Listen now
Key takeaways
- The FDA requires four specific security architecture views for medical device premarket submissions: Global System View, Updateability and Patchability View, Multi-Patient Harm View, and Secure Use Case View.
- The Global System View defines the entire scope of the device, encompassing hardware, software, mobile apps, cloud components, and update infrastructure.
- The Updateability and Patchability View details the secure process for delivering software updates and patches throughout the device's lifecycle.
- The Multi-Patient Harm View analyzes scenarios where a single vulnerability could impact multiple devices or patients.
- The Secure Use Case View maps security controls to every specific function, state, and operational context of the device.
- A practical approach to creating Secure Use Case Views is to base them on the device's functional requirements to build security into design.
- Manufacturers commonly overlook including the update infrastructure in the Global System View and fail to explain the rationale behind their system's architecture.
What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?
This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views - global system, updatability/patchability, multi-patient harm, and secure use cases - with real-world examples and practical advice.
Key points:
(5:25) The Global System View
-
Companion apps and cloud infrastructure must be part of the device scope.
-
Many device manufacturers overlook update infrastructure in this view.
-
Distinguishing in-scope versus out-of-scope components is a common challenge.
(12:52) Updatability and Patchability
-
Secure update procedures must cover the entire lifecycle.
-
FDA wants manufacturers to consider both infrastructure and delivery integrity.
-
A weak development environment can compromise update trustworthiness.
(18:21) Multi-Patient Harm Scenarios
-
Risk is based on the scope and scale of potential compromise.
-
Even small devices can cause large-scale issues depending on their connectivity.
(23:09) Secure Use Case Views and Closing Advice
-
Every device function should have a corresponding security consideration.
-
Functional requirements can guide secure use case documentation.
Notable quotes
“The FDA specifically defines security architecture views, and those four views you mentioned, which is very different than a typical architecture diagram for a software or device.”
“The Global System View is going to actually be fairly similar to an architecture view under a traditional software scope. We are looking at what is the total scope of the device, what is each component within the device.”
“A common failure point highlighted is neglecting to include the update infrastructure within this scope.”
“If the FDA wants to see an entire separate view specifically for the update process, instead of lumping it into the Secure Use Case Views, which cover other functionalities and other data flows, it shows how important it is.”
Frequently asked questions
More episodes
Keep listening
-
Episode 70
Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co
With Zoltan Kevei
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati
-
Episode 68
Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies Limited
With Michael Branagan Harris
-
Episode 67
De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
With Brent Lavin