【奥译言】FDA采用UL 2900网络安全系列标准
关注奥咨达公众号
- 一项UL医疗器械和医疗保健网络安全标准,正在被美国FDA认可。
- UL 2900系列标准将使得美国医疗器械入市申请者,能够获取到证明产品网络安全特性的资料。
- 证明产品满足FDA网络安全要求的工具,应在产品上市前和上市后均能为医疗器械生产商和医疗软件开发者提供帮助。
美国FDA将很快采用美国UL发布的关于医疗器械网络安全的一系列标准,帮助医疗器械生产商支持其对产品网络安全的宣称。
UL 2900系列标准是由UL网络安全保证项目组(UL CAP)开发的,旨在为生产商提供用于评估医疗器械软件的缺陷和安全控制,以及识别安全性改进的可测试、可测量的标准。UL2900系列标准包括:
- UL 2900-1:可联网设备及产品的软件网络安全的一般要求。
- UL 2900-2-1:可联网医疗系统组件,包括医疗器械和软件的特殊要求。
- UL 2900-2-2:工厂控制系统的特殊要求。
UL 2900标准已在ANSI采用过程中
FDA采用UL 2900,对美国入市申请者意味着什么
在FDA计划认可UL 2900标准之前,美国国家标准协会(ANSI)已一致同意采用UL 2900-1标准, 对UL 2900-2-1的采用也正在进行中。
“UL 2900标准为器械生产商提供了可重复、可再现的测试方法,这些测试可为网络安全的宣称提供支持性的客观证据”, UL医疗系统互用和安全首席工程师Anura Fernando解释到。“UL CAP 基于UL 2900标准,可为监管部门和医疗服务机构提供资质认证。该资质认证保证了医疗器械的上市前评审和资格条件已符合关于网络安全的标准化要求”。
FDA采用UL 2900,对美国入市申请者意味着什么
由于ANSI和FDA采用和实施全部的UL 2900系列标准,美国入市申请者将受到怎样的影响?
根据Fernando的说法,UL 2900系列标准的要求与当前FDA的产品上市前和上市后网络安全指导原则,以及ANSI技术小组的指南一致,因此,UL标准是用于支持FDA注册提交过程的。
“FDA对UL 2900-1的认可程序已完成,其公开的公告将在美国联邦公报的下一份公告中,列在FDA认可标准清单#47中,”Fernando报告说。
根据Fernando的说法,制造商将能够使用UL 2900认证来证明其设备符合FDA上市前和上市后指导原则的法规要求。
FDA 510K 申报服务和周期(含工厂注册和合同范围内产品列名)FDA De Novo
FDA MD 预提交(Pre-submission)申报服务和周期
FDA PMA申报服务和周期
FDA产品列名 申报服务和周期
FDA豁免510K-服务
英语原文
UL 2900 Cybersecurity Standards Set for FDA Adoption
July 11, 2017 by Stewart Eisenhart
EMERGO SUMMARY OF KEYPOINTS:
- A medical device and healthcarenetworking cybersecurity standard from UL is being recognized by the US Foodand Drug Administration.
- The UL 2900 set ofstandards will enable US medical device market registrants to assemble evidenceto demonstrate proper cybersecurity features for their products.
- Tools to demonstratecompliance with FDA cybersecurity requirements should help device manufacturersand medical software developers in both pre- and post-market environments.
A set of standardspublished by UL to address medical device cybersecurity issues will soon beadopted by the US Food and Drug Administration to help manufacturers supportsecurity assurance claims.
TheUL 2900standardswere developed as part of UL’s Cybersecurity Assurance Program (UL CAP) toprovide manufacturers with testable and measurable criteria to assess medicaldevice software vulnerabilities and security controls as well as identify securityimprovements. Included in the UL 2900 series of standards are:
- UL 2900-1: Generalrequirements for software cybersecurity for network-connectable devices andproducts
- UL 2900-2-1: Particularrequirements for network-connectable healthcare system components includingmedical devices and software
- UL 2900-2-2: Particularrequirements for industrial control systems
ANSIadoption of UL 2900 already underway
Ahead of the FDA’splanned recognition of UL 2900, the American National Standards Institute (ANSI)has already granted consensus for UL 2900-1, and is in the process of adoptingUL 2900-2-1 as well.
“UL 2900 provides devicemanufacturers with repeatable, reproducible tests that can provide objectiveevidence to support assurance claims regarding cybersecurity,” explains AnuraFernando, Principal Engineer, Medical Systems Interoperability & Securityat UL. “UL CAP is based on the UL 2900 standard, and provides regulators andhealthcare delivery organizations with certifications ensuring that standardizedrequirements for cybersecurity have been satisfied as part of a device’spremarket review and qualification.”
WhatFDA adoption of UL 2900 will mean for US registrants
Given pending adoptionand implementation of the full UL 2900 set of standards for medical devices andsoftware by ANSI and the FDA, how will US market registrants be impacted?
According to Fernando, UL2900 requirements were developed in alignment with current FDA pre- andpost-market cybersecurity guidance, as well as with ANSI Technical Panelguidelines; thus, the UL standards have been designed to support FDA regulatorysubmission processes.
“The FDA recognitionprocess for UL 2900-1 has been completed, and a public announcement isanticipated in the next US Federal Register notice under List #47 of FDARecognized Consensus Standards,” Fernando reports.
Manufacturers will beable to use UL 2900 certification to demonstrate that their devices meetregulatory requirements laid out in FDA pre- and post-market guidance, saysFernando.
Tags:
UL 2900,medicaldevice cybersecurity,Food and DrugAdministration
内容来自:EMERGO
整理翻译:奥咨达
奥咨达翻译团队根植于中国,面向全球,专注为医疗器械领域的企业提供专业、高效的翻译解决方案。翻译领域包括医疗器械的研发、注册、临床、上市后监督、营销、管理、培训等,译稿已涵盖医疗器械领域的所有类型。
奥咨达翻译组联系方式:
热点推荐
可点击标题阅读原文
阅读原文 最新评论
推荐文章
作者最新文章
你可能感兴趣的文章
Copyright Disclaimer: The copyright of contents (including texts, images, videos and audios) posted above belong to the User who shared or the third-party website which the User shared from. If you found your copyright have been infringed, please send a DMCA takedown notice to [email protected]. For more detail of the source, please click on the button "Read Original Post" below. For other communications, please send to [email protected].
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。