Medical device security
Medical device security compliance requirements and training
With the tightening security requirements of the two new regulations – one on medical devices (MDR) and the other on in vitro diagnostic medical devices (IVDR) – cybersecurity compliance has become an essential issue in medical device development. To demonstrate regulatory compliance, the manufacturer is required to present cybersecurity-related data from both pre- and post-market lifecycle phases. Also, the new version of the medical device software lifecycle standard IEC 62304 will include specific cybersecurity risk management requirements. It is essential to understand these requirements thoroughly and, most importantly, to know how to implement them in practice.
Secure product development under ISO 13485 -certified Quality Management System (RegOps)
Solita Health is an ISO 13485 -certified developer of medical devices. The ISO 13485 certificate solidifies the role of Solita Health as an international product development partner and in the medical device industry. Operations controlled by the certified quality management system incorporate our core competences, such as software development, user insight, service design, and strategic, data, and analytics expertise. Built on the success of Oravizio, the AI-powered risk assessment tool for surgeons, we have an exceptional ability to help you design and implement secure medical device software.
Security requirements and threat analysis in medical device risk management
Medical device manufacturers are required to have a general risk management process to manage the safety risks related to their products. The risk management process must be compliant with the standard ISO 14971. Even if the security risk management has a broader perspective on risks, the process can be implemented similarly, and it can be aligned with the manufacturer’s current general safety risk management process. We can help you set up and document a security process that meets the regulatory requirements, is effective, and is based on your current workflow. We have specialised expertise in threat and security analysis and are able to help you identify the risks that are significant in the medical domain.
Data protection and other related legislation
Health and well-being services are becoming increasingly digital. Artificial intelligence, analytics, cloud services, and open interfaces offer almost limitless opportunities for improving services and operations. When working in health and well-being, it is inherent to the domain that sensitive data is required to deliver the services the end-users need. The sensitive nature of the data calls for both regulatory compliance and an inherent focus on data protection. We understand and know the requirements, processes and technologies required and are ready to help you with securing your sensitive data from technical measures to governance processes.