The guidance also provides for considerations concerning expectations from actors other than manufacturers. It also provides a description of other EU and global pieces of legislation and guidance that are relevant to the domain of cybersecurity for medical devices and IVDs in an Annex.
What does this mean for you?
All manufacturers of devices that are subject to the “GSPR” on IT security and cybersecurity, or subject to requirements regarding privacy and confidentiality of data associated with the use of MDs/IVDs that may be outside the scope of the MDR/IVDR but that are subject to other legislations should carefully read the MDCG 2019-16 to understand how to appropriately address both their pre- and post-market responsibilities.
Should you want to discuss this more in depth with one of our consultants, please do not hesitate to get in touch with us.