Complete journey from regulatory context establishment, down to medical device software specificities and State-of-the-Art of medical device cybersecurity
November 4 - 8
Speakers: Koushik Ayalasomayajula and Loan Betend

Day 1: Key requirements for marketing medical device software
Is my software in scope of EU medical device regulations (MDR, IVDR)?
How do I classify my software under the EU medical device regulations (MDR, IVDR)?
How is cybersecurity linked with regulatory requirements?
Which guidance and standards can help me meet these requirements?
What are cybersecurity terminology related to medical device software?

Day 2: Cybersecurity concepts - Life cycle management for medical device software and information security
IEC 62304: Medical device software – Software life cycle processes
How do I develop medical device software within a quality management system?
What is Software Safety Classification under IEC 62304?
How do I develop a verification and validation plan for my software?
How do I manage vulnerabilities within the risk management process?
How do I test cybersecurity requirements?

IEC 27001: Information Security Management Systems
What is information security?
How is information security linked with cybersecurity?

Day 3: From regulatory requirements for medical devices towards cybersecurity enforcement
What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark
How do I generate and organize technical documentation?
What is the IEC 62443 certification scheme and why should I pursue it?
New cybersecurity standard tailored for medical devices ( IS0/IEC 80001-5-1 - IEC TR 60601-4-5)
What shall I present to my notified body during a CE Mark conformity assessment process?
How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE Marked software?

Day 4: Secure Product Development Framework (SPDF) – Cybersecurity practices for developing & maintaining secure products - IS0/IEC 80001-5-1
Cybersecurity perimeters – IT, OT, product cybersecurity
Cybersecurity standards, norms and guidelines
Product cybersecurity lifecycle overview, organization
Product cybersecurity across supply chain
Product cybersecurity development phase, incl. cyber risk assessment
Product cybersecurity post-development phase & post-market surveillance

Day 5: Introduction about technical security measures and State-of-the-Art of cybersecurity technologies
Introduction to cybersecurity primitives and algorithms
Product cybersecurity technologies and architecture landscape
ISA/IEC 62443-4-2/ IEC TR 60601-4-5 as a standardized catalogue for technical component security capabilities
Product cybersecurity threat model & risk assessment – use case example

Prerequisites
• Participants shall have an understanding on medical device regulatory landscape in EU and on Quality Management System (QMS).
• Basic knowledge on IEC 62304 is desired.

The training is a partnership between CertX and Veranex. The training will be delivered online through 5 session of 4 hours each during a week intensive training. The training is scheduled to take place from November 4th to 8th. A recording will be available for viewing to registered participants, in case they are not able to attend all the live sessions. A training certificate will be provided to participants.

Speakers:
Somashekara Koushik Ayalasomayajula is a polymer engineer and an experienced quality and regulatory affairs consultant with 11+ years of expertise in regulated industries. Besides leading the Digital Health team, he stands ready to guide organizations through the complexities of quality and regulatory affairs, ensuring excellence in the evolving landscape of medical devices globally. Koushik is an ASQ-certified Medical Device Auditor (ASQ-CMDA) and holder of RAC Devices from RAPS.

Loan Betend, a cybersecurity specialist at CertX AG, pursued his studies in Information and Communication Technology, specializing in embedded and mobile systems, at the University of Applied Science Fribourg. He then accumulated industrial experience through projects in the automotive, avionics, and industrial environments, serving as a consultant. Currently, Loan is part of the first Swiss certification body for functional safety and cybersecurity, where he contributes as an auditor and trainer for product and operational technology (OT) cybersecurity.