[TECH LETTER] Cybersecurity requirements

Where does regulatory compliance with cybersecurity requirements begin?
Traditionally, we would rely on state-of-the-art or harmonized standards to demonstrate conformity with such GSPRs, but things quickly complicated, since it is not entirely clear, which standards represent the state-of-the-art for security of medical and IVD devices.
This applies to both the security-related processes at the company level, as well as security capabilities of the device itself.
In this Downloadable Tech’letter, we discuss a short list of key sources for both knowledge and application of fundamental security concepts to the lifecycle medical and IVD devices.