1
Applicable or not to the device – if not applicable justification is to be included
Medical Devices Essential Principles Checklist
(2) A programmed or programmable medical device, or software that is a
medical device, must be developed, produced and maintained having
regard to the generally acknowledged state of the art (including for design,
development life cycle, development environment, version control, quality
and risk management, security, verification and validation, change and
configuration management and problem resolution).
(3) A programmed or programmable medical device, or software that is a
medical device, that is intended to be used in combination with computing
platforms must be designed and developed taking into account the
capability, resources and configuration of the platforms and the external
factors (including information technology environments) related to the use of
the platforms.
(4) The manufacturer of a programmed or programmable medical device, or
software that is a medical device, must provide instructions or information
with the device that sets out requirements (including requirements about
hardware, software, information technology environments and security
measures) necessary to operate the device as intended.
(5) A programmed or programmable medical device, or software that is a
medical device, must be designed, produced and maintained with regard to
best practice in relation to software, security and engineering to provide
cybersecurity of the device, including where appropriate the following:
(a) protection against unauthorised access, unauthorised influence or
unauthorised manipulation;
(b) minimisation of risks associated with known cybersecurity
vulnerabilities (including either or both of remediation of known
vulnerabilities and application of compensating controls);
(c) facilitation of the application of updates, patches, compensating
controls and other improvements;
(d) disclosure of known vulnerabilities in the device or its components and
associated mitigations;
(e) making available sufficient information for a user to make decisions
with respect to the safety of applying, or not applying, updates,
patches, compensating controls and other improvements.
(6) The manufacturer of a programmed or programmable medical device, or
software that is a medical device, having regard to the intended purpose of
the device, the generally acknowledged state of the art and best practice,
must ensure that the data that influences the performance of the device is:
(a) representative; and
(b) of sufficient quality; and
(c) maintained to ensure integrity; and
managed to reduce bias.
12.2 Safety dependent on internal power supply
(1) This clause applies in relation to a medical device if the safety of a patient
on whom the device is to be used will depend on an internal power supply
for the device.
(2)
The device must be fitted with a means of determining the state of the