The require­ments of the cyber­se­cu­ri­ty stan­dard for med­ical devices, which was pub­lished a short time ago, sur­pass­es what reg­u­la­tors are now look­ing for from med­ical device manufacturers. 

The new stan­dard has been adopt­ed by the Inter­na­tion­al Elec­trotech­ni­cal Com­mis­sion (IEC) and the  Inter­na­tion­al Organ­i­sa­tion for stan­dards (ISO). IEC 81001-5-1 requires  devel­op­ers of med­ical device soft­ware to include cer­tain life­cy­cle cyber­se­cu­ri­ty stan­dards that could be oner­ous for non-device health soft­ware man­u­fac­tur­er. It could mean health care soft­ware man­u­fac­tur­ers would have to ful­fil require­ments like those con­cern­ing Soft­ware of Unknown Prove­nance (SOUP), soft­ware archi­tec­tur­al design, safe­ty risk man­age­ment, prob­lem res­o­lu­tion, and doc­u­ment­ed sta­t­ic reviews of require­ments, archi­tec­ture and design.

Although the stan­dard is not yet rec­om­mend­ed by reg­u­la­to­ry bod­ies, author­i­ties world­wide may think about imple­ment­ing it in the future. 

Source: Medtech Insight (an Infor­ma product)

Accom­pa­ny­ing this sub­ject we rec­om­mend the fol­low­ing con­tent on our website