Cybersecurity is crucial for internet-connected medical devices and hospital networks, aiming for high efficiency and advanced services. Yet, this connectivity elevates cybersecurity risks. Globally, regulators now require resilience against these threats for medical devices, prompting stricter regulations and mandatory cybersecurity assessments.
Navigating the complex mix of global (ISO/IEC) and regional (US FDA, EU MDR, China NMPA, etc.) standards and regulations presents challenges. Our services offer training, pre-assessment, and security evaluations to help manufacturers secure their devices, mitigate risks and stand out in the market.
Why choose SGS product security evaluation services for medical devices?
We enable you to:
- Comply with regulations and corresponding standards
- Generate evidence and proof that cybersecurity related risks have been considered, evaluated and mitigated for the complete lifecycle of devices, systems and networks
- Gain specialized training, assessment and certification with a special focus on the intertwined relationship of cybersecurity and functional safety
- Obtain comprehensive testing for medical devices – from particle testing to software, electrical and cybersecurity testing
Medical device cybersecurity training
Our medical device cybersecurity training includes:
- Introductory cybersecurity training for medical device manufacturers, introducing the current market situation, incidents, threats and risks, regulations, standards, certifications, and best practices
- Cybersecurity risk management for medical device manufacturers according to ISO 14971, AAMI TIR57 or AAMI SW 96
- Cybersecurity related post-market activities
- Secure hardware/software development lifecycle
- Training on secure design and coding principles, security assessment and testing
- Communication and network security
Medical device cybersecurity pre-assessment
Our medical device cybersecurity pre-assessments include:
- Cybersecurity threat and risk analysis for medical devices
- Security capability maturity assessments for organizations and business processes
- Security related gap assessments and design reviews for medical devices covering the complete product life cycle
- Review and assessment of applied cybersecurity risk management for medical devices (e.g., according to AAMI TIR 57)
- Vulnerability assessments for hardware and software, as well as network and cloud solutions
- Customized security assessment and test campaigns in preparation for product approvals (e.g., FDA 510k application) and against relevant standards
- SBOM scanning
Medical device cybersecurity evaluation for formal certification
We provide medical device cybersecurity evaluation for formal certification, such as:
- Independent conformity assessments against cybersecurity guidance documents issued by the US FDA or issued in connection to the European MDR/IVDR regulations
- Independent security related conformity assessments against the standards DTSec, IEC81001-5-1, ISO60601-4-5, AAMI TIR57, AAMI TIR97, AAMI SW96.
- Security evaluation according to the BSZ Certification Scheme governed by the BSI in Germany
- Security evaluation according to the SESIP scheme suitable for IoT devices governed by GlobalPlatform
Why SGS?
We are the world’s leading provider of testing, inspection and certification services to the cybersecurity industry. We are recognized as the global benchmark for quality and integrity. Accredited by Common Criteria (CC), EMVCo, SESIP, PSA Certified, MasterCard, PCI, Visa, American Express, and numerous national schemes, we boast the highest number of CC accreditations globally. As the largest security evaluation laboratory with more than ten locations across the globe, we execute over 700 projects annually for hundreds of clients worldwide.
To discuss your cybersecurity medical device requirements, contact us today.