🪴 Quartz 4.0

Medical Device Cybersecurity Standards and Services

2 min read

last highlighted date: 2024-04-11

Highlights

  • The UL 2900 Standards are used to provide objective evidence that software weaknesses and vulnerabilities have been appropriately dispositioned and further confirmed via penetration testing, and that this management continues throughout the life cycle
  • Logging security events
  • Updating software to address safety, essential performance and security issues
  • UL 2900-1 addresses the testing of security attributes and controls.
  • UL 2900-2-1 addresses the integration of safety and security.
  • IEC 81001-5-1 covers the management software development risks (which, in the context of UL 2900, can help organizations identify the types of risk and challenges a manufacturer’s product introduces to the customer when integrated into their environment, and how to support customers during setup).
  • AAMI TIR 57 addresses the management of product security risks and is informatively referenced in UL 2900-2-1.
  • Interoperability standards, such as Health Level 7 (HL7), Fast Healthcare Interoperability Resources (FHIR), Digital Imaging and Communications in Medicine (DICOM), Open Integrated Clinical Environment (ICE)
  • Communication capabilities, such as Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), Remote Procedure Call (RPC), Internet Protocol Security (IPSec), Point to Point Tunneling Protocol (PPTP), Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP)
  • UL 2900 is an FDA-recognized consensus standard to which the International Medical Device Regulators Forum (IMDRF) also refers; UL 2900 can factor into manufacturers’ global regulatory submissions.
  • Medical device manufacturers receive a public UL 2900 certificate and private report when they complete certification. The public certificate can be accessed by anyone and includes the manufacturer name, product details and other information that can help healthcare delivery organizations integrate into their system; the public certificate includes the National Vulnerability Database (NVD) and UL Product iQ® database versions.

Graph View

Backlinks

  • No backlinks found