Listen now
Key takeaways
- IEC 62304 outlines the software development lifecycle and safety classifications for medical devices, guiding secure development practices.
- ISO 14971 focuses on patient safety risk management for medical devices.
- AAMI TIR57 adapts the ISO 14971 framework to specifically address cybersecurity risks, and AAMI TIR97 handles post-market security activities.
- A Secure Product Development Framework (SPDF) outlined by ISO/IEC 81001-5-1 integrates security throughout the Total Product Life Cycle (TPLC) of a medical device.
- A Software Bill of Materials (SBOM) is a comprehensive inventory of all software components within a medical device, now a regulatory submission requirement.
- Software of Unknown Provenance (SOUP) refers to any software component without a verifiable origin or clear documentation, presenting a potential security risk.
- The FDA defines a "cyber device" broadly as any medical device with software and a network interface, including connections like Wi-Fi, Bluetooth, NFC, and USB.
This episode puts Trevor in the hot seat. If you were put in the hot seat, could you clearly explain cybersecurity, safety, and lifecycle terms like Trevor?
In this rapid-fire episode, Christian fires questions at Trevor about essential medical device cybersecurity concepts and standards. Together, they clarify how risk management, secure development, and lifecycle thinking intersect across safety, quality, and security.
Notable quotes
“IEC 62304 talks about safety classifications and secure development life cycle practices within medical devices.”
“ISO 14971 is titled Risk management in medical devices. And it focuses mostly on how safety risk is handled within medical products.”
“AAMI TIR57 is security risk management within medical devices. It is very, very heavily based off of ISO 14971.”
“The framework for ISO 14971 can be modified for cybersecurity.”
Frequently asked questions
More episodes
Keep listening
-
Episode 70
Why MedTech Needs Specialists with Zoltan Kevei and Saby Toth of Bishop & Co
With Zoltan Kevei
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati
-
Episode 68
Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies Limited
With Michael Branagan Harris
-
Episode 67
De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
With Brent Lavin