The FDA’s expectations for cybersecurity content for pre-market submissions are mainly covered in two documents: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions and Postmarket Management of Cybersecurity in Medical Devices. BG Networks’ SPDF documentation and services not only comply with these recommendations but also incorporate additional requirements spread across other supporting FDA Guidance documents.

Collectively, FDA Cybersecurity related Guidance documents call for cybersecurity across the Total Product Lifecycle (TPLC) and the implementation of a Secure Product Development Framework (SPDF), meaning the FDA expects a Cybersecurity Management System approach that is risk-based and implemented from a device’s initial design stages to end of life. BG Networks comprehensive SPDF System does just that, integrating seamlessly with your current Quality Management System.

IEC 81001-5-1 and ANSI/AAMI SW96:2023 provide an excellent foundation for a risk-based cybersecurity QMS. Both were developed to complement existing QMS and risk processes (e.g., ISO 13485, ISO 14971) and are recognized by the FDA.

Our services, cybersecurity SPDF procedures, templates, and SPDF documentation package are based on these standards and were developed by experts with over 50+ years of medical device, quality management systems, and cybersecurity expertise.

Because our SPDF covers all requirements and recommendations, it ensures that your premarket submission will not be held up due to cybersecurity weaknesses and provides confidence in early FDA acceptance.

Our cybersecurity SPDF includes:

• FDA Premarket Submission Templates: 15 templates covering all required documentation that directly matches eSTAR terminology.
• SPDF Manual: A Cybersecurity Management System manual for medical devices.
• SPDF Procedures & Templates: 25 procedures with 25 templates that guide SPDF activities for everything needed to successfully navigate an FDA inspection.

1. Cybersecurity Gap Assessment Services: First step to understand how much needs to be done and uses a broad range of standards and FDA Guidance documentation to ensure a comprehensive assessment.
2. Premarket Submission Training: For our FDA premarket submission templates, so you can create everything needed to submit.
3. Full Documentation Package Training: Covers implementation of a SPDF so you can establish a risk-based cybersecurity QMS. Ensures the right level of security is included in your medical devices and prepares your organization for an FDA inspection.
4. FDA Cybersecurity and Full Documentation Package Training: Multi-day workshop covering cybersecurity fundamentals, FDA’s cybersecurity recommendations, cryptographic risk mitigation techniques, the use of our SPDF documentation package, and establishment of an SPDF.
5. SPDF Integration Services: An SPDF and a QMS share common themes. These services ensure a smooth integration between your existing QMS/Risk Management processes and our cybersecurity SPDF. Resulting documentation will clearly connect cybersecurity and traditional safety processes, making sure these activities aren’t siloed.
6. Full Premarket Submission Services: We’ll generate all cybersecurity documentation required for your FDA 510(k) or PMA submission.
7. Full Premarket Submission and SPDF Services (includes training): In addition to generating everything required for a premarket submission, we will install a SDPF and train your team on using the SDPF for new medical device developments and post-market activities.

Please contact us for standard pricing information for these training and services options.