If your IoT product is considered a medical device, stringent safety testing must be conducted prior to the sale or update of your product. In 2016, the US Food and Drug Administration (FDA) issued guidance on cybersecurity in medical devices.
Even though this document focused on post-market management, there was an important guideline included that development teams should consider. The guidance introduced a risk-based reporting framework for medical devices, specifically: