Checklist for Cybersecurity Documentation

As medical devices grow increasingly connected, so too does the risk posed by cybersecurity breaches – risk that could impact patient safety. New federal regulation based on the FDA's guidance from April 2022 and applied in May 2023 as part of the PATCH Act (Protecting and Transforming Cyber Health Care) mandates elevated levels of cybersecurity compliance for new medical devices. The mandate applies to new medical devices that have software or that are designed to be connected to the internet – even if they are never actually connected. 

The FDA’s message is clear: cybersecurity is no longer something that can be slapped on after product development is largely complete. Instead, the FDA expects device manufacturers to implement processes before, during and after the development process.

To help you understand and comply with these new requirements, we’ve created a handy resource that includes a checklist of all the types of documentation you’ll need to assemble prior to submitting to the FDA. Streamline the compliance process by referring to this checklist as you prepare your product for submission.