What if I already submitted my cyber device?

This was pulled from the FDA Cybersecurity in Medical Devices - Frequently Asked Questions on October 12, 2023:

As provided by the Omnibus, the cybersecurity requirements do not apply to an application or submission submitted to the Food and Drug Administration (FDA) before March 29, 2023. If a cyber device was previously authorized, and the manufacturer is making a change to the device that requires premarket review by the agency, the law would apply for the new premarket submission.

Medcrypt expert tip:

There are some exceptions that you should be aware of: 1) If there is a change to your device that warrants a new pre-market submission (510(k)) or if you have a Class III device, almost all changes must be reviewed. If those changes are not reviewed, all changes must still be reported annually. 2) Post-market requirements for risk management all apply from a Quality System perspective. If you don't follow the guidance in how you manage risk, we strongly suggest that you should. Regardless, you still are required per 820 and 806 (corrections and removals) to deal with post-market issues, to which the post-market guidance applies.

PreviousIs my device a cyber device?NextWhat should my cybersecurity management plan entail?

Last updated 1 year ago

Was this helpful?