Abstract
Conformity Assessment
Conformity assessment is a term used by standards development organizations to mean a set of processes that show a product, service, or system meets the requirements of a standard. 1 Successful navigation by a product through a conformity assessment program helps regulators ensure that claims for adherence to established standards have actually been met. Documentation of conformity assessment by the manufacturer of a medical product, such as a diabetes device, also provides patients, healthcare professionals, and payers with added confidence in the performance of the product and provides the manufacturer with a competitive edge.
The Food and Drug Administration Accreditation Scheme for Conformity Assessment Pilot Program
On September 24, 2020, the United States Food and Drug Administration (FDA) announced a program for medical device conformity assessment of selected medical devices by launching their Accreditation Scheme for Conformity Assessment (ASCA) 2 pilot program. This program was added to a subsection of the current FDA Reauthorization Act of 2017 (FDARA) 3 as part of the enactment of the Medical Device User Fee Amendments of 2017 (MDUFA IV). 4
This announcement means that the FDA will establish a pilot program under which testing laboratories may be accredited by accreditation bodies (if they meet criteria specified by the FDA) to assess the conformance of a device to selected FDA-recognized consensus standards. Determinations by accredited testing laboratories that a device conforms with an eligible standard that is included in the pilot program shall be accepted by the FDA for the purposes of demonstrating such conformity. The ASCA program will approve test laboratories that are accredited by certain US-based accreditation bodies (requiring demonstration of competent operation according to ISO/IEC 17025 5 ). These accrediting bodies must be signatories (requiring documentation of competence, consistent operation and impartiality per ISO 17011:2017 6 in their capabilities to accredit laboratories that will in turn accredit products) to an international organization known as the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA). If a laboratory is accredited by an accreditation body that is a signatory to the ILAC MRA, then the laboratory is eligible to display both the logo of the ILAC MRA (Figure 1) and their accrediting body. 7
Logo of ILAC MRA to indicate a laboratory is accredited by the ILAC MRA. 7
A test lab will first need to be accredited by an ASCA-recognized accreditation body. Following such accreditation, a test lab can then apply to the FDA for ASCA accreditation. The FDA announced that they intend to publish a list of ASCA-accredited testing laboratories and their scopes of ASCA accreditation by April 12, 2021. 2 If a test laboratory is accredited by the FDA for the ASCA Pilot Program, then the test laboratory can be chosen by a medical device company to test their product. Each ASCA-accredited testing laboratory will test devices generally according to ISO/IEC 17025 and specifically according to the specifications associated with the relevant ASCA-eligible standard and test method. The laboratory prepares a determination of conformity report for the manufacturer. This DOC (as evidence of conformity with the relevant standard) is submitted to the FDA along with other documents for a premarket clearance application. For details of the flow process for the pilot ASCA program (see Figure 2).
Process flow for the pilot ASCA program, taken from the FDA ASCA. 2
The benefits to industry of the ASCA program are that the FDA will usually rely on the results from ASCA-accredited testing laboratories to document conformance with a standard for the purpose of premarket review without requiring any additional information if 2 conditions are met: (1) the standard and test methods are within the testing laboratory’s scope of their ASCA Accreditation, and (2) the testing is accompanied by a declaration of conformity along with a summary test report. 2
The 2 types of standards that are included in the FDA ASCA Pilot Program specify performance for (1) 8 standards for biocompatibility testing of medical devices and (2) 2 standards for safety and essential performance of medical electrical equipment, medical electrical systems, and laboratory medical equipment. 2 This pilot program does not apply to diabetes device cybersecurity mainly because there is no cybersecurity standard for diabetes devices or any other medical devices that uses conformity assessment and is recognized by the FDA. If such a cybersecurity standard did exist, then the FDA would have to decide whether or not to include it in this program.
