Our views on the FDA’s proposed ‘Software Bill of Materials’ requirement for medical devices

Last month the FDA announced its plans for improving medical device safety and security with respect to software across the total product life cycle.

Of note is a proposal that manufacturers provide a 'Software Bill of Materials' for each device. This would detail all of the software a device uses and how this links to specific features and functions, allowing customers and users to better manage software-enabled and networked assets.

We welcome this development. By gaining visibility about the software components and network connectivity of their devices, service providers will be better able to manage vulnerabilities and respond quickly and effectively to cyberattacks.

But service providers will now need to consider how they will manage thousands and hundreds of configurations of 'Software Bills of Materials' across their entire device inventory. 

Complementing unique device identifiers (UDIs) and extending upon barcode, RFID tagging and other scan and track capabilities, our solution includes the ability to canvas your inventory by software installed, regardless of device type. 

For example, you could quickly find every device that is running Windows XP or another operating system, allowing you to promptly assess risks and create a plan for patching devices when vulnerabilities or malware attacks are identified.

Providing more information is a vital first step, but it’s not enough. Innovations such as our Next Generation Service Records can help service providers to reap the benefits created by these proposals by taking action to improve device safety and security.

Sign up to our newsletter to get the latest updates about Spiritus and Next Generation Service Records.