The Australian Therapeutic Goods Administration (the TGA) has finally published long-awaited cyber security guidance targeted specifically at:
- manufacturers developing software for use in medical devices, including artificial intelligence;
- manufacturers of medical devices which include components susceptible to cyber-based threats; and
- medical device sponsors in Australia.
Further information, including the guidance documents themselves, can be found here.
The guidance details, amongst other things, the TGA’s expectations with respect to:
- how device sponsors and manufacturers should approach the assessment and documentation of cyber security risks;
- the consideration of cyber security risks as part of compliance with the Essential Principles; and
- the ongoing assessment of cyber security risks and vulnerabilities at all stages of the product life cycle.
Whilst there has been debate as to whether a change to the current regulatory framework for medical devices was required to protect users from cyber security risks, the TGA has confirmed its approach to embed improved cyber security practices as