Welcome to our new website! If this is the first time you are logging in on the new site, you will need to reset your password. Please contact us at raps@raps.org if you need assistance.
The regulatory function is vital in making safe and effective healthcare products available worldwide. Individuals who ensure regulatory compliance and prepare submissions, as well as those whose main job function is clinical affairs or quality assurance are all considered regulatory professionals.
One of our most valuable contributions to the profession is the Regulatory Code of Ethics. The Code of Ethics provides regulatory professionals with core values that hold them to the highest standards of professional conduct.
Your membership opens the door to free learning resources on demand. Check out the Member Knowledge Center for free webcasts, publications and online courses.
Like all professions, regulatory is based on a shared set of competencies. The Regulatory Competency Framework describes the essential elements of what is required of regulatory professionals at four major career and professional levels.
Join the brightest minds in regulatory at the annual Regulatory Convergence. See the global regulatory community in action. Intensive workshops. Topical sessions. Meet ups with regulators. This is where it all comes together.
With so many global regulation changes, staying informed is a challenge. Join other regulatory professionals as you navigate the gray together.
For 20 years, our flagship publication, Fundamentals of US Regulatory Affairs, has been giving regulatory professionals the insights and answers they need, right at their fingertips.
There are hundreds of RAC testing centers available worldwide. Either RAC exam (Devices and Drugs) may be taken at any location. Find an upcoming exam at a location near you.
The site navigation utilizes arrow, enter, escape, and space bar key commands. Left and right arrows move across top level links and expand / close menus in sub levels. Up and Down arrows will open main level menus and toggle through sub tier links. Enter and space open menus and escape closes them as well. Tab will move on to the next part of the site rather than go through menu items.
Posted 20 January 2016 | By Michael Mezher
The US Food and Drug Administration (FDA) is looking to advance awareness of cybersecurity for medical devices by encouraging sharing and collaboration between manufacturers, healthcare providers and cybersecurity researchers.
At a workshop at FDA's White Oak campus in Silver Spring, MD, Wednesday, Stephen Ostroff, acting commissioner at FDA, said the threat of cyberattacks targeting medical devices is growing exponentially.
"We know the potential harms that can come to patients that rely on these networks and devices," he said, emphasizing that "it's even harder to maintain cybersecurity once a device is on the market."
Suzanne Schwartz, acting director of the Emergency Preparedness and Medical Countermeasures Program at the Center for Devices and Radiological Health (CDRH), stressed the importance of cybersecurity in a public health context.
"[The] healthcare and public health critical infrastructure represents the largest attack surface for national security today," Schwartz said.
In 2013, President Obama issued Executive Order 13636 and Presidential Policy Directive 21 calling on agencies to step up cybersecurity measures for critical infrastructure.
Since then, FDA has increased its focus on cybersecurity. In 2014, the agency held its first public workshop on collaborative approaches for medical device and healthcare cybersecurity and finalized its guidance on management of cybersecurity in premarket submissions.
Last week, FDA issued a draft guidance to clarify postmarket expectations for monitoring, identifying and addressing cybersecurity vulnerabilities and exploits as part of their postmarket management.
Speaking at the workshop, Schwartz emphasized that device cybersecurity needs to be a concern throughout a product's lifecycle, "from design to obsolescence."
However, Schwartz noted that many manufacturers are still not providing needed cybersecurity information in their 510(k) submissions. According to a resent assessment of 85 510(k)s submitted between October 2014 and October 2015, 59 submissions should have included cybersecurity information, but less than half did.
Failing to provide cybersecurity information in an initial submission can delay FDA's review process, as the agency must then follow up with the sponsor to get the missing information.
One way FDA believes device cybersecurity can be improved is through information sharing via Information Sharing Analysis Organizations (ISAOs). These organizations are intended to create an inclusive and secure forums for participants to "gather and analyze critical infrastructure information in order to better understand cybersecurity problems and … communicate or disclose critical infrastructure information to help prevent, detect, mitigate, or recover from the effects of cyber effects."
Another key element to improving cybersecurity is how companies handle being notified of a vulnerability. While some manufacturers have a written policy on vulnerability disclosure, and easy to find information on where to direct notices of vulnerabilities, many do not. Scott Erven, a cybersecurity expert, said that the first step companies can take to incentivize researchers to come forward with vulnerabilities is to create a policy that welcomes disclosure and assures companies that information on vulnerabilities disclosed in good faith won't be used against those reporting them.
While industry and cybersecurity researchers haven't always seen eye to eye on how vulnerabilities should be disclosed, Schwartz said that FDA sees "vulnerability disclosure … as a necessity to information sharing."
Tags: Cybersecurity, ISOA, ISEC
Regulatory Focus newsletters
All the biggest regulatory news and happenings.