Regulatory Focus™ > News Articles > New Device Standards Released, Including Many on Cybersecurity

New Device Standards Released, Including Many on Cybersecurity

Posted 05 August 2013 | By Alexander Gaffney, RAC

The US Food and Drug Administration (FDA) has released two new lists of updated medical devices standards recognized by FDA for the purposes of meeting current good manufacturing practices (CGMPs) and other review requirements.

The two lists, Modifications to the List of Recognized Standards, Recognition List Number: 031 and 032 "will assist manufacturers who elect to declare conformity with consensus standards to meet certain requirements for medical devices," FDA explains in two Federal Register documents released on 5 August 2013.

Those consensus standards were first permitted to be recognized by FDA under the Food and Drug Modernization Act (FDAMA) of 1997, Section 514 of which grants the agency permission to recognize standards to satisfy "portions of device premarket review submissions or other requirements."

The first list of consensus standards was released in February 1998, and has since been updated dozens of times to add, update and remove various standards.

The updated list contains standards from the American Society for Testing and Materials (ATSM), the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), the Clinical and Laboratory Standards Institute (NCCLS), the American National Standards Institute (ANSI), Association for the Advancement of Medical Instrumentation (AAMI), the Clinical and Laboratory Standards Institute (CLSI) and the US Pharmacopoeia (USP).

And, notably, the 032 updated standards contain a large number of cybersecurity standards, including ones establishing roles and responsibilities for IT networks, communicating device security needs and risks, securing wireless networks, and more. The new standards come just weeks after FDA released new guidance requiring device manufacturers to be able to show that their devices are secure from digital vulnerabilities such as hacking attempts, unauthorized entry and dangerous errors.


Modifications to the List of Recognized Standards, Recognition List Number: 031

Modifications to the List of Recognized Standards, Recognition List Number: 032


Regulatory Focus newsletters

All the biggest regulatory news and happenings.

Subscribe