RAPS Workshop: Cybersecurity Unauthorized (June 2024)

When:  Jun 10, 2024 from 09:00 to 13:00 (ET)

Cybersecurity has become mission-critical for medical device manufacturers.

Securing medical devices and documents for regulatory submissions from cyberattacks is challenging. Many medical device companies struggle to retrofit their security programs to address hardening, vulnerability management, and global incident response. New statutory requirements in the United States are increasing the focus on planned postmarket activities in the submission process.

Health authorities spanning the US, Australia, Canada, and Japan have issued cybersecurity guidance that is essential for regulatory affairs professionals to understand. In addition to premarket concerns, some of the guidance also includes expectations for post-market expectations.

This interactive workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity.

Technical staff will get a better understanding of how to translate regulatory expectations into concrete design and development. Organizational leaders will gain strategic knowledge that will increase the likelihood of gaining green lights from regulators while also teaching them how to establish trust with customers concerned about risk related to medical devices on their networks.

Registration Fees & Deadlines

Present Day — May 10, 2024: Early Bird $825.00 Member | $970.00
Nonmember May 11, 2024 — June 10, 2024: Regular $970.00 Member | $1,150.00

Learning Objectives

After this program, participants will:

  • Thoroughly understand international regulatory expectations for medical device cybersecurity
  • Know the main components of a product security program aligned with global expectations
  • Understand how to use pre-submissions to reduce the likelihood of cybersecurity-related deficiencies
  • Be able to build more successful regulatory submissions

Who Should Attend?

This workshop will help regulatory and quality professionals develop the knowledge they need to help steer their organizations in the right direction when it comes to global cybersecurity expectations. Technical staff will gain a better understanding of how to translate regulatory expectations into concrete design and development. Organizational leaders will gain strategic knowledge that will increase the likelihood of successful submissions and help establish trust with customers who have concerns about risks related to medical devices on their networks.

Audience Learning Level

Basic: Content is introductory in nature and requires no requisite knowledge or experience to grasp concepts and related exercises. Basic educational activities are meant to establish a foundation of knowledge and/or competence that will be expanded upon in practice or in higher level activities.

Agenda

  • Welcome and Overview
  • An Introduction to Medical Device Cybersecurity Concepts and Challenges
  • Medical Device Product Security Programs
  • FDAs Current Premarket Guidance
  • Secure Designs
  • Submission Strategies
  • Successful Pre-submissions
  • Security Risk Management and Treat Modeling
  • Labeling and Communication
  • Global Regulatory Expectations
  • Postmarket Overview
  • Lessons from the Trenches
  • Postmarket Security Risk Management
  • Vulnerability and Patch Management (FDA Panel)
  • Disclosure and Advisory (FDA Panel)

Speakers

Michelle Jump
CEO, MedSec

Michelle Jump is the CEO, of MedSec, where she is responsible for providing strategic leadership, training, and advisory services to the medical device industry in the area of cybersecurity compliance, global regulations, standards, product security program development, and security risk management.  

Matthew Hazelett
Cybersecurity Policy Analyst, at the Food and Drug Administration Center for Devices and Radiological Health Office of Product Evaluation and Quality Clinical and Scientific Policy

Matthew Hazelett started at the FDA as a biomedical engineer within the Implantable Electrophysiology Devices Branch at the Center for Devices and Radiological Health (CDRH). His review areas include pacemakers, defibrillators, leads, and supporting devices, such as programmers and home monitors. Since starting at FDA, Hazelett developed a review focus on cybersecurity, participates in cybersecurity guidance development, and supports cybersecurity vulnerability assessments and reviews across CDRH. He became the cybersecurity policy analyst in the FDA’s Office of Product Evaluation and Quality a year ago, focusing on cybersecurity policy development and implementation. Hazelett also has worked for a medical device research and development company as a test engineer and test manager overseeing device verification and validation testing

Nastassia Tamari
Food and Drug Administration

Cancellations and Refunds

RAPS reserves the right to cancel this program at its sole discretion. RAPS will not be responsible for travel or other costs incurred due to cancellation. All cancellation requests must be submitted in writing to support@raps.orgCancellations will receive a full refund minus a 20% administrative fee. RAPS is unable to accept cancellations by phone.

Substitutions

Paid registration substitutions may be accepted with written approval from RAPS for requests received before the start of the event. To transfer a registration, email support@raps.org with the event title, name of the original registrant and the contact information for the new attendee.

Proof of Attendance

A certificate of attendance can be downloaded from the RAPS Learning Portal following the event.

Questions

Contact the RAPS Support Center:
Call +1 301 770 2920, ext. 200 (8:30 am–5:30 pm EST, Monday–Friday) or email RAPS@raps.org  

Related Content