Regulatory Open Forum

Hi RegEx,

I was wondering if there is a link between cybersecurity and information security when it comes to SaMD - a quick google search says that the terms are used interchangeably, but are different.

Is there a cross-linkage between the two when it comes to the med device regulatory world? Can one type of documentation be used to support the other (for e.g., the ISMS policy as a part of cybersecurity documentation)? Any type of recommendations, pointers to guidance docs or whitepapers, or experiences are appreciated.

Thanks!

------------------------------
Best,

Akshay Kulkarni
------------------------------

Hi Akshay,

just a brief response on a nice Saturday morning. 

There are a lot of published / forthcoming documents in this field, and yes there is overlapping / redundancy in terminology. 

You might consider AAMI TIR57/AAMITIR97 (guided by ISO 14971/24971 for the governing risk management system) as a starting point to anchor a project / client specific selection of terminology. Both documents are "just" using the term security.

------------------------------
Uwe Zeller | Regulatory Affairs / Risk Management Consultant
Biberach an der Riß, Germany
------------------------------

Original Message:
Sent: 13-May-2022 14:23
From: Akshay Kulkarni
Subject: Cybersecurity and Information Security

Hi RegEx,

I was wondering if there is a link between cybersecurity and information security when it comes to SaMD - a quick google search says that the terms are used interchangeably, but are different.

Is there a cross-linkage between the two when it comes to the med device regulatory world? Can one type of documentation be used to support the other (for e.g., the ISMS policy as a part of cybersecurity documentation)? Any type of recommendations, pointers to guidance docs or whitepapers, or experiences are appreciated.

Thanks!

------------------------------
Best,

Akshay Kulkarni
------------------------------