min reading time
In the previous articles about MDR (Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices), compliance we’ve explored the topics of MDR from a cybersecurity point of view, the most common causes of vulnerabilities and their prevention and the medical device testing process. Today, in the last segment of the MDR series, we will explain the MDR compliance procedure and its possible complexities that everyone needs to know who has to conform with these regulations and obtain a CE certification. It is important to state that the cybersecurity requirements set by MDR and IVDR are identical, so whenever we write about MDR compliance, it also applies to IVDR in terms of cybersecurity obligations.
In this article we will answer the following questions:
Let’s dive right in!
Even though we’ve elaborated on this topic before in one of the previous articles of the series, let’s recap why affected manufacturers can’t ignore the requirements of the regulation.
Those manufacturers and service providers who don’t comply with the requirements of the MDR (and also IVDR) will not be able to receive the CE certification. However, the CE certification is obligatory for all companies who aim to market their products and services within the European Union. As a result, the question of compliance needs to be among the top items on their priority list, if they don’t want to lose the right of offering their medical devices to European consumers.
The process lies on the responsibilities of two main parties. These are:
If you are looking for the complete list of the notified bodies and their technical competence under the directive of 93/42/EEC for medical devices, check out this official list.
Compliance procedure steps:
The key for a successful, fast, and cost efficient certification process is deliberate preparation.
Although he goal of the certification preparation is to create processes and documentation that will be accepted by accredited notified bodies and result in successful certification there are still some complicating factors in the process:
The regulation sets out expectations for Manufacturers towards Developers, but does not provide guidance on how to make them. For example, according to the best development practices, software can be developed in many ways, but may not be secure enough for Notified Bodies. This can lead to delays or failure of certification, as the Manufacturer / Developer has carried out the implementation and documentation with a different mindset than the Notified Body.
The experience is that although many medical device and/or software Manufacturers or Developers are excellent at making medical devices, many of them are lack of cybersecurity expertise, leading to misunderstandings and not being able to provide evidence for compliance.
A deliberate preparation methodology based on internationally recognised industry standards can provide a strong foundation and confidence that the certification process will go smoothly.
A cost efficient solution to plan and execute preparation for certification is to hire cybersecurity analysts who have years of experience working with internationally recognized cybersecurity standards and certification frameworks. Cybersecurity analysts at CCLab are certified evaluators for Common Criteria, one of the most rigorous assessment framework. They know how notified bodies think, what they are expecting, and how to present information for a compliance assessment.
Medical device Manufacturers and Developers are committed to creating products and services services that help solving people’s health problems, providing them a higher quality of life. It is not their job to become a cybersecurity expert, but it is also in their interest to keep their devices and services secure for both parties.
Let our cybersecurity analysts help you with the cybersecurity perspective in your processes so you can focus on what you are the best in.
If you are looking for the easiest way out from the fairly complicated jungle of MDR compliance, get in touch with CCLab evaluation laboratory, an official partner of the QTICS medical group, to enjoy the advantages of professional guidance, consulting, education, and assessment.
The global market for Smart Meters, estimated at US$10.5 billion in 2020, is predicted to grow at a CAGR of 6.7 percent, reaching US$15.2 billion by 2026. Based on the latest available data, U.S. electric utilities have about 102.9 million smart meter device (AMI) installations while 26.4 million homes and small businesses are equipped with smart and advanced meters in Great Britain.
min reading time
Our new article will provide you with valuable information if you are considering getting your IT security product or technology CC Certified, or if you are interested to know more about the Common Criteria evaluation process.
min reading time