Cybersecurity - The Latest US FDA Requirements

This live training webinar includes the following for each registered attendee:

• A copy of the presentation slides by download
• A certificate of participation for attendee training records
• Q/A Session
  

Cybersecurity is a recent concern for medical products, due to the increased reliance on electronic software, records and signatures, stand-alone or networked.

Initially there were regulations such as 21 CFR Part 11 in the U.S. and Annex 11 in Europe. But more must be done to ensure the integrity of CGMP documents / records / data. As a result, the US FDA issued several Guidance Documents on cybersecurity - which are constantly undergoing updates to keep up. Regulatory agencies leave the specifics up to the manufacturer, as long as the principles in the guidances are addressed. The U.S. FDA has increasingly observed CGMP violations involving cybersecurity during CGMP compliance inspections, device submissions, and in security breaches related to medical device use. Adding to the problem is BYOD – “Bring Your Own Device”(laptop, tablet, smart phone, or other “smart” device) to the workplace. These growing trends pose problems to the integrity and security of data. The increasing use of cloud (Internet)-based software to accomplish CGMP tasks, store / retrieve data (data warehousing) and similar uses poses additional problems.

Due to the growth of the cybersecurity threat to electronic records, computer-controlled manufacturing, and medical devices, the US FDA has issued Guidances for Industry, e.g.: 1) “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software Document”, and 2) “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” - recently updated, and 3) “Postmarket Management of Cybersecurity in Medical Devices” . This webinar will focus on the key issues raised by the FDA, not just for devices, but expectations for industry. Cybersecurity in the medical products industries is coming under increased regulatory review. The Agency leaves the how of cybersecurity compliance up to the manufacturer, as long as the principles in the guidances are met in the resulting product and/or system; and on electronic-specific tools / techniques to achieve CGMP compliance . Updates, upgrades, new revisions / releases, service packs, and similar are automatically uploaded to a company’s systems, which can pose security risks, with the potential for introduction of compromised code, retrieval of confidential data, data integrity issues, and similar; and render previous computer systems’ verification and validations worthless. The necessary role of the system administrator adds another area of concern. This webinar will consider how cybersecurity is introduced into the CGMPs, design control (21 CFR 820.30) for devices, and post-production by update, the CAPA system, among others.

• Key Guidance Documents on Cybersecurity - and recent changes
• FDA’s enforcement approaches
• Network vunerablities issues
• Cloud, updates and other concerns
• FDA’s regulatory approach; Examples
• Design, security tools and other requirements
• NIST and related cybersecurity considerations
• Verification, validation and unique documentation requirements
• FDA unique device submission requirements

The following individuals or disciplines will benefit from attending this Webinar:

• Senior management in Devices, Combination Products
• QA / RA
• Software development, programming, documentation, testing teams
• R&D
• Engineering
• Production
• Operations
• Marketing
• Consultants; others tasked with product, process, electronic records software V&V responsibilities
  

John E. Lincoln, is Principal of J. E. Lincoln and Associates LLC, a consulting company with over 41 years experience in U.S. FDA-regulated industries, 27 years as head of his own consulting company. John has worked with companies from start-up to Fortune 100, in the U.S., Mexico, Canada, France, Germany, Sweden, China and Taiwan. He specializes in quality assurance, regulatory affairs, QMS problem remediation and FDA responses, new / changed product 510(k)s, process / product / equipment including QMS and software validations, ISO 14971 product risk management files / reports, Design Control / Design History Files, Technical Files. He's held positions in Manufacturing Engineering, QA, QAE, Regulatory Affairs, to the level of Director and VP (R&D). In addition, John has prior experience in military, government, electronics, and aerospace. He has published numerous articles in peer reviewed journals, 5 chapters in the RAPS textbook on validation, conducted workshops and webinars worldwide on CGMP subjects. John is a graduate of UCLA.

Event Venue

Online