Health Canada’s new premarket requirements on medical device cybersecurity came into the force, following the adoption of its final guidance draft earlier this month. Under new guidelines, the manufacturers must identify and analyze hazards related to their medical devices to set controls and monitor their effectiveness.
Information under certain pre and post-market areas has been introduced in the final guidance which will address monitoring and responding to emerging risks, as well as license applications, including the Table of Contents (ToC) format. Post-market vigilance, patching, disclosures of vulnerabilities and information sharing are considered for monitoring and responding to emerging risks.
To monitor and respond to emerging cybersecurity risks, the guidance outlines four elements- secure design, risk management verification, validation testing and plans.
According to the new guidance, the document’s information in license applications should also be included to avoid hold of reviews and pending requests. The high risk devices i.e. Class Ⅲ or Class Ⅳ are in the focus under these guidelines to outline considerations and licensing requirements in terms of application. Implementation of this guidance applies to all other risk classifications, from Class Ⅰ to Class Ⅳ.
Mr Vinod Arora, Principal Advisor, IGMPI
Placement testimonials: Our alumni are working with Fortune 500 and global Pharmaceutical, Food and healthcare giants like