top of page

IMDRF Guidance: CyberSecurity, Post-Market Surveillance, Personalized Medical Devices

Recently (IMDRF) released new four technical guidelines, "Personalized Medical Devices – Production Verification and Validation", "Principles and Practices for the Cybersecurity of Legacy Medical Devices", "Medical Devices: Post-Market Surveillance: National Competent Authority Report Exchange Criteria and Report Form" and "Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity"


International Medical Device Regulators Forum, is a voluntary group of medical device regulators from around the world who have come together to harmonize regulatory requirements for medical devices.


The goal of IMDRF is to improve the safety, effectiveness, and quality of medical devices by promoting international collaboration and standardization.

Personalized Medical Devices – Production Verification and Validation

Personalized medical devices are those that are customized to fit a specific patient's anatomy, physiology, or pathology. The guidance outlines the key considerations that manufacturers of personalized medical devices should take into account during the production verification and validation process.


Principles and Practices for the Cybersecurity of Legacy Medical Devices

The term legacy medical device refers to devices that are no longer in production, have reached the end of their support period, but are still being used for patient care. As these devices were developed before modern cybersecurity best practices were developed, they may not have been designed with cybersecurity in mind when they were designed and manufactured.


In this guidance document, stakeholders will find clear methods for identifying potential legacy medical devices and practical and feasible ways to keep legacy medical devices secure.


Medical Devices: Post-Market Surveillance: National Competent Authority Report Exchange Criteria and Report Form

This guide provides guidance for the exchange of post-market surveillance (PMS) information among national competent authorities (NCAs) responsible for regulating medical devices. Also, this guidance outlines the criteria and report form that NCAs should use when exchanging PMS information with each other. The guidance also includes recommendations for the content and format of PMS reports to facilitate a consistent and efficient exchange of information.


Principles and Practices for Software Bill of Materials for Medical Device (SBOM) Cybersecurity

This guidance aims to help medical device manufacturers and regulators create and implement effective cybersecurity practices through the use of SBOMs. It outlines the principles and practices that should be followed when creating and using SBOMs for medical devices.




35 views0 comments
bottom of page