Best Practice Medical Device Regulation (MDR) Cybersecurity Risk Management

• Risk Managers, Risk Management Specialists, Quality Officers, Regulatory Affairs Officers
• Software Engineers, Software / Hardware Requirement Engineers, Verification and Validation specialist
• Product Designers
• Managers

This training is offered either as a 2-day course or as 4-half day training.

Day 1 (Full day or first 2 half-days)

• Introduction into Cybersecurity Risk Management
• IT security basics and definitions
• Legal requirements and guidelines for medical device security risk management
• Best practice approach
• A Notified Body's point of view
• Hands on Workshop with data flow diagrams, STRIDE, post market security risk management etc.

Day 2 (Second full day or last 2 half-days)

• Hands on Workshop with data flow diagrams, STRIDE, post market security risk management etc.

This two-day course will provide you with key knowledge, to conduct efficient Cyber Security Risk Management under the new requirements of the Medical Device Regulation (MDR) and MDCG 2019-16, IEC 81001-5-1:2021 and IEC TR 60601-4-5:2021. This course will also integrate relevant elements of future harmonized standards. Through examples and group work you will gain in-depth knowledge on relevant threat modelling techniques, risk assessment strategies, secure design principles and documentation needs.

• You learn the best practice approach for MDR Cybersecurity Risk Management.
• You get a thorough understanding of an effective Cybersecurity Risk Management process and its interaction with the classical Safety Risk Management process
• You will be able to identify all relevant assets, threats, vulnerabilities, and mitigation measures.
• You will be able to accurately quantify security risks prior and post mitigation
• You get background information on the relevant compulsory and voluntary guidelines international guidelines for medical device security management
• You get insight on the requirements of a Notified Body.
• You get information on computer tools supporting modern medical device threat modelling
• You get information on how to conduct cyber security post market assessments

Instructor-led training in a virtual classroom. This means the course is Live Online. Participants will learn through online teaching. Lectures, case studies, group exercises, discussions, problem solving, examples with explanation, assignments and/or quizzes happen in the virtual classroom training. Participants need to connect to the class from any internet accessible location. Each module is delivered live using webinar technology, creating a virtual classroom learning environment. Live sessions provide you with direct access to the trainer so you can ask questions, understand complex concepts and share ideas with peers. Webcam and microphone are REQUIRED to interact with the instructor and/or other participants.

The training program culminates in an online proctored exam in which you will need your webcam on.

The course content and structure are designed by the domain experts from TÜV SÜD. With immense experience and knowledge in the relevant standards, our team of product specialists and technical experts at TÜV SÜD, developed the course content based on current business landscape and market requirements.

Online Examination

Please bring a copy of the MDR with you to the course. A free copy can be downloaded from the EUR-Lex European Union law website.