TY - GEN
T1 - On Medical Device Cybersecurity Compliance in EU
AU - Granlund, Tuomas
AU - Vedenpää, Juha
AU - Stirbu, Vlad
AU - Mikkonen, Tommi
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The medical device products at the European Union market must be safe and effective. To ensure this, medical device manufacturers must comply to the new regulatory requirements brought by the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). In general, the new regulations increase regulatory requirements and oversight, especially for medical software, and this is also true for requirements related to cybersecurity, which are now explicitly addressed in the legislation. The significant legislation changes currently underway, combined with increased cybersecurity requirements, create unique challenges for manufacturers to comply with the regulatory framework. In this paper, we review the new cybersecurity requirements in the light of currently available guidance documents, and pinpoint four core concepts around which cybersecurity compliance can be built. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.
AB - The medical device products at the European Union market must be safe and effective. To ensure this, medical device manufacturers must comply to the new regulatory requirements brought by the Medical Device Regulation (MDR) and the In Vitro Diagnostic Medical Device Regulation (IVDR). In general, the new regulations increase regulatory requirements and oversight, especially for medical software, and this is also true for requirements related to cybersecurity, which are now explicitly addressed in the legislation. The significant legislation changes currently underway, combined with increased cybersecurity requirements, create unique challenges for manufacturers to comply with the regulatory framework. In this paper, we review the new cybersecurity requirements in the light of currently available guidance documents, and pinpoint four core concepts around which cybersecurity compliance can be built. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.
KW - cybersecurity
KW - Medical device
KW - regulatory compliance
KW - regulatory requirements
U2 - 10.1109/SEH52539.2021.00011
DO - 10.1109/SEH52539.2021.00011
M3 - Conference contribution
AN - SCOPUS:85114412398
T3 - Proceedings - 2021 IEEE/ACM 3rd International Workshop on Software Engineering for Healthcare, SEH 2021
SP - 20
EP - 23
BT - Proceedings - 2021 IEEE/ACM 3rd International Workshop on Software Engineering for Healthcare, SEH 2021
PB - IEEE
T2 - IEEE/ACM International Workshop on Software Engineering for Healthcare
Y2 - 3 June 2021
ER -