Software and Cybersecurity Risk Management for Medical Devices

precon

8:00 a.m. – 8:30 a.m.

Continental Breakfast

8:30 a.m. – 9:00 a.m.

Latest Updates from FDA on Cybersecurity

9:00 a.m. – 10:00 a.m.

Cybersecurity Risk Analysis (Assets, Threats, Vulnerabilities)

  1. Medical device cybersecurity basics
  2. Asset profiling
  3. Threat identification
  4. Vulnerability identification
  5. Software vulnerabilities
  6. Attack Tree – top  down and bottom up cybersecurity analysis
  7. Connectivity between cybersecurity risk and safety risk

10:00 a.m. – 10:15 a.m.

Refreshment Break

10:15 a.m. – 11:15 a.m.

Group Exercise and Discussion With Instructors – Cybersecurity Risk Analysis

11:15 a.m. – 12:15 p.m.

Cybersecurity Risk Assessments and Risk Controls

  1. Cybersecurity risk assessment
  2. Cybersecurity risk control basics
  3. Software lifecycle process control measures
  4. Cybersecurity capability and requirements identification
  5. Special considerations for cybersecurity risk controls
  6. Control measures implementation and effectiveness

12:15 p.m. – 1:15 p.m.

Lunch

1:15 p.m. – 2:15 p.m.

Group Exercise and Discussion With Instructors – Cybersecurity Risk Assessments and Risk Controls

2:15 p.m. – 2:45 p.m.

Safety and Cybersecurity Risk Analysis Documentation for Stakeholders (FDA Reviewers, Hospitals, etc.)

  1. Documentation for pre-market submission
  2. Documentation for FDA inspection
  3. Documentation for healthcare provider (e.g. hospitals)

2:45 p.m. – 3:15 p.m.

Risk Management Completeness and Effectiveness – Introduction of Assurance Case Method

  1. Limitations of current risk analysis methods
  2. Assurance case concept
  3. How assurance case method can help  

3:15 p.m. – 3:30 p.m.

Refreshment Break

3:30 p.m. – 4:00 p.m.

Safety and Cybersecurity Assurance Case Examples

  1. Safety assurance case example for medical device
  2. Security assurance case example

4:00 p.m. – 5:00 p.m.

Post-market Safety and Cybersecurity Risk Management

  1. Post market risk assessment and evaluation
  2. MDR assessment
  3. FDA recall classification — HHE
  4. Legacy device cybersecurity risk management

5:00 p.m.

Workshop Adjournment

 

register

Day 1 | Day 2

Back to Top