Who is responsible for ensuring the safety and effectiveness of medical devices that incorporate OTS software?
FDA recommends that purchasers and users of medical devices that may be subject to a cybersecurity vulnerability contact you with their concerns. As Question 4 explains, you are responsible for the performance of OTS software that is part of your device. Although there may be times when it is appropriate for the user to become involved (see Question 9 below), the user should not attempt to make changes without seeking your advice and recommendations.