Medical Devices Security: How to Utilize Existing Standards to Achieve Compliance and Prepare for Upcoming Harmonized Certification (I11b)
Cybersecurity of medical devices is an important topic in the landscape of compliance and regulations as it has a direct impact on patients health. The new mandatory European Regulation 2017/745 (or so-called EU MDR) has come was mandated from March 2021 and currently drives the market’s needs in terms of cybersecurity. As with other regulations, EU MDR only orders the implementation of cybersecurity controls and processed on a high level for medical devices manufacturers, without providing details on how the compliance can be achieved. On the other hand, the perspective of upcoming harmonised certification under the EU Cybersecurity Act asks manufacturers to take a pro-active approach for their cybersecurity. This talk will discuss two main Standards that are currently used as state-of-art approach to achieve compliance for medical devices manufacturers: UL2900-2-1 and IEC62443-4-1. The focus of the talk will be to show how those Standards can be utilised to meet all cybersecurity related requirements of EU MDR. Moreover, this talk will discuss a study cases how those Standards were used in practice by medical devices manufacturers to bring their cybersecurity in compliance.