Tuesday, 23 February 2016

FDA Issues Draft Guidance Document for Postmarket Management of Cybersecurity in Medical Devices (Part 3 of 4)

Remediating and Reporting Cybersecurity Vulnerabilities

Manufacturers are required to determine if the residual risk of a cybersecurity vulnerability is “controlled” (acceptable) or “uncontrolled” (unacceptable). Following this initial determination of the seriousness of the risk to “essential clinical performance”, the FDA has recommended a variety of both remediation and reporting requirements. These requirements are logical and pragmatic, in that controlled risk obviously requires a different (lesser) level of response than an uncontrolled risk.

The level of response required is similar to that I experienced with a certain cantankerous 1980 Oldsmobile in my youth. For minor issues, such as random stalling at stop signs, all I needed was a quick hit of carb cleaner and a long shanked screwdriver to loosen the butterfly valve and be on my way. For major problems, I was going to need a either a tow truck or a fire extinguisher. Trust me, once the fire extinguisher made an appearance, there were definitely “reporting requirements” (at least as to my parents). For the full article click here 



from cyber security caucus http://ift.tt/1Uk9tyQ
via IFTTT

No comments:

Post a Comment