U.S. FDA Recognizes UL 2900 for Use in Premarket Reviews -- MEDICA Trade Fair

08/22/2017

UL International Germany GmbH

U.S. FDA Recognizes UL 2900 for Use in Premarket Reviews

NORTHBROOK, Ill., Aug. 22, 2017 — The U.S. Food and Drug Administration (U.S. FDA) announced today the recognition of UL 2900 as an FDA recognized consensus standard for use in addressing medical device cybersecurity concerns in pre-market review submissions.

“FDA recognition of UL 2900 means that manufacturers now have a standard to provide objective evidence to demonstrate their devices meet FDA expectations for medical device cybersecurity,” said Anura Fernando, principal engineer, Medical Software & Systems Interoperability.

Building on its 2014 pre-market guidance, the U.S. FDA issued additional guidance in December 2016 –  “Post-market Management of Cybersecurity in Medical Devices” – that provided recommendations for managing the security risk of medical devices already on the market. After working closely with regulators and industry stakeholders, UL’s recently recognized UL 2900 standard offers testable cybersecurity criteria to assess software vulnerabilities and weaknesses minimize exploitation, address known malware, review security controls and increase security awareness for network-connectable products in development as well as devices currently on the market.

"While pleased with FDA’s decision to recognize UL 2900, we understand there is a much greater global challenge for manufacturers in navigating global cybersecurity expectations from regulators and health delivery organizations. This uncertainty adds time and cost as manufacturers work to deploy a single design into the global market and are confronted with a growing list of regulatory requirements and purchaser expectations,” added Fernando.. “While still evolving, we will continue to work with stakeholders to drive harmonization and expect cybersecurity to follow a similar path to that of other globally harmonized safety standards, which will help provide certainty to industry as testing is standardized and security concerns are addressed during device design.”

For additional information related to product testing, evaluation or certification questions, email ULCyber@ul.com.

Exhibitor Data Sheet