Among many novelties linked to cybersecurity risks, two new regulations on medical devices have been adopted and entered into force on 25 May 2017.
These regulations introduce new essential cybersecurity requirements for all medical devices that incorporate electronic programmable systems and software that are medical devices in themselves within the EU.
This means that manufacturers have to develop and manufacture their products in accordance with the state of the art technologies and taking into account the principles of risk management.
Cybersecurity compliance includes:
The healthcare industry is one of the most critical infrastructures in each country. Patients deserve the best possible medical support, which motivates and triggers the fast-paced dynamics of the industry. Security is often an invisible aspect for the end user, as the attention falls on the performance of a medical device or a service. CCLab is actively involved in the domain of medical devices security, and up to date with the developments concerning standards, regulations and certifications.
Intenationally recognized security certification by Common Criteria:
The specialty of QTICS MEDICAL is the ability to provide its Clients a fully-fledged portfolio of services, so that they can manage their complete conformity assurance process, starting with consultancy, going through different tests and necessary validations. The needs of the various economic actors of the medical device manufacturing and /or import tend to be typically different, therefore any of QTICS’s service fields and elements can be taken individually or in the appropriate combination with each-other.
QTICS Medical will provide all steps and services relevant for conformity:
The essence of the methodology is to analyze the documentation and in certain cases the source code before and during the vulnerability assessment phase of the target. This way a greater set of flaws could be identified and then corrected, because we gain a more detailed knowledge about how the target in scope works.
Based on the deficiencies/vulnerabilites found, we perform a “generalization” of the errors, provide recommendations about how to eliminate or correct them and perform a re-check.
A wide range of services are available: