The U.S. Food and Drug Administration (FDA) announced today that AAMI SW96 Receives FDA Consensus Standard status. Medical device manufacturers are now expected to conform to the requirements of this standard as applicable, or have processes that show address the requirements of the standard.
The broad outline of AAMI SW96 is:
- General requirements for security risk management
- Security risk analysis
- Security risk evaluation
- Security risk control
- Evaluation of overall security residual risk acceptability
- Security risk management review
- Production and post-production activities
It is important that the security risk management process of AAMI SW96 be coordinated with other medical device risk management processes such as:
- human factors (i.e., IEC 62366
- safety risk (i.e., ISO 14971)
- software risk (i.e., IEC 62304, IEC/TR 80002-1)
- supply chain
- and others as applicable
Additionally, management should expedite cybersecurity involvement at the earliest stages of product planning and utilize competent personnel as security activities can be difficult, require extensive analysis, and will likely impact architecture design and other parts of the design, particularly software.
SoftwareCPR® can provde both audits and assessments to AAMI SW96. Contact us for more information.