Description: Medical device and data security are required and cannot be “bolted on” late in development. Because ISO 13485:2016 requires a risk-based approach to quality management system processes focused on safety and performance, a common approach to medical device and data security is to include cybersecurity in the product safety risk management process. However, guidance recommends a distinct process for guaranteeing security, with an interface to safety where appropriate. Furthermore, ensuring device and data security requires more than adding device features like data encryption – similar to safety risk-based thinking, adequate cybersecurity requires security risk-based decision making in quality system processes.
Using the 6 elements of the draft NIST Cybersecurity Framework 2.0, this session will discuss how to integrate cybersecurity requirements throughout the medical device quality management system, including US and EU perspectives, to build more secure devices.
Learning Objectives:
Participants will be able to write the 6 functions of the NIST Cybersecurity Framework 2.0
Participants will be able to apply the NIST Cybersecurity Framework 2.0 to constructing/updating their QMS to align with current cybersecurity requirements.
