4
min reading time
In the previous articles about MDR (Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices), compliance we’ve explored the topics of MDR from a cybersecurity point of view, the most common causes of vulnerabilities and their prevention and the medical device testing process. Today, in the last segment of the MDR series, we will explain the MDR compliance procedure and its possible complexities that everyone needs to know who has to conform with these regulations and obtain a CE certification. It is important to state that the cybersecurity requirements set by MDR and IVDR are identical, so whenever we write about MDR compliance, it also applies to IVDR in terms of cybersecurity obligations.
In this article we will answer the following questions:
Let’s dive right in!
Even though we’ve elaborated on this topic before in one of the previous articles of the series, let’s recap why affected manufacturers can’t ignore the requirements of the regulation.
Those manufacturers and service providers who don’t comply with the requirements of the MDR (and also IVDR) will not be able to receive the CE certification. However, the CE certification is obligatory for all companies who aim to market their products and services within the European Union. As a result, the question of compliance needs to be among the top items on their priority list, if they don’t want to lose the right of offering their medical devices to European consumers.
The process lies on the responsibilities of two main parties. These are:
If you are looking for the complete list of the notified bodies and their technical competence under the directive of 93/42/EEC for medical devices, check out this official list.
Compliance procedure steps:
The key for a successful, fast, and cost efficient certification process is deliberate preparation.
Although he goal of the certification preparation is to create processes and documentation that will be accepted by accredited notified bodies and result in successful certification there are still some complicating factors in the process:
The regulation sets out expectations for Manufacturers towards Developers, but does not provide guidance on how to make them. For example, according to the best development practices, software can be developed in many ways, but may not be secure enough for Notified Bodies. This can lead to delays or failure of certification, as the Manufacturer / Developer has carried out the implementation and documentation with a different mindset than the Notified Body.
The experience is that although many medical device and/or software Manufacturers or Developers are excellent at making medical devices, many of them are lack of cybersecurity expertise, leading to misunderstandings and not being able to provide evidence for compliance.
A deliberate preparation methodology based on internationally recognised industry standards can provide a strong foundation and confidence that the certification process will go smoothly.
A cost efficient solution to plan and execute preparation for certification is to hire cybersecurity analysts who have years of experience working with internationally recognized cybersecurity standards and certification frameworks. Cybersecurity analysts at CCLab are certified evaluators for Common Criteria, one of the most rigorous assessment framework. They know how notified bodies think, what they are expecting, and how to present information for a compliance assessment.
Medical device Manufacturers and Developers are committed to creating products and services services that help solving people’s health problems, providing them a higher quality of life. It is not their job to become a cybersecurity expert, but it is also in their interest to keep their devices and services secure for both parties.
Let our cybersecurity analysts help you with the cybersecurity perspective in your processes so you can focus on what you are the best in.
If you are looking for the easiest way out from the fairly complicated jungle of MDR compliance, get in touch with CCLab evaluation laboratory, an official partner of the QTICS medical group, to enjoy the advantages of professional guidance, consulting, education, and assessment.
Want to understand the MDR, IVDR regulation? Download our e-book on the latest requirements of medical cybersecurity
The second stage of the medical device cybersecurity testing framework is risk assessment. This downloadable infographics introduces the risk analysis process to you.
The first step in preparing for the EU MDR compliance is the gap analysis. This downloadable infographic guides you through the gap analysis process.
The rapid advancement of connected medical devices has revolutionized the healthcare sector, particularly in vitro diagnostics (IVD). These devices are pivotal in disease detection and management, from genetic tests and blood glucose meters to infectious disease diagnostics, underpinning modern healthcare practices. The global market for in vitro diagnostics (IVD) is projected to grow significantly, with estimates predicting a compound annual growth rate (CAGR) of 5% to 7%, driven by advancements in connected diagnostic devices. While these innovations enhance diagnostic accuracy and operational efficiency, they also amplify cybersecurity risks, demanding urgent attention to device security. However, the growing connectivity of in vitro diagnostic devices exposes them to cybersecurity threats, posing risks to patient data, diagnostic accuracy, and operational continuity. This article explores the vulnerabilities of connected IVD devices, the significance of IVDR compliance, and strategies to safeguard against emerging cyber threats.
10
min reading time
In an era where digital threats grow in complexity and frequency, cybersecurity is no longer a secondary consideration but an essential part of manufacturing operations. Compliance with security standards offers manufacturers a structured approach to managing the growing risks of digital threats and securely handling sensitive data. Compliance also helps companies meet industry regulations, protect intellectual property, and avoid potentially devastating financial losses.
8
min reading time
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
8
min reading time