FDA-CDRH published a draft guidance document on post-market cyber security. The draft guidance, issued on January 22, 2016, is entitled Postmarket Management of Cybersecurity in Medical Devices.
The guidance document is extensive and covers many areas of cybersecurity. The concept includes a relationship to ISO 14971:2007 as a method to collect and analyze the information and update the risk management files.
It also offers guidance on software updates and when they are reportable as a correction or removal under Part 806.
One may submit comments at www.regulations.gov to Docket number FDA-2015-D-5105.