This message was posted by a user wishing to remain anonymous
Hi Ed,
This answer is based on previous engagements for Class A/B and Class III devices.
there are currently multiple Frameworks that are applicable for Cybersecurity/Wireless and Portable devices notably IEC-80001 and such.
The MDR regulation lists
MDR 745 having a clear break up of the bill of items listing the software supply chain- including the compilers, version control tools and environments needed to create the Product. The Software component of the DHF file needs to provide a trace to the SPMP(Software Process Management Plan) along with applicable Usability (62366) assessments for the User interface of the device software.
In addition all open-source/COTS/ libraries used in the software need to be listed which would need the reported CVE/Vulnerability data listed for applicable risk mitigation.
The Periodic PMCF also needs to have a list of software vulnerabilities listed that would be taken into the design cycle for risk mitigation/recall/redesign as applicable.
Original Message:
Sent: 12-Nov-2020 08:53
From: Ed Panek
Subject: Cybersecurity Bill Of Materials
Can someone provide a general contents list of such an item?
Thanks in advance,
Ed
------------------------------
Edward Panek
VP, QA/RA
Med Device
Research into Neural Nets - https://www.twitch.tv/edosani
------------------------------