Cybersecurity Unauthorized

Cybersecurity has proven to be a challenge to ensuring the security of medical devices and preparing documents for regulatory submissions. Many medical device companies struggle to retrofit security programs into quality systems not designed to address concerns such as hardening, vulnerability management and global incident response. 

Health authorities in many regions, including the US, Australia, Canada, and Japan, have released new cybersecurity guidance documents and it’s essential for regulatory affairs professionals to understand their implications. In addition to premarket concerns, some of these guidance documents also include expectations for postmarket expectations.

This interactive, in-person workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. 

Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Learning Objectives

• Thoroughly understand international regulatory expectations for medical device cybersecurity
• Know the main components of a product security program aligned with global expectations
• Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies
• Be able to build more successful regulatory submissions

Who Should Attend?

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will benefit from better understanding of how to translate regulatory expectations into concrete design and development activities. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Agenda

• The challenge of security: What makes this issue unique?
• Introduction to global regulatory expectations 
• US, Canada, EU, Australia, China, Japan, France, Germany, IMDRF, etc. 
• Breakout: plan your submission from a given country 
• Security vs privacy: understanding the relationship and uniqueness 
• Pre-submission strategies for successful cyber submission 
• Submission strategies: What to include and what to leave out
• Lessons learned: What regulators would like you to know about your submission
• Cybersecurity standards: not your typical approach 
• Product security programs: the 7 pillars 
• Governance 
• Design and testing 
• Risk management 
• Labeling and communication 
• Vulnerability management 
• Incident response 
• Breakout: tabletop exercise: “You’ve been hacked! Now what?” 
• Supply chain 
• Musical chairs: Who’s typically responsible for different aspects of a security program?  

Instructors:

Michelle Jump, is the Vice President of Security Services, Medical Device Cybersecurity at MedSec, where she is responsible for providing strategic leadership, training and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.

Matthew Hazelett, Cybersecurity Policy Analyst, Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy Staff

Matthew Hazelett started at the US Food and Drug Administration (FDA) as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus in cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. He became the cybersecurity policy analyst in FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing.

Linda Ricci, Director, Division of All Hazard Response, Science and Strategic Partnerships at FDA

Linda Ricci began her career developing artificial intelligence (AI) solutions in the defense industry before moving to the medical device industry as a software engineer. She helped to develop several diagnostic cardiology devices and has participated in all phases of product life cycle development. Ricci moved to the US Food and Drug Administration (FDA) in 2005 and has had several roles including Scientific Reviewer and Branch Chief within the Division of Cardiovascular Devices and Associate Director for Digital Health within the Office of Device Evaluation. Ricci is the Director for the Division of All Hazard Response, Science and Strategic Partnerships (DARSS). This role involves leading teams focused on medical device cybersecurity, standards and conformity assessment, health of women, pediatric and special populations, patient science and engagement, partnerships and regulatory science, and emergency response including device shortages due to COVID. She has degrees in Electrical Engineering, Medical Engineering, and Public Health.

Registration Fees & Deadlines

Registration fee includes:

• Breakfast and lunch each day
• Continuous beverage break service
• Complimentary WiFi
• Complimentary parking for local attendees
  

	Members	Non-Members
Early Bird 11 September 2022	$1,100	$1,300
Regular by 7 October 2022	$1,300	$1,525

Location

RAPS Headquarters:

5635 Fishers Ln
Terrace Level

Rockville, MD 20852

Hotel

EVEN Hotel Rockville - Washington DC Area, an IHG Hotel
1775 Rockville Pike
Rockville, MD 20852

Reservations:

A limited number of rooms is available at the rate of $119.00 + tax.

Book online at Even Hotel Rockville or by phone: 855.879.3836

Group Code: CYB

Reservations must be made no later than 26 September 2022.

Vaccination Requirement

RAPS will require proof of COVID-19 vaccination or proof of a negative PCR test taken within 24 hours of arrival in order to attend. Unvaccinated individuals or those unable to provide proof of vaccination or a negative PCR test will not be permitted to attend.

RAPS will continue to monitor any new developments and evaluate what is needed to ensure you are comfortable and we meet safely. We will keep all participants updated as we get closer to the event.

Be Well Policy

Participants must follow RAPS’ Be Well policy, which requires consent during registration by all attendees as a condition of on-site participation. This includes the stipulation that if you feel sick or are experiencing COVID-like symptoms prior to traveling or while on site, you will reconsider your participation at the event. To help ensure your personal safety and comfort, RAPS is committed to robust and transparent communications. We encourage all participants to monitor RAPS’ social media channels to receive the latest updates.

Cancellations and Refunds

All cancellation requests must be submitted in writing to support@raps.org. Cancellation requests received by Tuesday, 27 September 2022 will receive a full refund minus a 20% administrative fee. Cancellation requests received after 27 September 2022 will be non-refundable, except in cases of documented medical emergencies.   RAPS is unable to accept cancellations by phone. Refunds will not be issued for no-shows.

Photography Policy

By registering for this RAPS Event, you grant full permission to RAPS to capture, store, use, and/or reproduce your image or likeness, photograph, voice, and comments, and use such content in any and all media or forms by RAPS or third parties without compensation or notice, including for promotional or advertising purposes. You also waive any right to royalties or other compensation arising from or related to the use of the images, recordings, or materials. By registering, you release, defend, indemnify and hold harmless RAPS from and against any claims, damages or liability arising from or related to the use of the images, recordings or materials, including but not limited to claims of defamation, invasion of privacy, or rights of publicity or copyright infringement, or any misuse, distortion, blurring, alteration, optical illusion or use in composite form that may occur or be produced in taking, processing, reduction or production of the finished product, its publication or distribution.

Substitutions

Paid registration substitutions may be accepted with written approval from RAPS for requests received before the start of the event. To transfer a registration, email support@raps.org with the event title, name of the original registrant and the contact information for the new attendee.

Meeting Cancellation: RAPS reserves the right to cancel any program at its sole discretion, whereupon all registration fees will be refunded within seven business days. RAPS is not responsible for any costs incurred due to a cancellation.

Questions

Contact the RAPS Support Center:

Call +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email support@raps.org.