State-of-the-Art of medical devices cyber security – From Secure Product Development Framework (SPDF) to technical security measures
November 6 - 8
Speakers: Koushik Ayalasomayajula and Loan Betend

Day 1: From regulatory requirements for medical devices towards cybersecurity enforcement
What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark
How do I generate and organize technical documentation?
What is the IEC 62443 certification scheme and why should I pursue it?
New cybersecurity standard tailored for medical devices ( IS0/IEC 80001-5-1 - IEC TR 60601-4-5)
What shall I present to my notified body during a CE Mark conformity assessment process?
How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE Marked software?

Day 2: Secure Product Development Framework (SPDF) – Cybersecurity practices for developing & maintaining secure products - IS0/IEC 80001-5-1
Cybersecurity perimeters – IT, OT, product cybersecurity
Cybersecurity standards, norms and guidelines
Product cybersecurity lifecycle overview, organization
Product cybersecurity across supply chain
Product cybersecurity development phase, incl. cyber risk assessment
Product cybersecurity post-development phase & post-market surveillance

Day 3: Introduction about technical security measures and State-of-the-Art of cybersecurity technologies
Introduction to cybersecurity primitives and algorithms
Product cybersecurity technologies and architecture landscape
ISA/IEC 62443-4-2/ IEC TR 60601-4-5 as a standardized catalogue for technical component security capabilities
Product cybersecurity threat model & risk assessment – use case example


Prerequisites
• Participants shall have an understanding on medical device regulatory landscape in EU and on Quality Management System (QMS).
• Basic knowledge on IEC 62304 is desired.

The training is a partnership between CertX and Veranex. The training will be delivered online through 3 days of 4 hours each. The training is scheduled to take place from November 6th to 8th. A recording will be available for viewing to registered participants, in case they are not able to attend all the live sessions. A training certificate will be provided to participants.

Speakers:
Somashekara Koushik Ayalasomayajula is a polymer engineer and an experienced quality and regulatory affairs consultant with 11+ years of expertise in regulated industries. Besides leading the Digital Health team, he stands ready to guide organizations through the complexities of quality and regulatory affairs, ensuring excellence in the evolving landscape of medical devices globally. Koushik is an ASQ-certified Medical Device Auditor (ASQ-CMDA) and holder of RAC Devices from RAPS.

Loan Betend, a cybersecurity specialist at CertX AG, pursued his studies in Information and Communication Technology, specializing in embedded and mobile systems, at the University of Applied Science Fribourg. He then accumulated industrial experience through projects in the automotive, avionics, and industrial environments, serving as a consultant. Currently, Loan is part of the first Swiss certification body for functional safety and cybersecurity, where he contributes as an auditor and trainer for product and operational technology (OT) cybersecurity.