Developing Cyber Security Processes of Medical Devices for a Major Health Provider

Major Health Providor

Developing Cyber Security Processes of Medical Devices for a Major Health Provider

Establishing the basis for meeting cyber security requirements in the area of device approval

The Challenge

Functional safety is standard in the development of medical products. While the concern of cyber security is new, it must also be developed to this standard. One of the world’s leading providers of products and services for people with kidney disease approached us to help with this very issue. In order to be able to develop products that are eligible for approval in the future, we needed to design and build a cyber security development process that could be successfully implemented in the organization. 

Conventional IT tools and organizational forms are no longer sufficient to meet all requirements.

Andrea Kreim, Head Pharma-MedTech, Eraneos Switzerland

The approach

Our first call of action was to create a conceptual design of a standard-compliant process. Next, we supported the technical implementation of the ‘cyber security management process’ followed by conducting initial risk assessments and recording risk mitigation measures. As a result, we created specific security requirements. Finally, we coordinated the process introduction and rework of the process based on developer feedback. 

One of the world’s leading providers of products and services for people with kidney disease.

The result

As a result of our help on this project, the health company created a process to secure the development of functional safety-critical products, which was then rolled out across the entire organization. We also developed and introduced a tool to support this process alongside a security control library filled with appropriate measures. 

Let’s create sustainable change together.