Introduction:

The Evolving Premarket Submission Process

In the last number of years, the medical device premarket submission process has changed significantly. This has been born out of necessity, a direct response to an ever-evolving cybersecurity threat landscape. Attackers have become more prolific and sophisticated, and the number of high profile attacks have grown year-on-year. To ensure protection, it is now vitally important that cybersecurity and risk management be ingrained into the heart of the medical device development process. 

In 2022, FDA published an overhauled draft guidance on medical device cybersecurity for preparing premarket submissions. Most experts agree that, if followed, this new draft guidance will fundamentally improve device security and patient safety. When finalized, this draft guidance document will supersede the 2014 version, and many in the medical device community are expecting this guidance document to be mandated very soon.  

The new draft guidance is a massive step up from previous iterations and means that organizations have to alter current processes, practices and ways in which they approach risk management. Nova Leah has spoken to a lot of medical device manufacturers and industry personnel in recent months, both online and at in-person events.

When it comes to premarket submissions, two of the main questions we get are:

                      • What has changed?
                      • What exactly do we now need to include in our premarket submissions?
Download Nova Leah’s 7 Step Premarket Risk Management Checklist

That is why we put together Nova Leah’s 7-Step Premarket Risk Management Checklist which outlines, in simple English, what medical device manufacturers need to include in their premarket submissions.

The checklist is broken into 7 key steps:

                        1. Risk Assessments and Threat Modeling 
                        2. Document All Third-Party Software Components
                        3. Include SBOM Documentation in Premarket Submission 
                        4. Security Assessment of Unresolved Anomalies 
                        5. A Full Risk Management Report
                        6. Software Testing and Validation 
                        7. Vulnerability Management Plans to Ensure Ongoing Monitoring and Maintenance


In our downloadable submission preparedness checklist, we explore each step in more detail. We also provide a list of the essential reports and documentation that medical device manufacturers need to include within all premarket submissions. 

You can download the checklist, for free, by filling out the form below.