MEDICAL DEVICES / FDA & MDR REGULATIONS / ANSI UL 2900
The healthcare industry is one of the most critical infrastructures in each country, due to its direct implication on humans. Medical devices providing direct interaction with the patients need to be equipped with state-of-the-art features in terms of performance. At the same time, the fast rise of cybersecurity threats and attack vectors is impacting medical devices more and more.
From a cybersecurity point of view, most of these devices are high risk targets. Controlling and minimizing these risks becomes therefore a highly important process which manufacturers need to take into account.
Taking security into consideration during the whole development and manufacturing process of the medical devices could represent a strong means for avoiding any future security breaches, thus consolidating the brand’s image and reputation.
Moreover, due to the high risks associated in practice with their devices, medical device manufacturers need to comply with certain regulations in order to place their products on specific markets. In U.S.A, the Food and Drug Association (FDA) is regulating the market access, while in the EU, medical devices need to fulfill the Medical Devices Regulation.
Assessing, demonstrating compliance or obtaining relevant security certifications for your medical devices are important actions in order to improve their security, obtain the clearance for specific markets, and ultimately showcase their value to the patients or healthcare institutions. LCIE can support you with several testing and certification possibilities.
PREPARATION & RISK ASSESSMENT
- LCIE Bureau Veritas helps you in your preparation for the regulation.
- We offer training, workshop and gap analysis in the initial phases of your project.
- We also support you to perform the risk analysis. We base our approach on well-known standards, ISO 27005 & EBIOS (https://www.ssi.gouv.fr/guide/ebios-risk-manager-the-method/ )
LCIE can provide testing services in line with the relevant security publications addressing the domain of medical devices. The offered services are presented below.
LCIE has extensive experience in the interpretation and practical applicability of the internationally recognized IEC 62443 standard. Several parts of this standard can be of value to highlight the security of the product or development processes. IEC 62443-4-2 and IEC 62443-3-3 can be used to validate the security of medical products or integrated systems. IEC 62443-4-1 can be used to validate the security of the medical devices development processes.
LCIE Medical Devices Security Framework
In order to provide a flexible approach to the manufacturers, LCIE has developed its own testing framework, based on state of the art security guidelines such IEC 62443, UL 2900 or the ENISA Security Baseline Recommendations. Testing your product against the requirements of the framework allows manufacturers to select the depth of testing, thus perfectly addressing their needs.
FDA/EU Security Requirements
In order to enable the access of medical devices in USA, manufacturers need to apply and have their products approved by the FDA. The FDA assesses the security of devices based on its specified requirements. LCIE put together a flexible compliance service, aimed at supporting manufacturers with the FDA requirements, at various level of involvement. Documentation review, several options of testing, as well as analysis of the whole risk assessment file are options in this compliance service, which enables manufacturers to have a smoother FDA approval process.
At the same time, the EU Medical Devices Regulation asks manufacturers to demonstrate “state of the art” security in their products. The “Standard” security evaluation service, part of this compliance package, would allow manufacturers to efficiently demonstrate the implementation of state of the art security in their products.
Certification allows to put official recognition on the results of an assessment for your product. LCIE can support you with certification services for your IoT product based on the following schemes.
LCIE can support with official certification of medication devices in line with the UL 2900 (-2-1) standard, issued by Bureau Veritas. The service will result in a certificate that demonstrates the compliance of the product with the applicable requirements. This certificate can facilitate market access, being especially well recognized for FDA Cybersecurity compliance.