| Part B: Supplementary Information Sheet (SIS) |
|
FR Recognition List Number
|
040
|
Date of Entry 08/14/2015
|
|
FR Recognition Number
|
13-78
|
| Standard | |
INCITS ISO IEC 30111 First edition 2013-11-01 (R2019)
Information technology - Security techniques - Vulnerability handling processes |
|
Scope/AbstractThis International Standard gives guidelines for how to process and resolve potential vulnerability information in a product or online service.
This International Standard is applicable to vendors involved in handling vulnerabilities. |
|
| Extent of Recognition
|
Rationale for Recognition
| This standard is relevant to medical devices and is recognized on its scientific and technical merit and/or because it supports existing regulatory policies. |
|
Public Law, CFR Citation(s) and Procode(s)*
| Regulation Number |
Device Name |
Device Class |
Product Code |
| 21CFR 820.50 Purchasing controls |
| 21CFR 820.90 Non-conforming product |
| 21CFR 820.30i Design changes |
| 21CFR 820.100 C.A.P.A. |
| 21CFR 820.198 Complaint files |
| 21CFR 820.30e Design review. |
|
Relevant FDA Guidance and/or Supportive Publications*
1. Postmarket Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued December 2016.
Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices - Guidance for Industry and Food and Drug Administration Staff, issued September 2018. |
|
| FDA Technical Contact
|
| Standards Development Organizations
|
| FDA Specialty Task Group (STG)
|
| *These are provided as examples and others may be applicable. |
