Medidee Services SA CertX AG Chemin de Rovéréaz 5 Route de l’Ancienne Papeterie 106 1012 Lausanne | Switzerland 1723 Marly | Switzerland

2020-06 Cybersecurity for MD - Training Fact Sheet.docx ISO 9001 & ISO 13485 Certified company TMP11-Training FactSheet | Rev. 3.0 | 21.02.2020

Cybersecurity for Medical Devices - Crash Course Prepare strategies and tools for regulatory compliance and achieving ‘secure by design’

Duration: 5 days | 3-4 hours per day Date: June 2020

Training objectives:

This training is organized into 5 modules with the goal of providing participants with an extended understanding of the requirements related to medical device software. The individual modules link key regulatory and technical consideration related to developing medical device software, with a specific focus on cybersecurity requirements. The training is aimed at any software engineer, product manager, regulatory affairs specialist, or regulatory manager seeking to enhance their competence in this rapidly developing domain.

Training content:

Module 1: Key requirements for marketing medical device software • When would my software a qualify medical device? • How do I classify my software under the Medical Device Regulation? • How is cybersecurity linked with regulatory requirements? • What is the scope of my responsibility toward cybersecurity? • Which guidance and standards can help me meet these requirements? Module 2: IEC 62304: Medical device software life cycle processes • How do I develop medical device software within a quality management system? • How do manage vulnerabilities within the risk management process? • What is Software Safety Classification under IEC 62304? • How do I develop a verification and validation plan for my software? • How do I test cybersecurity requirements?

Medidee Services SA CertX AG Chemin de Rovéréaz 5 Route de l’Ancienne Papeterie 106 1012 Lausanne | Switzerland 1723 Marly | Switzerland

2020-06 Cybersecurity for MD - Training Fact Sheet.docx ISO 9001 & ISO 13485 Certified company TMP11-Training FactSheet | Rev. 3.0 | 21.02.2020

Module 3: IEC 62443-4-1: Tailoring of the SW life cycle process with cybersecurity • How to map the generic model of IEC 62443 to specific MD concerns • What are the relevant parts of IEC 62443 and how to use them? • How to extend IEC 62304 to cover advanced cybersecurity aspects? • Introduction to cybersecurity principles and methods • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 1 • Proposition of Cybersecure MD Software lifecycle Module 4: IEC 62443-4-2/3-3: Application of cybersecurity related technical requirements for MD) • What are the relevant parts of IEC 62443 and how to use them? • Introduction to cybersecurity primitives and algorithms • State-of-the-Art of Cybersecurity for IoT applied to Medical industry • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 2 Module 5: Demonstrating Conformity • What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark • How do I generate and organize technical documentation? • What is the IEC 62443 certification scheme and why should I pursue it? • What shall I present to my notified body during a CE Mark conformity assessment process? • How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE

Marked software?

The training is a partnership between CertX SA and Medidee Services SA. The training will be delivered online through 5 session of approximately 3 to 4h during a week intensive training. The training is scheduled to take place during June, the effective dates will be defined based on participants feedback. A certificate about the training participation will be delivered to participants following all modules.

Price of the training is CHF 950.- per participant

Should you be interested to participate, please pre-register by e-mail to training@medidee.com

Medidee Services SA is a consulting company specialized in Quality, Regulatory and Clinical affairs in the field of medical devices and IVD. Medidee provides support services to manufacturers, public organizations and health professionals focused on the compliance to legal requirements. With its Digital Health activities, Medidee address all aspects to be implemented with medical devices software.

CertX is a certification body for functional safety and industrial cyber security. Accredited by the Swiss Accreditation Service, CertX may support medical device manufacturers to demonstrate their products and processes achieved the highest technical and governance requirements. With his focus on medical devices CertX provides effective inputs that contributes to accelerate conformity assessment process for CE Mark.