Software cybersecurity programs keep a firm vulnerable to devastating outcomes that have a severe impact on the firm and the users of software. The FBI identifies the medical device industry and the FDA as the last prepared sector of industry and government to manage this problem. Heath care products and treatment management remain incredibly vulnerable. In fact, you may be carrying an infective malware program in your iPhone, laptop or in a remote printer or photocopier. Nothing is safe, not even the federal government.
Cybersecurity technology and exploitations evolve rapidly. A static cybersecurity program leaves a software program more vulnerable with each passing day as hackers develop new malware adaptations. The FDA requires that a software developer, whether for a software-based device or for standalone software, addressed cybersecurity before the device may be marketed. But the cybersecurity problems manifest themselves after premarket authorization. FDA provides little guidance on how to manage a cybersecurity recovery program once you are on the market and have been hit. What should your cybersecurity recovery program include? You are left with an answer of, "You figure it out."
Why Should You Attend:
Cyber attacks constantly evolve in their impact and deviousness of deployment. The FDA expects you to apply the Quality System regulation (QSR) Corrective and Preventive Action (CAPA) as an established and implemented cybersecurity recovery program. This webinar provides initial guidance on how to build a cybersecurity recovery program that includes FDA CAPA elements. The training will address how to prepare a firm's staff for cybersecurity problems. Remember, people carry the biggest "open door" for a hacker. You can use the FDA's optional follow-up options. Finally, you can take away a basic checklist that a cybersecurity audit team should include in their program. It is a start from which you can further develop and refine a cybersecurity program as you gain experience.
Objectives of the Presentation:
- The attendee should understand the need for a comprehensive recovery plan before a cyber attack occurs
- Fundamental cybersecurity program concepts will be identified so attendees have to customize them for their particular needs and implement a program that includes training needs, which is something that can be verified during an FDA inspection
- A firm's quality audit division will be provided some initial issues that need to be considered to develop their QA cybersecurity program and how to evaluate the adequacy of the programs based on specific factors
Areas Covered in the Session:
- Initial steps to build a cybersecurity recovery program
- Basic components of a cybersecurity CAPA Program
- Human resources requirements
- Cyber-attack recovery components
- Cybersecurity program checklist
Who will Benefit:
- Software Engineers, Developers, and IT Managers
- Third-party Software Services
- In-house biomedical departments at healthcare institutions
- Regulatory Affairs Managers
- Healthcare institution Risk Managers
- Product Liability Counsel
- Complaint Investigation teams
- Quality Assurance Directors
Mr. Uldriks held a number of positions at FDA, such as an investigator in FDA's New England office, in the Office of the Commissioner in Legislative Affairs and in the Center for Devices and Radiological Health (CDRH), where he served as CDRH's Associate Director for Regulatory Guidance and Government Affairs. He helped to guide CDRH to develop and implement various medical device related amendments to the Food, Drug, and Cosmetic Act, regulations and guidance documents. For years he has trained FDA staff on medical law and has been a featured speaker at many professional conferences involving FDA's medical device program.