 07 February 2023 (9:00 AM) - Wednesday, 08 February 2023 (4:00 PM) Eastern Time (US & Canada)

Cybersecurity has proven to be a challenge to ensuring the security of medical devices and preparing documents for regulatory submissions. Many medical device companies struggle to retrofit security programs into quality systems not designed to address concerns such as hardening, vulnerability management and global incident response. Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents and it’s essential for regulatory affairs professionals to understand their implications. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations.

Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents and it’s essential for regulatory affairs professionals to understand their implications. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations.

This interactive, virtual workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations.

Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Learning Level:

Basic: Content is introductory in nature and requires no requisite knowledge or experience to grasp concepts and related exercises. Basic educational activities are meant to establish a foundation of knowledge and/or competence that will be expanded upon in practice or in higher level activities.

REGISTRATION FEES & DEADLINES

11 November 2022 – 7, January 2023: $825 Member | $970 Nonmember
8, January 2023 – 7 February 2023: $970 Member | $1,150 Nonmember


Agenda

  • The challenge of security: What makes this issue unique?
  • Introduction to global regulatory expectations
    • US, Canada, EU, Australia, China, Japan, France, Germany, IMDRF, etc.
    • Breakout: plan your submission from a given country
  • Security vs privacy: understanding the relationship and uniquenes
    • Pre-submission strategies for successful cyber submission
    • Submission strategies: What to include and what to leave out
    • Lessons learned: What regulators would like you to know about your submission
  • Cybersecurity standards: not your typical approach
  • Product security programs: the 7 pillars
    • Governance
    • Design and testing
    • Risk management
    • Labeling and communication
    • Vulnerability management
    • Incident response
    • Breakout: tabletop exercise: “You’ve been hacked! Now what?”
    • Supply chain
    • Musical chairs: Who’s typically responsible for different aspects of a security program?
  • Japanese clinical trials
  • DMAH/MAH third party registration
  • SaMD
  • Sakigate
  • The importance of Japanese KOLs
  • A case study on reimbursement

Learning Objectives

After this program, participants will be able to:

  • Thoroughly understand international regulatory expectations for medical device cybersecurity. 
  • Know the main components of a product security program aligned with global expectations. 
  • Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies. 
  • Be able to build more successful regulatory submissions. 

Who Should Attend?

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.


Instructors:

Michelle Jump

Michelle Jump

Michelle Jump, is the Vice President of Security Services, Medical Device Cybersecurity at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.

Matthew Hazelett

Matthew Hazelett

Matthew Hazelett, Cybersecurity Policy Analyst, Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy Staff Matthew Hazelett started at the US Food and Drug Administration (FDA) as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerabilit assessments and reviews across CDRH. He became the cybersecurity policy analyst in FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.

Linda Ricci

Linda Ricci

Linda Ricci began her career developing artificial intelligence (AI) solutions in the defense industry before moving to the medical device industry as a software engineer. She helped to develop several diagnostic cardiology devices and has participated in all phases of product life cycle development. Ricci moved to the US Food and Drug Administration (FDA) in 2005 and has had several roles including Scientific Reviewer and Branch Chief within the Division of Cardiovascular Devices and Associate Director for Digital Health within the Office of Device Evaluation. Ricci is the Director for the Division of All Hazard Response, Science and Strategic Partnerships (DARSS). This role involves leading teams focused on medical device cybersecurity, standards and conformity assessment, health of women, pediatric and special populations, patient science and engagement, partnerships and regulatory science, and emergency response including device shortages due to COVID. She has degrees in Electrical Engineering, Medical Engineering, and Public Health.


Cancellations

RAPS reserves the right to cancel this program at its sole discretion. RAPS will not be responsible for travel or other costs incurred due to cancellation.

All cancellation requests must be submitted in writing to raps@raps.org.  RAPS is unable to accept cancellations by phone.

To transfer a registration, email raps@raps.org with the event title, name of the original registrant and the contact information for the new attendee.


Proof of Attendance

A certificate of attendance can be downloaded from the RAPS Learning Portal following the event.

 

Questions

For additional hands-on support, you can also connect with RAPS support 30 min prior to the workshophttps://www.raps.org/website/virtual-event-help

For account support, contact the RAPS Support Center: +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email support@raps.org.

Discover more of what matters to you

News »

  10;13;19;20;28;31;