Cybersecurity Unauthorized

12.0
RAC Credits
In-Person In-Person
Monday, 27 June 2022 (9:00 AM) - Tuesday, 28 June 2022 (5:00 PM)
175 10th St E
Saint Paul, Minnesota, USA, 55101-2352

Cybersecurity has proven to be a challenge not only with regard to ensuring the security of medical devices, but also preparing documents for regulatory submissions. Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations.

Medical device companies struggle to build security programs into quality systems that were likely not designed to address typical security issues such as hardening, vulnerability management, and global incident response.

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Learning Objectives

After this program, participants will be able to:

  • Better understand international regulatory expectations for medical device cybersecurity
  • Learn the main components of a product security program aligned with global expectations
  • Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies
  • Build more successful regulatory submissions

Who Should Attend?

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Agenda

  • The challenge of security: What makes this issue unique? 
  • Introduction to global regulatory expectations 
    • US, Canada, EU, Australia, China, Japan, France, Germany, IMDRF, etc. 
    • Breakout: plan your submission from a given country 
  • Security vs privacy: understanding the relationship and uniqueness 
    • Pre-submission strategies for successful cyber submission 
    • Submission strategies: What to include and what to leave out
    • Lessons learned: What regulators would like you to know about your submission
  • Cybersecurity standards: not your typical approach 
  • Product security programs: the 7 pillars 
    • Governance 
    • Design and testing 
    • Risk management 
    • Labeling and communication 
    • Vulnerability management 
    • Incident response 
    • Breakout: tabletop exercise: “You’ve been hacked! Now what?” 
    • Supply chain 
    • Musical chairs: Who’s typically responsible for different aspects of a security program? 

June 28, 2022 12:00 pm – 1:30 pm Conversations that Matter: Ask the Experts (boxed lunch provided)


Just added! Workshop participants are invited to attend an Ask the Experts lunch as a complimentary part of the event experience. The exclusive lunch is a unique opportunity to have one-on-one conversations with regulatory experts in a relaxed environment. Register for a workshop and take advantage of this additional networking opportunity!


Instructors:

Michelle Jump

Michelle Jump, is the Vice President of Security Services, Medical Device Cybersecurity at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.

Matthew Hazelett

Matthew Hazelett, Cybersecurity Policy Analyst, Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy Staff

Matthew Hazelett started at the US Food and Drug Administration (FDA) as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. He became the cybersecurity policy analyst in FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.

Linda Ricci

Linda Ricci, Director, Division of All Hazard Response, Science and Strategic Partnerships at FDA

Linda Ricci began her career developing artificial intelligence (AI) solutions in the defense industry before moving to the medical device industry as a software engineer. She helped to develop several diagnostic cardiology devices and has participated in all phases of product life cycle development. Ricci moved to the US Food and Drug Administration (FDA) in 2005 and has had several roles including Scientific Reviewer and Branch Chief within the Division of Cardiovascular Devices and Associate Director for Digital Health within the Office of Device Evaluation. Ricci is the Director for the Division of All Hazard Response, Science and Strategic Partnerships (DARSS). This role involves leading teams focused on medical device cybersecurity, standards and conformity assessment, health of women, pediatric and special populations, patient science and engagement, partnerships and regulatory science, and emergency response including device shortages due to COVID. She has degrees in Electrical Engineering, Medical Engineering, and Public Health.

Registration Fees & Deadlines

Registration fee includes:

  • Breakfast and lunch each day
  • Continuous beverage break service
  • Complimentary evening Drury Kickback® of hot food, soft drinks, beer, wine, & mixed drinks
  • Complimentary WiFi
  • Complimentary parking

 

Members

Non-Members

Early Bird 21 May 2022

$1,100

$1,300

Regular by 21 June 2022

$1,300

$1,525

Location

Drury Plaza Hotel St. Paul Downtown

175 10th Street E.

St. Paul, Minnesota 55101

Reservations:

A limited number of rooms is available at the rate of $135.00 + tax.

Book online at www.druryhotels.com or by phone: + 1 800 325 0720

Group Code: 2451470

Reservations must be made no later than 31 May 2022.

Vaccination Requirement

RAPS will require proof of COVID-19 vaccination or proof of a negative PCR test taken within 24 hours of arrival in order to attend. Unvaccinated individuals or those unable to provide proof of vaccination or a negative PCR test will not be permitted to attend.

RAPS will continue to monitor any new developments and evaluate what is needed to ensure you are comfortable and we meet safely. We will keep all participants updated as we get closer to the event.

Be Well Policy

Participants must follow RAPS’ Be Well policy, which requires consent during registration by all attendees as a condition of on-site participation. This includes the stipulation that if you feel sick or are experiencing COVID-like symptoms prior to traveling or while on site in St. Paul, you will reconsider your participation at the event. To help ensure your personal safety and comfort, RAPS is committed to robust and transparent communications. We encourage all participants to monitor RAPS’ social media channels to receive the latest updates.

Cancellations and Refunds

All cancellation requests must be submitted in writing to support@raps.orgCancellation requests received by Friday, 27 May 2022 will receive a full refund minus a 20% administrative fee. Cancellation requests received after 27 May 2022 will be non-refundable, except in cases of documented medical emergencies.   RAPS is unable to accept cancellations by phone. Refunds will not be issued for no-shows.

Substitutions

Paid registration substitutions may be accepted with written approval from RAPS for requests received before the start of the event. To transfer a registration, email support@raps.org with the event title, name of the original registrant and the contact information for the new attendee.

Meeting Cancellation: RAPS reserves the right to cancel any program at its sole discretion, whereupon all registration fees will be refunded within seven business days. RAPS is not responsible for any costs incurred due to a cancellation.

Questions

Contact the RAPS Support Center:

Call +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email support@raps.org  

 

Discover more of what matters to you

News »

  20;