img

FDA Medical Device Cybersecurity Regulatory Masterclass

Course Description

This intensive 1-day training program provides a deep, practical understanding of FDA Medical Device cybersecurity regulatory requirements.

Participants will learn how to design, document, and submit compliant software and cybersecurity information for FDA 510(k), De Novo, and PMA submissions. The course shows how software/hardware risk, threat modeling, and security controls align with FDA's Quality Management System Regulation (QMSR), Cybersecurity Guidance, and IMDRF medical device cybersecurity principles.

Real-world examples and interactive workshops prepare attendees to author and assemble the cybersecurity documentation FDA expects in a premarket submission, from the security risk management report through controls, architecture, and labeling, and to understand FDA's postmarket vulnerability response expectations.

Course at a Glance

1-Day Live Virtual Workshop
1 Full Day of Interactive Learning

Intensive, instructor-led sessions

September 18, 2026

Upcoming Virtual Workhop

9:00 AM - 4:00 PM EST

Small-group, live instructor-led sessions

Price : $1995 USD
location Created with Sketch Beta.
Location:

Participate from anywhere with stable internet

certificate-ribbon-solid
Certificate of Completion from CRTA

Recognized professional credential

Faculty Director: Jordan John
Limited Seats - Secure Your Spot Early!

Learning Objectives

By the end of this course, participants will be able to::

  • 1. Understand FDA's latest cybersecurity guidance and its integration into the design and submission lifecycle.
  • 2. Apply Section 524B "cyber device" requirements and the Secure Product Development Framework (SPDF) to premarket submission planning.
  • 3. Develop and maintain Pre-market Cybersecurity documentation in line with FDA expectations.
  • 4. Develop Risk Management files in line with FDA and AAMI TIR57 best practices.
  • 5. Prepare cybersecurity documentation for 510(k), De Novo, or PMA submissions.
  • 6. Implement post market cybersecurity processes, including coordinated vulnerability disclosure (CVD) and incident response.

Who Should Attend

  • Regulatory Affairs and Quality Professionals
  • Cybersecurity Specialists in MedTech
  • Software Developers and System Architects
  • Connected Device and Digital Health Innovators
  • FDA Submission and Compliance Teams
  • Risk Management and Product Security Leads

Course Outline

FDA Medical Device Cybersecurity Regulatory Landscape and Risk Management

Module 1 – FDA Medical Device Cybersecurity Regulatory Landscape
Section 524B “cyber device” requirements and FDA’s authority to refuse to accept submissions
FDA’s current cybersecurity guidance (February 2026, QMSR-aligned) and its place in the submission lifecycle
How cybersecurity fits the QMSR and the Secure Product Development Framework (SPDF)
The cybersecurity documentation FDA expects in a premarket submission
Workshop 1: Determine cyber device status and the documentation a sample product would require
Module 2 – Security Risk Management Documentation
The security risk management report and its role in the submission (AAMI TIR57 / ANSI-AAMI SW96)
Cybersecurity risk assessment documentation and traceability
Software Bill of Materials (SBOM) support plan documentation
Assessment of unresolved anomalies and cybersecurity metrics
Workshop 2: Review a sample security risk management report package for completeness against FDA expectations
Module 3 – Security Architecture, Controls, and Labeling Documentation
Security architecture views and supporting documentation
Cybersecurity controls documentation and traceability to risks
Cybersecurity labeling: security-related device description (CSD) and MDS2
Communicating security information to users
Workshop 3: Build a cybersecurity labeling and architecture documentation checklist
Cybersecurity Management Plans and Postmarket Requirements

Module 4 – Plans, Procedures, and the Cybersecurity Management Plan
Section 524B documentation requirements (plans and procedures, processes, SBOM)
The cybersecurity management plan and what FDA expects to see
Coordinated vulnerability disclosure (CVD) plan as a submission element
Assembling a coherent submission documentation package aligned to the QMSR
Workshop 4: Build a cybersecurity documentation checklist mapping each FDA-expected document to your submission
Module 5 – Postmarket Cybersecurity
Overview of FDA’s Postmarket Management of Cybersecurity guidance and how it complements the 2026 premarket guidance
Controlled versus uncontrolled risk and evaluating risk of patient harm
Vulnerability monitoring, coordinated disclosure, and information sharing (ISAO)
When postmarket changes may require reporting (21 CFR Part 806) versus routine updates
Case Study: A real FDA cybersecurity recall through a postmarket documentation lens
Closing Session

Knowledge Assessment Quiz
Participant Q&A and Discussion
Certificate of Completion
Interactive Activities
  • 4 Hands-On Workshops: Documentation reviews, controls-to-risk mapping, labeling and architecture checklists, and submission package planning.
  • Real-World Case Studies: FDA recalls and cybersecurity submissions.
  • Live Polls & Group Discussions: Reinforce understanding through scenario-based learning.
  • Mock Documentation Review: Teams critique a sample device cybersecurity documentation package for compliance gaps.
  • Final Quiz & Instructor Q&A: Summarizes and applies key takeaways.
Jordan John, H.BSc, RAC, MBA
Faculty Director’s Bio:

Jordan John, H.BSc, RAC, MBA

Distinguished Expert in Regulatory Affairs, Quality Management, and Cybersecurity

Jordan John is a recognized leader in regulatory affairs, quality management, and cybersecurity compliance, with over a decade of experience navigating complex regulatory landscapes in medical devices, pharmaceuticals, natural health products (NHPs), and other industries. He has held leadership roles, including Director of Regulatory Affairs, Director of Quality, and Security Officer, ensuring compliance with FDA, EU MDR/IVDR, Health Canada, TGA, PMDA, and other international regulatory frameworks.

As an Advisory Board Member at Humber College, Jordan provides strategic insights into clinical regulatory and compliance education. He has also served as a Professor at leading academic institutions, where he developed and delivered courses in regulatory affairs, quality assurance, and compliance. His industry experience spans top tier biopharmaceutical and medical device companies, including Stryker, Johnson & Johnson, Fio Corporation, Southmedic, and others.

With a deep understanding of global regulatory requirements and industry best practices, Jordan is committed to advancing education and training, ensuring the highest standards of quality, safety, and compliance in regulated industries

Become Our Faculty Director Today

Be part of a global network of virtual and in-person workshops

Global Pharma companies and CROs employing our graduates

Global Pharma companies and CROs
employing our graduates