26

Jul

2022

New Cybersecurity Standard

cybersecurity, standards

0

Recently, a new cybersecurity standard, IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, was released. As the name implies, this standard addresses the overall software development lifecycle (SDLC) with regard to cybersecurity activities. For medical device manufacturers, this is very helpful and when combined with IEC 62304 (see our post on training) can make for a complete set of SDLC activities for managing both safety risks and cybersecurity risks.

What parts of the lifecycle are addressed in this new cybersecurity standard?

As you might expect, the standard addresses the expected stages of the SDLC that align with IEC 62304:

Software development planning
HEALTH SOFTWARE requirements analysis
Software architectural design
Software design
Software unit implementation and VERIFICATION
Software integration testing
Software system testing
Software release
Software maintenance

While IEC 62304 has requirements for “safety risk management,” IEC 81001-5-1 has requirements for “security risk management.” With regard to the “software problem resolution process” described in IEC 62034, 81001-5-1 focuses on receiving, reviewing, and analyzing vulnerabilities. The standard has required elements, but also provides “best practices” and defensive design strategies.

Where can you obtain a copy of the standard?

About the author

Brian Pate

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

Agile principles that align well with medical
Backlog management
Agile risk management
Incremental and iterative software development lifecycle management
Frequent release management
And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offering: Dec 3, 4, & 5, 2024 – 12:00 pm to 5:00 pm CET

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future. Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply. Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering: TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount. Limited number of pre-registration coupons.

Registration Link:

TBD

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering: TBD