Combination Product Industry News & Guidance

Sharing device-related information and wisdom
that will help you succeed

Cybersecurity in Medical Devices: FDA Final Guidance Breakdown

Cybersecurity guidance for any software connected to a combination product

Last week, the FDA issued the final guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions,” replacing their October 2014 guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” This guidance applies to essentially ANY software in a device, including combination product constituents.

Oversight of this matter appears to be a priority for the FDA, due to the increased integration of software with medical devices, digital information-sharing, and cybersecurity vulnerabilities and incidents. We expect them to enforce this guidance for both new submissions and in the postmarket space (during inspections or postmarket change submissions).

To view the final cybersecurity guidance, CLICK HERE. For good articles to help you understand the implications of this guidance on your combination product projects, see “FDA premarket cybersecurity guidance clarifies SBOM requirements” by RAPS and “Preparing for the PATCH Act and RTA” by MedTech Intelligence. For information directly from the horse’s mouth, on November 2, 2023, the FDA will host a webinar for industry and other stakeholders interested in learning more about this guidance. And, if you would like to discuss the particular nuances of how the new guidance applies to your combination product, feel free to reach out to speak with one of our cybersecurity/regulatory experts.


Jonathan Amaya-Hodges, Director, Technical Services, Suttons Creek, Inc. – Jonathan has over 16 years of multidisciplinary experience in regulated medical products (drugs, biologics, medical devices, and combination products) at multiple global companies. He has practical experience in Development/Engineering, Quality Assurance, and Regulatory Affairs for various types of combination products with a focus on drug delivery. Additional background includes digital health (including smart packaging/connected devices and software as a medical device, or SaMD) and in vitro diagnostics, along with clinical development (bridging) and lifecycle management for combination products. Jonathan engages with the global combination product community by speaking at conferences, lecturing in courses, serving key roles within prominent industry organizations, and interfacing with regulators on a variety of topics.