To content | To menu | To search
Friday, 8 March 2024
By Mitch on Friday, 8 March 2024, 13:47 - Templates
Cybersecurity guidances and standards have quite evolved the last few months.
It's time to push new templates!
Friday, 23 February 2024
By Mitch on Friday, 23 February 2024, 14:21 - Standards
IEC 81001-5-1 is now the standard for cybersecurity in medical devices. But is this standard asking too much for?
Friday, 6 October 2023
By Mitch on Friday, 6 October 2023, 14:09 - Regulations
The final version of the FDA guidance titled "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions was published the 27th September 2023.
Monday, 20 February 2023
By Mitch on Monday, 20 February 2023, 13:56 - Standards
These three concepts come from IEC 62443 and were adopted in IEC 80001-5-1. SOUP isn't present in IEC 81001-5-1.
What are the differences between SOUP and Maintained software, Supported software, and Required software?
Monday, 9 January 2023
By Mitch on Monday, 9 January 2023, 15:31 - Regulations
The FDA added late December 2022 IEC 81001-5-1 to the list of recognized consensus standards.
That's it. After beating around the bush on this blog on whether UL 2900-x or IEC 81001-5-1 would be applicable to 510(k) submissions and other regulatory clearances, we now have the answer.
We can use IEC 81001-5-1 as:
A good way to make thing (a bit) more simple.
Remark: UL 2900-x can still be applied in the US!
Friday, 30 September 2022
By Mitch on Friday, 30 September 2022, 14:01 - Regulations
That’s the story of the pig and the hen for breakfast: the pig is involved (ham) and the hen is concerned (eggs). With the NIS2 directive in preparation, a medical device manufacturer will be in either situation.
Friday, 10 June 2022
By Mitch on Friday, 10 June 2022, 13:47 - Regulations
The FDA issued in April a new draft guidance on Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This guidance will supersede the guidance on Content of Premarket Submissions for Management of Cybersecurity in Medical Devices of 2014, when it is finalized. There’s no word about the draft guidance of 2018. We can suppose that one is obsolete.
Thursday, 13 January 2022
By Mitch on Thursday, 13 January 2022, 13:54 - Standards
IEC 81001-5-1 was published in December 2021. We already talked about the draft version here. Combined with IEC/TR 60601-4-5, published in February 2021, these two standards constitute the state of the art in cybersecurity of medical devices in Europe.
The final version is very close to the draft version, apart from a few changes to the organizational requirements; formerly clause 10 present in the draft, but removed and copied to clause 4 in the final version.
Be prepared to apply these two standards for your MDR CE Mark submissions, when they are harmonized. Most probably by 2024.
Friday, 9 July 2021
By Mitch on Friday, 9 July 2021, 13:37 - Standards
The draft list of harmonized standards for the MDR regulation was published in May 2021. In this document, we find the references to the following cybersecurity standards:
Sunday, 3 May 2020
By Mitch on Sunday, 3 May 2020, 14:20 - Regulations
So we have a new guidance on cybersecurity for medical devices: the MDCG 2019-16. This is not the one we expected so quickly, but we're not going to complain about the existence of this guidance! It was published in December 2019. At last I found time to write a review.
This guidance covers a broad range of topics applicable to all stakeholders in the medical device supply chains, and to end-users. It explains a bit why it is 46 pages long.
Friday, 16 August 2019
By Mitch on Friday, 16 August 2019, 13:44 - Standards
We continue this series of articles on cybersecurity with a free and non-exhaustive review of UL 2900-1 standard.
What is UL 2900-1? This standard was published in 2017 by Underwriters Laboratory (UL). It contains technical requirements on cybersecurity for network connectable products. A collateral UL 2900-2-1 focuses on connectable healthcare and wellness systems. UL 2900-1 and UL 2900-2-1 are FDA recognized standards. Thus, applicable to medical devices.
Thursday, 24 January 2019
By Mitch on Thursday, 24 January 2019, 12:50 - Regulations
The US FDA published in October 2018 a new draft version of its guidance on the content of premarket submissions for management of cybersecurity in medical devices. Two months later, Health Canada published in December 2018 a draft guidance document on pre-market requirements for medical device cybersecurity.
Monday, 15 October 2018
By Mitch on Monday, 15 October 2018, 14:58 - Templates
Hi there! Long time no see once again. I dig up our series of posts on cybersecurity.
In this post I publish two new templates for cybersecurity risk management.
Monday, 3 July 2017
By Mitch on Monday, 3 July 2017, 14:06 - Regulations
We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.
Tuesday, 16 May 2017
By Mitch on Tuesday, 16 May 2017, 21:53 - Standards
After a long pause, we continue this series about cybersecurity in medical devices with a discussion on AAMI TIR57:2016 Principles for medical device security — Risk management.
Friday, 10 February 2017
By Mitch on Friday, 10 February 2017, 14:20 - Regulations
This article is a follow-up of the previous article on the Draft guidance on Postmarket Management of Cybersecurity in Medical Devices.
By Mitch on Friday, 10 February 2017, 14:19 - Regulations
This article is a follow-up of the article on the Draft guidance on Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types.
Tuesday, 20 December 2016
By Mitch on Tuesday, 20 December 2016, 12:51 - Misc
After a long interruption, we continue this series on cybersecurity in medical devices with a review of stakeholders involved or concerned by cybersecurity requirements, and the consequences on architectural choices.
Monday, 24 October 2016
By Mitch on Monday, 24 October 2016, 16:50 - Regulations
We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.
