2019年 5月 7日
EMERGO BY UL SUMMARY OF KEY POINTS:
Finalized US Food and Drug Administration guidance for its Q-Submission (Q-Sub) Program whereby manufacturers solicit feedback from the agency prior to submitting their premarket applications now includes recommendations for cybersecurity-related issues.
The final guidance replaces draft guidance published in 2017, which established a process for medical device and IVD companies to request and obtain FDA feedback on 510(k), Premarket Approval (PMA) and other registration-related issues as well as Investigational Device Exemptions (IDEs) before submitting their premarket applications for formal review.
A major addition to the final FDA Q-Sub guidance are a set of cybersecurity-related questions in Appendix 2 provided as suggested example questions for premarket consulting with the regulator. Inclusion of these questions alongside topics such as regulatory strategy, clinical study and human factors shows the growing awareness (and scrutiny) of the need for cyber-related risk management and mitigation in the device industry.
The sample cybersecurity questions FDA provides in the final guidance show where the regulator is focusing in terms of cybersecurity measures expected in premarket submissions:
Other sample Q-Sub questions included in the final guidance cover regulatory strategy, clinical studies, software and firmware issues and human factors.
FDA draft guidance in 2018 laid out various Q-Sub request and meeting options available to medical device and IVD manufacturers interested in the program.