Best Practice Medical Device Regulation (MDR) Cybersecurity Risk Management

Online, Instructor-Led Course

Online, Instructor-Led Course

Course Description

This 2-day course will provide you with key knowledge, to conduct efficient Cybersecurity Risk Management according to Medical Device Regulation (MDR), MDCG 2019-16, IEC 81001-5-1:2021 and IEC TR 60601-4-5:2021. Through examples and group work, you will gain in-depth knowledge on relevant threat modelling techniques, risk assessment strategies, secure design principles and documentation needs.

Course Benefits

  • You learn the best practice approach for MDR Cybersecurity Risk Management.
  • You get a thorough understanding of an effective Cybersecurity Risk Management process and its interaction with the classical Safety Risk Management process.
  • You will be able to identify all relevant assets, threats, vulnerabilities, and mitigation measures.
  • You will be able to accurately quantify security risks prior and post mitigation.
  • You get background information on the relevant compulsory and voluntary guidelines international guidelines for medical device security management.
  • You get insight on the requirements of a Notified Body.
  • You get information on computer tools supporting modern medical device threat modeling.
  • You get information on how to conduct cyber security post market assessments.

This Course is Designed For:

  • Risk Managers, Risk Management Specialists, Quality Officers, Regulatory Affairs Officers
  • Software Engineers, Software/Hardware Requirement Engineers, Verification and Validation Specialists
  • Product Designers
  • Managers

Max. course size: 20

Learning Objectives

  • To efficiently conduct & document a Security Risk Assessment per MDR, MDCG 2019-16, IEC 81001-5-1:2021 and IEC TR 60601-4-5:2021
  • To make devices more secure with the given resources
  • To design a Security Risk Management process

Course Agenda

Day 1

  • Introduction into Cybersecurity Risk Management
  • IT security basics and definitions
  • Legal requirements and guidelines for medical device security risk management
  • Best practice approach
  • A Notified Body's point of view

Day 2

  • Hands on Workshop with data flow diagrams, STRIDE, post market security risk management etc.

Course Materials

Learners must obtain a copy of the ISO standards to be referenced during the course. The standards may be purchased through the American National Standards Institute (ANSI) ( and/or American Society for Quality (ASQ) (


Next Steps

Site Selector