An introduction to Medical Device Security Risk Management
11th June 2019 @ 9:00 am - 1:00 pm
This event is brought to you by Medilink West Midland’s Patron: CSA Group.
CSA Group is an internationally accredited provider of testing and certification services and a global leader in healthcare systems conformity assessment services, helping manufacturers’ access markets around the world.
Risk Management is a core process for the identification, evaluation, control, and management of risks affecting product safety. While many companies have adopted rigorous risk management activities for safety, including Failure Mode and Effect Analysis (FMEA), Hazard and Operability assessment (HAZOP), Fault Tree Analysis (FTA) and the like as a part of their product development lifecycle, the addition of IoT enabled and network connected devices requires a different risk management discipline, that is Threat Modeling.
New technologies and architectures such as networking and communication, e.g. IoT enabled devices, pose new risks to be considered including exposure of sensitive data, malware, and unauthorized access to networks and assets. Manufacturers must have the know-how to address cybersecurity threats but the thinking and processes are different than traditional risk assessment. The US, Canadian, Chinese, and international regulatory agencies have all drafted regulatory language which obliges manufacturers to address cybersecurity for these solutions. At the heart of each of these agency’s recommendations is Security Risk Management.
The presentation will provide an overview of the differences between traditional safety-based risk management and Security Risk Management, also called Threat Modeling. CSA Group will examine several standards and methodologies that have been recommended by global regulators. To conclude, CSA Group will present a set of best practices and resources that manufacturers may use to assure IoT and/or network enabled medical devices and software systems include the needed risk controls to improve resiliency against identified security risks.
This workshop will be led by Laura Élan, P.E., RAC — Senior Manager, Cybersecurity, CSA Group.