Regulatory context around medical devices – pathway towards cyber security requirements.
November 4-6
Speakers: Koushik Ayalasomayajula and Loan Betend

Day 1: Key requirements for marketing medical device software
Is my software in scope of EU medical device regulations (MDR, IVDR)?
How do I classify my software under the EU medical device regulations (MDR, IVDR)?
How is cybersecurity linked with regulatory requirements?
Which guidance and standards can help me meet these requirements?
What are cybersecurity terminology related to medical device software?

Day 2: Cybersecurity concepts - Life cycle management for medical device software and information securityIEC 62304: Medical device software – Software life cycle processes
How do I develop medical device software within a quality management system?
What is Software Safety Classification under IEC 62304?
How do I develop a verification and validation plan for my software?
How do I manage vulnerabilities within the risk management process?
How do I test cybersecurity requirements?

IEC 27001: Information Security Management Systems
What is information security?
How is information security linked with cybersecurity?

Day 3: From regulatory requirements for medical devices towards cybersecurity enforcement
What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark
How do I generate and organize technical documentation?
What is the IEC 62443 certification scheme and why should I pursue it?
New cybersecurity standard tailored for medical devices ( IS0/IEC 80001-5-1 - IEC TR 60601-4-5)
What shall I present to my notified body during a CE Mark conformity assessment process?
How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE Marked software?

Prerequisites
• Participants shall have an understanding on medical device regulatory landscape in EU and on Quality Management System (QMS).
• Basic knowledge on IEC 62304 is desired.

The training is a partnership between CertX and Veranex. The training will be delivered online through 3 days of 4 hours each. The training is scheduled to take place from November 4th to 6th. A recording will be available for viewing to registered participants, in case they are not able to attend all the live sessions. A training certificate will be provided to participants.

Speakers:
Somashekara Koushik Ayalasomayajula is a polymer engineer and an experienced quality and regulatory affairs consultant with 11+ years of expertise in regulated industries. Besides leading the Digital Health team, he stands ready to guide organizations through the complexities of quality and regulatory affairs, ensuring excellence in the evolving landscape of medical devices globally. Koushik is an ASQ-certified Medical Device Auditor (ASQ-CMDA) and holder of RAC Devices from RAPS.

Loan Betend, a cybersecurity specialist at CertX AG, pursued his studies in Information and Communication Technology, specializing in embedded and mobile systems, at the University of Applied Science Fribourg. He then accumulated industrial experience through projects in the automotive, avionics, and industrial environments, serving as a consultant. Currently, Loan is part of the first Swiss certification body for functional safety and cybersecurity, where he contributes as an auditor and trainer for product and operational technology (OT) cybersecurity.