There is a lack of cyber­se­cu­ri­ty exper­tise when it comes to sup­port dur­ing con­for­mi­ty assess­ments for med­ical devices so TEAM-NB has issued a posi­tion paper ‘Cyber Secu­ri­ty’ to assist noti­fied bod­ies in their assessments.

Mak­ing sure that rel­e­vant stan­dards, such as IEC 81001-5-1, a stan­dard asso­ci­at­ed with health soft­ware, are imple­ment­ed in a har­monised way is one of TEAM-NB’s recommendations.

The aim of the posi­tion paper is to make con­for­mi­ty assess­ments of med­ical device cyber­se­cu­ri­ty in the con­text of Reg­u­la­tions (EU) 2017/745 and 2017/746 on med­ical devices and in vit­ro diag­nos­tic med­ical devices (MDR and IVDR) as effec­tive as pos­si­ble while main­tain­ing quality. 

Anoth­er stan­dard, IEC TR 60601-4-5 can also be used to record secu­ri­ty stip­u­la­tions of med­ical devices to sup­port type test­ing of secu­ri­ty prop­er­ties. It offers com­pre­hen­sive tech­ni­cal spec­i­fi­ca­tions for the secu­ri­ty ele­ments required for med­ical devices used with­in med­ical IT net­works but can also be used by man­u­fac­tur­ers of med­ical device software. 

Man­u­fac­tur­ers should take on a secure devel­op­ment life cycle from the ini­tial to con­clud­ing stages of devel­op­ment. Stan­dards such as IEC 81001-5-1 offer vital infor­ma­tion on how to do this. 

Source: Medtech Insight (an Infor­ma product)

Accom­pa­ny­ing this sub­ject we rec­om­mend the fol­low­ing con­tent on our website