SBS - The best value in QMS software

Medical Device Cybersecurity Risk Management

Aymaneh

Aymaneh

Registered
#1
#1
Hello, as I'm trying to bring cybersecurity concerns into our safety risk management process, I am struggling with the right way to define 5-point Severity scale, does anyone have some ideas or some examples that i can integrate into the Cybersecurity Risk Management Process, should the severity be related specifically to the product ?
any help will be appreciated :)

Thank you
 
Free Trial of DISCUS Desktop
Elsmar Forum Sponsor
Y

yodon

Staff member
Super Moderator
#2
#2
Back in October, FDA recognized the MITRE Rubric for Applying CVSS to Medical Devices as a qualified Medical Device Development Tool (MDDT). Here's al ink to the qualification summary and here's a link to the rubric. There is a calculator available at the MITRE site. You answer a bunch of questions in the calculator and it spits out a score. We've started using it and it eems like a reasonable approach.
 
Richard Regalado

Richard Regalado

Trusted Information Resource
#3
#3
Aymaneh said:
Hello, as I'm trying to bring cybersecurity concerns into our safety risk management process, I am struggling with the right way to define 5-point Severity scale, does anyone have some ideas or some examples that i can integrate into the Cybersecurity Risk Management Process, should the severity be related specifically to the product ?
any help will be appreciated :)

Thank you
Click to expand...
Hello Aymaneh. I assume that your safety RM methodology consists of a 5-point severity scale and you want cyber security (or information security) risks correlate to the same 5-point severity scale.

Let's look at some of the criterion you can use for cybersecurity risks that MAY also apply to your safety risk management:

COST - the financial impact of the risk. This is true for both safety and cyber security
LEGAL - I assume in your country you have legislation for information security as well as health and safety
COMPLIANCE - whether compliance to contractual obligations or regulators.
REPUTATION - if you have a breach of information security your company image will be affected

Maybe you just need to "tweak" or reword your existing Severity Scale to fit information security risks.

Why don't you edit and post it here so we can discuss further?

Regards,
Richard
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Informational IMDRF draft document – Principles and Practices for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Informational Health Canada guidance document – Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Medical Device News Health Canada – Consultation: Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
L Medical device registration in Iran Other Medical Device Regulations World-Wide 0
H EU CE marking for Medical Device Class I EU Medical Device Regulations 0
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
JoCam Certified QMS for MDR - Class I medical device manufacturers EU Medical Device Regulations 4
R Compatibility studies - Medicinal Product and Medical Device Other ISO and International Standards and European Regulations 0
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
J Medical Device Regulations in Lebanon? Other Medical Device Regulations World-Wide 2
J Calibration cycle for monitoring & measuring tools used in medical device manufacturing General Measurement Device and Calibration Topics 5
S Medical Device MRI Compatibility EU Medical Device Regulations 3
A ISO 13485 for Class 1 Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 7
R Components to a finished medical device, MDR requirements Other US Medical Device Regulations 1
J Warnings/Cautions in Medical Device IFU Medical Device and FDA Regulations and Standards News 4
L Medical device HIPAA compliance in encryption Medical Information Technology, Medical Software and Health Informatics 1
M V&V phase: Justification of acceptance criteria (statistical method ) - (Medical Device) Design and Development of Products and Processes 2
E Medical Device - CE marking - Local market notifications EU Medical Device Regulations 1
S Medical Device Registration in Qatar Other Medical Device Regulations World-Wide 1
M Medical device substance based-leachables Other Medical Device Related Standards 2
P Anyone have an Idea on UAE Medical device registeration- Class B with FDA only Other Medical Device Regulations World-Wide 0
F Mobile app regulations - Class II medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
U Medical Device CE Marking - Using a disposable bearing CE Marking (Conformité Européene) / CB Scheme 3
L Medical Device Registration in Macau Other US Medical Device Regulations 1
A Medical Device Registration in the Dominican Republic Other Medical Device Regulations World-Wide 4
T B2C Medical Device Shipping across the US Other Medical Device Related Standards 0
M Medical Device Registration In Malaysia Other Medical Device Regulations World-Wide 2
N Adding unclassified product to the medical device registration US Food and Drug Administration (FDA) 1
V Sister companies selling same medical device under different names ISO 13485:2016 - Medical Device Quality Management Systems 3
K CE Marking for Class I Medical Device? CE Marking (Conformité Européene) / CB Scheme 7
L Medical device storage conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
F USB powered handheld medical device - Isolation requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
L How to determine / validate Medical Device Storage Conditions ISO 13485:2016 - Medical Device Quality Management Systems 1
P Best european location to set up for a virtual medical device manufacturer? EU Medical Device Regulations 4
Y Possibility for Medical Device registration in Israel Regulation Other Medical Device Regulations World-Wide 4
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
M Determining if an Insulin Pen Testing Machine is a Medical Device? EU Medical Device Regulations 4
M Indian Medical Device Rules - Manufacturing and Wholesale Lic. Required? Other Medical Device Regulations World-Wide 8
K Medical Device Repairs and ISO Scope ISO 13485:2016 - Medical Device Quality Management Systems 3
R Manufacturing plants relocation - Medical Device Medical Device and FDA Regulations and Standards News 7
R Medical Device - Change manufacturing plant Design and Development of Products and Processes 6
shimonv Classification of a cloud- base viewer for the output from a medical device US Food and Drug Administration (FDA) 7
A FDA guidance on non-sterile Medical Device Packaging Medical Device and FDA Regulations and Standards News 7
A Medical device Mode Of Action CE Marking (Conformité Européene) / CB Scheme 2
P Best Global Option to become an OBL/PLM/Virtual medical device brand in 2020 Other Medical Device Regulations World-Wide 2
rob73 UK Medical Device Regulations Forum - UK MDR Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 3
S Philippines CMDL (Certificate of Medical Device Listing) Elsmar Cove Forum ToS and Forum Policies 0
J 21 CFR 821 Medical Device Tracking Requirement 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2

Similar threads

Top Bottom