SBS - The Best Value in QMS software

Medical Device Cybersecurity Risk Management

#1
Hello, as I'm trying to bring cybersecurity concerns into our safety risk management process, I am struggling with the right way to define 5-point Severity scale, does anyone have some ideas or some examples that i can integrate into the Cybersecurity Risk Management Process, should the severity be related specifically to the product ?
any help will be appreciated :)

Thank you
 
Elsmar Forum Sponsor

yodon

Staff member
Super Moderator
#2
Back in October, FDA recognized the MITRE Rubric for Applying CVSS to Medical Devices as a qualified Medical Device Development Tool (MDDT). Here's al ink to the qualification summary and here's a link to the rubric. There is a calculator available at the MITRE site. You answer a bunch of questions in the calculator and it spits out a score. We've started using it and it eems like a reasonable approach.
 

Richard Regalado

Trusted Information Resource
#3
Hello, as I'm trying to bring cybersecurity concerns into our safety risk management process, I am struggling with the right way to define 5-point Severity scale, does anyone have some ideas or some examples that i can integrate into the Cybersecurity Risk Management Process, should the severity be related specifically to the product ?
any help will be appreciated :)

Thank you
Hello Aymaneh. I assume that your safety RM methodology consists of a 5-point severity scale and you want cyber security (or information security) risks correlate to the same 5-point severity scale.

Let's look at some of the criterion you can use for cybersecurity risks that MAY also apply to your safety risk management:

COST - the financial impact of the risk. This is true for both safety and cyber security
LEGAL - I assume in your country you have legislation for information security as well as health and safety
COMPLIANCE - whether compliance to contractual obligations or regulators.
REPUTATION - if you have a breach of information security your company image will be affected

Maybe you just need to "tweak" or reword your existing Severity Scale to fit information security risks.

Why don't you edit and post it here so we can discuss further?

Regards,
Richard
 
Thread starter Similar threads Forum Replies Date
M Informational IMDRF draft document – Principles and Practices for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Informational Health Canada guidance document – Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Medical Device News Health Canada – Consultation: Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
A IT-NETWORK in PEMS Sub-Clause 14.13 for Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
G Medical Device - Borderline/Definition EU Medical Device Regulations 0
S Medical device equipment calibration Qualification and Validation (including 21 CFR Part 11) 1
P European Medical Device Nomenclature (EMDN) and CND EU Medical Device Regulations 3
S Reseller Request to Change UPC on Medical Device via Re-labeling Medical Device and FDA Regulations and Standards News 1
D Hand Held medical device - power supply requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
E Medical device applicability to WEEE Other ISO and International Standards and European Regulations 2
Fjalar Spare parts for discontinued MDD compliant class I medical device EU Medical Device Regulations 4
H Medical Device Label Acceptance Criteria Manufacturing and Related Processes 4
J Calling a medical device a medical device (when it might not be one..) UK Medical Device Regulations 29
B Regulatory Affairs Certification (RAC) Book - Fundamentals of Medical Device Regulations Medical Device and FDA Regulations and Standards News 0
N Medical device name in different countries EU Medical Device Regulations 4
V Medical Device Literature Translation Software ISO 13485:2016 - Medical Device Quality Management Systems 1
Z Over The Air (OTA) updates for medical device Other US Medical Device Regulations 1
H Tukery Medical Device Regulstion Other Medical Device Regulations World-Wide 0
M Medical device certificate in Australia - ARTG certificate Other Medical Device Regulations World-Wide 0
Q Software as a medical device vs software not sold as medical device: local regulations for sale? EU Medical Device Regulations 4
H Medical device Product Registration Registrars and Notified Bodies 2
A Can a power Supply be an accessory to a medical device, if it is an 'off-the-shelf' product. IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
A Medical device labelling Date of manufacture US Food and Drug Administration (FDA) 2
W Non Sterile Medical Device Environmental Tests Other Medical Device Related Standards 4
A Clinical assessment sample size - Medical device Class IIb implantable (93/42 directive) EU Medical Device Regulations 2
K 25-year lifetime of medical device - document storage period EU Medical Device Regulations 1
K Relabeling an existing medical device in the field? Other US Medical Device Regulations 6
J Should a Class 1 medical device with an option to measure body weight be considered Class 1m? EU Medical Device Regulations 0
A Reliable sources for following EU medical device regulatory EU Medical Device Regulations 0
T IVDR Medical device software CE Marking (Conformité Européene) / CB Scheme 8
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
J Requirements as a Distributor for Incoming Inspection of Purchased Finished Medical Device Medical Device Related Regulations 0
S Microwave medical waste disinfectant - A medical device or not? Other ISO and International Standards and European Regulations 3
S Registration of Medical Device in Hong Kong - labeling requirements Other Medical Device Regulations World-Wide 1
V Software as medical device (SaMD) replicated for multiple clients through APIs IEC 62304 - Medical Device Software Life Cycle Processes 5
M Is the output of a device a Medical Device? IEC 62304 - Medical Device Software Life Cycle Processes 5
P Do we need to retrospectively use the "MD" symbol (indicating device is a medical device) on labels, e.g. finished devices within expiration date? EU Medical Device Regulations 2
L Medical device registration in Iran Other Medical Device Regulations World-Wide 0
H EU CE marking for Medical Device Class I EU Medical Device Regulations 2
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
JoCam Certified QMS for MDR - Class I medical device manufacturers EU Medical Device Regulations 4
R Compatibility studies - Medicinal Product and Medical Device Other ISO and International Standards and European Regulations 0
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
J Medical Device Regulations in Lebanon? Other Medical Device Regulations World-Wide 2
J Calibration cycle for monitoring & measuring tools used in medical device manufacturing General Measurement Device and Calibration Topics 5
S Medical Device MRI Compatibility EU Medical Device Regulations 3
A ISO 13485 for Class 1 Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 7
R Components to a finished medical device, MDR requirements Other US Medical Device Regulations 1
J Warnings/Cautions in Medical Device IFU Medical Device and FDA Regulations and Standards News 4

Similar threads

Top Bottom