Cybersecurity Risk Management for Medical Devices
By the end of this course, participants will be able to:
- Efficiently conduct and document a Security Risk Assessment in accordance with MDR, MDCG 2019-16, IEC 81001-5-1:2021, and IEC TR 60601-4-5:2021
- Understand how to optimize cybersecurity measures to make medical devices safer within available resources
- Confidently develop and implement a Security Risk Management process tailored to medical device requirements
This two-day course equips participants with essential knowledge and practical tools to effectively conduct Cybersecurity Risk Management in compliance with:
- The EU Medical Device Regulation (MDR)
- MDCG 2019-16
- IEC 81001-5-1:2021
- IEC TR 60601-4-5:2021
The course also integrates relevant elements from emerging and future harmonized standards.
Through a combination of real-world examples and interactive group work, participants will gain in-depth understanding of:
- Threat modeling techniques
- Cyber risk assessment strategies
- Secure design principles
- Regulatory and documentation requirements
Day 1
- Introduction to Cybersecurity Risk Management
- IT security basics and definitions
- Legal requirements and guidelines for medical devices security risk management
- Best practice approach
- A Notified Body’s point of view
Day 2
- Security Management
- Security by design
- Threat Modelling with respect to Medical Devices
- Update Management
- Hands-on workshop
- Data flow diagrams
- STRIDE
- Post-Market security risk management
- Quality Assurance, Regulatory Affairs
- Risk Managers, Risk Management Specialists,
- Software Engineers
- Software/Hardware Engineers
- Verification and Validation Specialists
- Product Designers
- Engineers and Service Providers to manufacturers
Participants are strongly recommended to have prior knowledge of:
- Medical device development or regulation, and
- Quality Management Systems (QMS), such as ISO 13485
This foundational understanding will help participants fully benefit from the course content and group exercises.
- Best-practice approaches to Cybersecurity Risk Management under the Medical Device Regulation (MDR)
- A clear understanding of how Cybersecurity Risk Management integrates with traditional Safety Risk Management processes
- How to identify relevant assets, threats, vulnerabilities, and define appropriate mitigation measures
- Techniques to quantify security risks both before and after mitigation
- Insights into modern software tools that support threat modeling for medical devices
- Guidance on how to conduct Cybersecurity Post-Market Assessments, including surveillance and updates
- Upon successful completion of the full training, learners are eligible to take an online examination
- The exam consists of multiple-choice questions
- Total Marks: 50
- Passing Score: 70%
Participants who pass the examination will receive a Certificate of Completion, demonstrating their competence in Cybersecurity Risk Management for Medical Devices under MDR and related standards.
1. When can I get the certificate?
Certification for the Cybersecurity Risk Management Training for Medical Devices will be issued within 14 working days from the date of training completion.
2. When can I get the training material and invite?
One day before the commencement of the training program.
3. How do I pay the fees for training and examination?
Online mode
4. What are the benefits of the Cybersecurity Risk Management Training for Medical Devices?
Network Opportunities: Interact with industry peers to share insights and best practices.
Comprehensive Coverage: Obtain a holistic view of Cybersecurity risk management and threat modelling with respect to Medical Devices
Practical Knowledge: Receive actionable guidance directly applicable to real-world medical device manufacturing scenarios.
Career Development: Enhance professional credentials and marketability in the medical device industry.
5. Is there any refund policy for the paid fees?
Please refer to Cancellation and Refund policy page.