Medical Device Cybersecurity: EU Requirements
“Essential safety requirement” for all medical devices that incorporate electronic programmable systems (SiMD) and software that are medical devices in themselves (SaMD) I
- Integrated security: risk control measures mandatory for safe design and production, appropriate safeguards regarding risks that cannot be excluded, security information and training (Annex I, No.4);
- Mandatory risk management for the identification and analysis of hazards (Annex I, No. 3b);
- Risk minimization activities for possible negative interaction between software and the IT environment (Annex I, 14.2);
- Appropriate precautions to eliminate or reduce any risks or performance impairments from defects. (Annex I, No. 17.1)
- Software shall be developed and manufactured according to the state of the art, with principles of a software lifecycle, risk management, information security, verification, and validation. (Annex I, 17.2).