How Does Cybersecurity Fit in Your QMS? - Webinar CD/Transcript

Quantity Discounts
1 - 2
3 - 4
5 - 6
7 - 9
10 - 9999

How Does Cybersecurity Fit in Your QMS?: The Role of Quality in Securing Medical Devices

A Medical Device Security Program needs to be integrated into and is integral with the Quality Management System (QMS). The good news is, your QMS already includes a risk management methodology built on ISO 14971, which has similarities with the Association for the Advancement of Medical Instrumentation (AAMI) TIR57 security risk management guidance that the FDA has recently recognized.

Leaving security as an afterthought has caused many connected medical devices on the market today to have significant cybersecurity vulnerabilities that can be exploited to gain unauthorized access to data or directly impact patient safety. As a result, manufacturers have moved towards establishing security risk management processes that, at a minimum, define and document the following:

  • Identification of assets, threats, and vulnerabilities
  • Impact assessment of the threats and vulnerabilities on device functionality
  • Assessment of the likelihood of a threat and of a vulnerability being exploited
  • Determination of risk levels and suitable mitigation strategies
  • Residual risk assessment and risk acceptance criteria

Manufacturers should also formally define and document security processes around security event and incident handling, security education and training, and program monitoring (e.g., security audit and assessment).

Consistently operationalizing these processes has been a challenge for many organizations. By including these processes in your QMS, the quality, effectiveness, and efficiency of processes will be enhanced and assist in securing the connected medical devices throughout their lifecycle.

Join Veronica Lim, William Greenrose, and Nick Sikorski of Deloitte & Touche as they discuss the role of Quality in securing medical devices and how your QMS can be structured to capture security requirements that align with regulations and industry leading practices.

By attending this session you will learn:

  • How to integrate your Medical Device Security Program into your QMS
  • What the governance structure can look like to drive accountability for the acceptance and rollout of the policies and procedures
  • What the risk is of not having a consolidated document hierarchy and consistent documentation of medical device cybersecurity processes
  • What the key components are to successfully implement a medical device security document hierarchy and what the key dependencies are

Order today and learn the best practices for integrating medical security processes with the organization’s QMS and the ongoing role of Quality in securing connected medical devices.

  • QA personnel
  • Medical Device Security personnel
  • Engineering and design controls teams
  • Risk management specialists
  • Compliance officers
  • Internal Audit personnel

Meet Your Presenters

Veronica Lim, Principal, Advisory, Regulatory & Compliance, Deloitte & Touche LLP
Veronica has over 26 years of experience in Life Sciences with planning and implementing information management systems that support critical business processes. She is Deloitte’s co-lead for the Medical Internet of Thing’s practice and has led several global IT initiatives in the Medical Device, Pharmaceutical, Biotech and Healthcare industries.

William Greenrose, Managing Director, Advisory, Regulatory & Compliance, Deloitte & Touche LLP
William has over 34 years of experience in Food and Drug Administration (FDA)-regulated industry sectors including: life sciences, pharmaceuticals, medical devices, human tissue research and biotechnology. His focus is in the areas of: regulatory, clinical, quality assurance, quality control, laboratory, research and development, manufacturing, compliance and corporate operations.

Nick Sikorski, Senior Consultant, Advisory, Cyber Risk Services, Deloitte & Touche LLP
Nick is the Global Portfolio and Solutions Leader for Deloitte’s Medical Internet of Things practice responsible for securing connected medical devices and additional Life Sciences products developed by medical device manufacturers. His focus is on building and assessing corporate level medical device security organizations and conducting security risk assessments at the product level to identify and provide remediations for connected medical device security threats and vulnerabilities.