min reading time
In the previous articles about MDR (Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices), compliance we’ve explored the topics of MDR from a cybersecurity point of view, the most common causes of vulnerabilities and their prevention and the medical device testing process. Today, in the last segment of the MDR series, we will explain the MDR compliance procedure and its possible complexities that everyone needs to know who has to conform with these regulations and obtain a CE certification. It is important to state that the cybersecurity requirements set by MDR and IVDR are identical, so whenever we write about MDR compliance, it also applies to IVDR in terms of cybersecurity obligations.
In this article we will answer the following questions:
Let’s dive right in!
Even though we’ve elaborated on this topic before in one of the previous articles of the series, let’s recap why affected manufacturers can’t ignore the requirements of the regulation.
Those manufacturers and service providers who don’t comply with the requirements of the MDR (and also IVDR) will not be able to receive the CE certification. However, the CE certification is obligatory for all companies who aim to market their products and services within the European Union. As a result, the question of compliance needs to be among the top items on their priority list, if they don’t want to lose the right of offering their medical devices to European consumers.
The process lies on the responsibilities of two main parties. These are:
If you are looking for the complete list of the notified bodies and their technical competence under the directive of 93/42/EEC for medical devices, check out this official list.
Compliance procedure steps:
The key for a successful, fast, and cost efficient certification process is deliberate preparation.
Although he goal of the certification preparation is to create processes and documentation that will be accepted by accredited notified bodies and result in successful certification there are still some complicating factors in the process:
The regulation sets out expectations for Manufacturers towards Developers, but does not provide guidance on how to make them. For example, according to the best development practices, software can be developed in many ways, but may not be secure enough for Notified Bodies. This can lead to delays or failure of certification, as the Manufacturer / Developer has carried out the implementation and documentation with a different mindset than the Notified Body.
The experience is that although many medical device and/or software Manufacturers or Developers are excellent at making medical devices, many of them are lack of cybersecurity expertise, leading to misunderstandings and not being able to provide evidence for compliance.
A deliberate preparation methodology based on internationally recognised industry standards can provide a strong foundation and confidence that the certification process will go smoothly.
A cost efficient solution to plan and execute preparation for certification is to hire cybersecurity analysts who have years of experience working with internationally recognized cybersecurity standards and certification frameworks. Cybersecurity analysts at CCLab are certified evaluators for Common Criteria, one of the most rigorous assessment framework. They know how notified bodies think, what they are expecting, and how to present information for a compliance assessment.
Medical device Manufacturers and Developers are committed to creating products and services services that help solving people’s health problems, providing them a higher quality of life. It is not their job to become a cybersecurity expert, but it is also in their interest to keep their devices and services secure for both parties.
Let our cybersecurity analysts help you with the cybersecurity perspective in your processes so you can focus on what you are the best in.
If you are looking for the easiest way out from the fairly complicated jungle of MDR compliance, get in touch with CCLab evaluation laboratory, an official partner of the QTICS medical group, to enjoy the advantages of professional guidance, consulting, education, and assessment.
With the advent of network-connected medical devices, healthcare has witnessed significant advancements, enabling remote monitoring and managing patient health. However, the increasing connectivity of medical devices has also brought growing concerns regarding cybersecurity breaches. In this article, we explore the severity of medical device cybersecurity issues, the importance of proper cybersecurity measures, and the regulations to address these concerns.
min reading time
The Internet of Medical Things (IoMT) has transformed the healthcare sector worldwide by allowing continuous remote patient monitoring, real-time data collecting, and improved treatment results. According to a recent analysis by Grand View Research, Inc., the global IoMT market is predicted to reach USD 861.3 billion by 2030 and to increase at a 16.8% CAGR from 2023 to 2030.
min reading time
In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in a new era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.
min reading time