The date of application for EU MDR has come and gone. For many, the new MDR are being described as long and confusing. Among the changes since the MDD is a significant increase in the focus on a state-of the-art approach to cyber security. Along with the new cyber security demands come new device definitions plus risk classifications, each requiring different documentation and cyber security measures.
We know there’s a lot that needs to be done when preparing to apply for a CE mark for your device. In some cases, it may be hard to know if your device or software is class I, II, III or if it’s even an actual medical device!
Through Irdeto’s partnership with confinis, a global medical device consulting firm, we’ve created a quick online assessment tool to help you figure out if your device or software is in fact a medical device, what risk class it falls under and how extensive the corresponding cyber security requirements are under the new guidelines.
EU MDR background
With more than 500,000 types of medical devices on the EU market, a growing number of which are connected medical devices, these robust new guidelines are designed to set a new standard for cybersecurity. MDR takes into consideration state-of-the-art cybersecurity and the need to protect against growing and increasingly sophisticated cyber threats.
The new regulations apply not only to devices that are new to the EU market but also to devices that entered the market under the previous guidelines. For the former group, those that are still designing and developing their devices, there may still be an opportunity to implement security by design. As for the latter, the ones that will require recertification in the coming years, there will likely be questions as to whether the device and software are still compliant and if or where new measures need to be put into place.
A simple first step to regulatory readiness
We’re excited to combine Irdeto’s 50+ years of experience and our cyber security solutions for scale-ups and large medical device manufacturers with the expertise in regulatory affairs of confinis to create a tool that will help ensure devices are secure and ready for certification.
The cybersecurity assessment tool is comprised of three simple questionnaires about the makeup of the device, the intended use of it and potential risks and vulnerabilities:
- Medical Device Checkup: Determine whether your product and its software meet the definition of a medical device or in vitro diagnostic (IVD) in Europe according to MDR.
- Risk Classification Checkup: Find out the risk classification of your device and software so you can determine the documentation and cybersecurity needs.
- Cybersecurity Checkup: High risk? Low risk? See where your device software falls and what that means for the cybersecurity requirements.
Based on the responses for each questionnaire, you’ll find out if you’re on the right path to implement the new regulations yourself, if additional support is recommended for qualification or documentation of the device, or if cybersecurity support and solutions are needed.
Get it right the first time
In just a few minutes, you can get answers to some important questions about your product and its regulatory requirements under EU MDR.
Learn more about the Irdeto-confinis cybersecurity assessment tool and get started today so you can be sure you’re building cybersecurity into the design of your connected medical device.
If you have any questions or would like to discuss connected health cybersecurity, please get in touch with Irdeto’s Connected Health team to learn more. https://irdeto.com/connected-health/#contact-us