PCCP & Cybersecurity Guides
The four guides you need to scope a Section 524B PCCP program, from pre-authorized modification classes to the postmarket monitoring loop they plug into.
-
PCCP mechanics
FDA PCCP: Predetermined Change Control Plans
The full anatomy of a PCCP under the FDA's December 2024 final guidance, Description of Modifications, Modification Protocol, and Impact Assessment, with worked non-AI examples for cybersecurity and firmware.
Read the guide -
SBOM / VEX workflow
SBOM Vulnerability Management for Medical Devices
The end-to-end SBOM + VEX workflow: ingest CVE feeds, determine exploitability per device, route in-scope findings to the PCCP Modification Protocol, and out-of-scope findings to CAPA.
Read the guide -
Pathway differences
FDA Pathway Cybersecurity Differences
Decide whether a security-relevant modification belongs in a PCCP, a letter-to-file, or a new 510(k) / De Novo / PMA submission, with the pathway-by-pathway cybersecurity expectations reviewers apply.
Read the guide -
Postmarket monitoring
Postmarket Cybersecurity Monitoring Program
The Section 524B(b)(2)(B) postmarket plan a PCCP plugs into, monitoring sources, triage, coordinated vulnerability disclosure, and the closure path that the PCCP pre-authorizes.
Read the guide
Looking for the full library? Browse all guides.
Turn these guides into a submission-ready PCCP.
30-minute scoping call. We map your patching cadence, SBOM refresh, and postmarket plan against the December 2024 PCCP guidance and Section 524B.