Australia’s Therapeutic Goods Administration (TGA) has implemented the final guidance on pre- and post-market cybersecurity regulatory recommendations for medical device, software and IVD manufacturers and sponsors.

The TGA guidance applies to software as a medical device (SaMD) as well as medical devices and IVDs incorporating components that may be vulnerable to cyber threats. The TGA guidance aligns closely with regulatory approaches developed by the USFDA and Health Canada, based on total product lifecycle (TPLC) principles for risk and quality management. Convergence of TGA cybersecurity requirements with US FDA draft pre-market guidance and final post-market guidance on cybersecurity risk management, Health Canada cybersecurity guidance finalized in June 2019, and South Korean MFDS cybersecurity guidelines shows an increasingly harmonized regulatory response to emerging cybersecurity risks and threats to connected healthcare environments.