Conformity Assessment of Diabetes Device Cybersecurity
At Diabetes Technology Society (DTS), we consider this new FDA ASCA Pilot Program a step forward for manufacturers to use well documented conformity with a generally recognized standard as evidence of adherence to the topic of the standard. Cybersecurity is an important property of a diabetes device, along with other important features including safety, effectiveness, privacy, usability, and cost.
We believe that the most rigorous demonstration of cybersecurity of diabetes devices comes from third party testing of products for their security features. It has been difficult, to date, to convince most diabetes device manufacturers to provide assurance from an outside test lab that their products meet a specified level of security.
DTS created the DTS Cybersecurity Standard for Connected Diabetes Devices (DTSec)
8
and the Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard (DTMoSt)
9
which are the first 2 cybersecurity standards for any connected medical devices to directly define the certification process for products within these standards themselves. The principles of this standard and guidance combination with minimal moderations could be repurposed from diabetes devices and applied to any connected medical devices. These standards were developed with input from academia, industry, government, and clinical centers of excellence. They specify both performance requirements and assurance requirements. The standards are based on the Common Criteria for Information Technology Security Evaluation
DTSec and DTMoSt are now in the process of being reformatted with minor modifications in the form of a new standard that will be co-managed by the Institute of Electrical and Electronics Engineers (IEEE) and Underwriter Laboratories (UL). 10 It will be known as IEEE 2621. 11 This standard will specify both performance requirements and assurance requirements for wireless diabetes devices. IEEE 2621 is a three-part standard, compared to one part each for the DTSec 8 and DTMoSt 9 standards. IEEE 2621 has 3 levels of assurance packages of varying rigor, which are (in order of increasing rigor): (1) Basic Package, (2) Enhanced-Basic Package, and (3) Moderate Package. DTSec and DTMoSt both only have two levels of assurance “extended packages”: (1) Enhanced-Basic Package and (2) Moderate Package.8,9 The Basic Package added to the IEEE 2621 does not require evaluation by an independent test lab and only requires the product’s developer to confirm conformity to the 2621 standard. The FDA has not recognized DTSec and DTMoSt and cannot because DTS is not an official standards development organization, so a manufacturer cannot use evidence of adherence to these standards as sole evidence of meeting cybersecurity FDA requirements. At DTS, we hope that after IEEE 2621 is ratified, which should happen during 2021, that the FDA will recognize this standard. At that point, if the ASCA Program is accepting new standards for purposes other than biocompatibility and processes, then the conformity assessment feature of IEEE 2621 will be in line with the standards that are part of the ASCA Program, and perhaps this standard will be added to the list of standards being evaluated in this pilot program. Even if it is too late to add IEEE 2621 by the time it is completed, the availability of a standard that will be hopefully recognized by the FDA should increase the appeal of using adherence to this standard to demonstrate sound cybersecurity.
Conclusion
The creation of the ASCA Pilot Program demonstrates the intention of the FDA to use conformity assessment to recognized standards as a streamlined method for demonstrating the performance of an important property of a device. We hope that conformity assessment to IEEE 2621 will someday be advocated by the FDA as a streamlined and structured method for demonstrating diabetes device cybersecurity.
Footnotes
Acknowledgements
We thank Annamarie Sucher-Jones for her expert editorial assistance.
Abbreviations
ASCA, Accreditation Scheme for Conformity Assessment; DTS, Diabetes Technology Society; DTSec, DTS Cybersecurity Standard for Connected Diabetes Devices; DTMoSt, Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard; FDA, United States Food and Drug Administration; IEEE, Institute of Electrical and Electronics Engineers; ILAC, International Laboratory Accreditation Cooperation; MRA, Mutual Recognition Arrangement; UL, Underwriter Laboratories.
Declaration of Conflicting Interests
The author(s) declared the following potential conflicts of interest with respect to the research, authorship, and/or publication of this article: TS and JYZ have nothing to disclose. DCK is a consultant for EoFlow, Fractyl, Roche, Lifecare, Novo, Samsung, and Thirdwayv.
Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.
