1. Reason for the Enactment

The Guidelines provide the matters necessary for guidelines on security against electronic infringements of digital medical devices in accordance with the newly enacted Digital Medical Products Act (Law No. 20139; promulgated on January 23, 2024; effective from January 24, 2025) and its Enforcement Rules.

2. Main Contents

a. Security services and documentation (Draft Article 2)

The Guidelines provide detailed contents on security services and documentation for continuous monitoring of the vulnerabilities of digital medical devices in order to address electronic infringements thereof.

b. Physical security systems (Draft Articles 3 to 5)

The Guidelines provide regulations on the physical security systems, including those designed to ensure secure communication, authorization, and certification.

c. Technical security systems (Draft Articles 6 to 12)

The Guidelines provide regulations on technical security systems, including file and input validity, data security, and encryption key management.

d. Risk Management (Draft Articles 13 to 16)

The Guidelines provide details on risk management activities throughout the entire product development lifecycle.

e. Response to Electronic Infringement (Draft Articles 17 to 19)

The Guidelines provide details on planning and measures to address electronic infringements.

f. Vulnerability Monitoring and Responses (Draft Articles 20 to 22)

The Guidelines provide details on how to monitor and respond to the vulnerabilities of digital medical devices.

g. Time limit for review (Draft Article 23)

The Guidelines provide a provision on reviewing the feasibility of the guidelines on security against electronic infringements of digital medical devices.