How Does Cybersecurity Fit in Your QMS? - Webinar CD/Transcript
How Does Cybersecurity Fit in Your QMS?: The Role of Quality in Securing Medical Devices
A Medical Device Security Program needs to be integrated into and is integral with the Quality Management System (QMS). The good news is, your QMS already includes a risk management methodology built on ISO 14971, which has similarities with the Association for the Advancement of Medical Instrumentation (AAMI) TIR57 security risk management guidance that the FDA has recently recognized.
Leaving security as an afterthought has caused many connected medical devices on the market today to have significant cybersecurity vulnerabilities that can be exploited to gain unauthorized access to data or directly impact patient safety. As a result, manufacturers have moved towards establishing security risk management processes that, at a minimum, define and document the following:
- Identification of assets, threats, and vulnerabilities
- Impact assessment of the threats and vulnerabilities on device functionality
- Assessment of the likelihood of a threat and of a vulnerability being exploited
- Determination of risk levels and suitable mitigation strategies
- Residual risk assessment and risk acceptance criteria
Manufacturers should also formally define and document security processes around security event and incident handling, security education and training, and program monitoring (e.g., security audit and assessment).
Consistently operationalizing these processes has been a challenge for many organizations. By including these processes in your QMS, the quality, effectiveness, and efficiency of processes will be enhanced and assist in securing the connected medical devices throughout their lifecycle.
Join Veronica Lim, William Greenrose, and Nick Sikorski of Deloitte & Touche as they discuss the role of Quality in securing medical devices and how your QMS can be structured to capture security requirements that align with regulations and industry leading practices.
By attending this session you will learn:
- How to integrate your Medical Device Security Program into your QMS
- What the governance structure can look like to drive accountability for the acceptance and rollout of the policies and procedures
- What the risk is of not having a consolidated document hierarchy and consistent documentation of medical device cybersecurity processes
- What the key components are to successfully implement a medical device security document hierarchy and what the key dependencies are
Order today and learn the best practices for integrating medical security processes with the organization’s QMS and the ongoing role of Quality in securing connected medical devices.