Update to reflect current regulatory requirements

johner-institut / it-security-guideline

Guideline IT Security

123 stars 42 forks source link

Update to reflect current regulatory requirements #28

Open ChristianRosenzweig opened 1 year ago

ChristianRosenzweig commented 1 year ago

Mandated to be harmonized under the EU-MDR: IEC 81001-5-1

Important for product related security considerations: IEC 60601-4-5

New FDA guidance: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-quality-system-considerations-and-content-premarket-submissions

DanielMarcato commented 1 year ago

The list has not been updated in quite a while. I am wondering if it is in fact even still usable at this point? @johner-institut

ChristianRosenzweig commented 1 year ago

Dear Daniel, you are absolutely right, the list needs a revision. We are currently working on it. You might have noticed that

in Europe there is an upcoming harmonized standard IEC 81001-5-1 that has to be incorporated into our list contentwise
in US there is a new Guidance for cybersecurity that needs to be included also Best regards Christian

DanielMarcato commented 1 year ago

Thank you @ChristianRosenzweig!

Do you guys have a timeline for when we can expect the update? I am currently in the process of incorporating your guideline into our processes after being trained with the @johner-institut 62304 material.

ChristianRosenzweig commented 1 year ago

@DanielMarcato: If you are working towards European medical device market I would focus on the IEC 81001-5-1 as it outlines the total product life cycle process regarding security. When you have implemented this into your quality management system (like the IEC 62304 process), the security guideline can have additional detail questions and can be used as a checklist in a final review.