Medical Device Cybersecurity Registration Review Guidelines (Revised, 2022)

The guidelines aim to guide registration applicants to standardize the medical device cybersecurity life cycle process and preparation of medical device cybersecurity registration document, while standardizing the technical review requirements of medical device cybersecurity and provide reference for the verification of quality management system of medical device software and quality management software
The guidelines are a general requirement for medical device cybersecurity. Registration applicants need to determine the applicability of the specific content of the guidelines based on product characteristics and risk level. Detailed justification shall be given to explain the inapplicability of certain requirements. Registration applicants may also use other alternative methods to meet regulatory requirements but need to provide detailed
The guidelines are in the current regulations, mandatory standards system and the current scientific and technological capabilities, cognitive level of development, with the regulations, mandatory standards system and the continuous improvement of scientific and technological capabilities, cognitive level of development, the relevant content of the guidelines will also be adjusted in due course.
The guidelines serve as guiding documents for registration applicants, reviewers, and inspectors. No administrative matters are involved in the guidelines for the review and approval. The guidelines are not regarded as regulatory enforcement (not binding) and should be used in accordance with the premise of regulatory requirements.