Product Security Evaluation Services for Medical Devices

Cybersecurity is crucial for internet-connected medical devices and hospital networks, aiming for high efficiency and advanced services. Yet, this connectivity elevates cybersecurity risks. Globally, regulators now require resilience against these threats for medical devices, prompting stricter regulations and mandatory cybersecurity assessments.

Navigating the complex mix of global (ISO/IEC) and regional (US FDA, EU MDR, China NMPA, etc.) standards and regulations presents challenges. Our services offer training, pre-assessment, and security evaluations to help manufacturers secure their devices, mitigate risks and stand out in the market.

Why choose SGS product security evaluation services for medical devices?

We enable you to:

• Comply with regulations and corresponding standards
• Generate evidence and proof that cybersecurity related risks have been considered, evaluated and mitigated for the complete lifecycle of devices, systems and networks
• Gain specialized training, assessment and certification with a special focus on the intertwined relationship of cybersecurity and functional safety
• Obtain comprehensive testing for medical devices – from particle testing to software, electrical and cybersecurity testing

Medical device cybersecurity training

Our medical device cybersecurity training includes:

• Introductory cybersecurity training for medical device manufacturers, introducing the current market situation, incidents, threats and risks, regulations, standards, certifications, and best practices
• Cybersecurity risk management for medical device manufacturers according to ISO 14971, AAMI TIR57 or AAMI SW 96
• Cybersecurity related post-market activities
• Secure hardware/software development lifecycle
• Training on secure design and coding principles, security assessment and testing
• Communication and network security

Medical device cybersecurity pre-assessment

Our medical device cybersecurity pre-assessments include:

• Cybersecurity threat and risk analysis for medical devices
• Security capability maturity assessments for organizations and business processes
• Security related gap assessments and design reviews for medical devices covering the complete product life cycle
• Review and assessment of applied cybersecurity risk management for medical devices (e.g., according to AAMI TIR 57)
• Vulnerability assessments for hardware and software, as well as network and cloud solutions
• Customized security assessment and test campaigns in preparation for product approvals (e.g., FDA 510k application) and against relevant standards
• SBOM scanning

Medical device cybersecurity evaluation for formal certification

We provide medical device cybersecurity evaluation for formal certification, such as:

• Independent conformity assessments against cybersecurity guidance documents issued by the US FDA or issued in connection to the European MDR/IVDR regulations
• Independent security related conformity assessments against the standards DTSec, IEC81001-5-1, ISO60601-4-5, AAMI TIR57, AAMI TIR97, AAMI SW96.
• Security evaluation according to the BSZ Certification Scheme governed by the BSI in Germany
• Security evaluation according to the SESIP scheme suitable for IoT devices governed by GlobalPlatform