Overview
The EU Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR) require manufacturers to address cybersecurity throughout the entire product lifecycle. ISO 27001, combined with the new IEC 81001-5-1 standard, provides a robust framework for meeting these requirements systematically. This focused 2-hour webinar explores how to integrate information security management principles into medical device development and post-market activities, ensuring compliance with EU regulations while maintaining an effective security posture. The course addresses both organizational security (ISO 27001) and product security (IEC 81001-5-1) requirements.
This focused 2-hour course provides practical guidance on implementing cybersecurity lifecycle management for medical devices under EU MDR and IVDR. Participants will learn to leverage ISO 27001:2022 organizational controls alongside IEC 81001-5-1 product security requirements, creating a comprehensive approach that satisfies regulatory expectations while protecting devices throughout their lifecycle. The course emphasizes practical implementation strategies and documentation requirements.
Why Should You Attend
- Understand MDR/IVDR cybersecurity requirements in Annex I GSPR
- Apply ISO 27001:2022 principles to medical device organizations
- Implement IEC 81001-5-1 for product-specific security
- Develop lifecycle-based security management processes
- Create compliant cybersecurity documentation for technical files
- Establish post-market security monitoring and response procedures
Webinar Takeaway
Regulatory Cybersecurity Requirements
MDR Annex I GSPR 17.2, 17.4 cybersecurity requirements
IVDR equivalent requirements
MDCG 2019-16: Guidance on cybersecurity
Notified Body expectations for cybersecurity assessment
ISO 27001:2022 Framework Application
- ISMS structure for medical device organizations
- Risk-based control selection
- Relevance of Annex A controls to device security
- Integration with quality management systems
IEC 81001-5-1 Product Security
- Standard scope and relationship to IEC 62443
- Security risk management process
- Secure design and development requirements
- Security testing and verification
Lifecycle Security Management
- Secure development lifecycle (SDL) implementation
- Pre-market security documentation
- Post-market security monitoring
- Vulnerability and patch management
- Incident response and communication
Documentation & Compliance
- Technical file cybersecurity documentation
- Security risk management file structure
- Evidence requirements for conformity assessment
- Maintaining documentation throughout lifecycle
Practical Implementation
- Implementation roadmap and priorities
- Tool and process recommendations
- Case study examples
- Q&A and discussion
Who Will Benefit
- Regulatory Affairs Managers dealing with cybersecurity requirements
- Information Security and Cybersecurity specialists
- Quality Managers responsible for MDR/IVDR compliance
- Software development and IT security professionals
- Risk management specialists
Faculty Frank Stein
Senior Expert Medical Devices, Frank Stein healthcare projects
Dr. h.c. Frank Stein, medical engineer, medical engineering experience since 25 years, clinical and research experience in cardiac surgery and cardiology, industrial experience in ophthalmology, neurology, traumatology and dental implants, active implants, active devices, international project and regulatory consulting experience in Europe, North-America, Asia, Australia, Arabic Countries, Latin-America.
