Skip to main content
  • Medtech

    CONTACT US

Security Evaluation Services for Medical Devices 

The relevance of cybersecurity for eHealth and connected medical devices is increasing. Organisations worldwide are establishing minimum sets of cybersecurity requirements. These include:

  • U.S. Food and Drug Administration (FDA)
  • National Telecommunications and Information Administration (NTIA)
  • Medical Device Regulation (MDR)

SGS Brightsight can help you show security compliance with readiness for these and other standards in the medical sector. Additionally, SGS Brightsight is a recognised laboratory for DTSec certifications.

DTSec

DTSec focuses on Connected Diabetes Devices: glucose meters, insulin pumps and artificial pancreases. DTSec is US-centric and developed by a team with members from the medical, government, technology provider, cybersecurity and academia sectors. The scheme uses ISO 150408 (Common Criteria for IT Security Evaluation) to specify requirements.


DTSec works: high-risk medical devices can be security certified at high assurance levels at a reasonable cost 

IEC 62304

On average, the medical sector requires a much higher degree of software quality than typical IT security. IEC 62304 provides sufficient information about software to perform high-quality vulnerability analysis. Software can be easily analysed to a high degree of precision at a reasonable cost. 


(ISO 15408 works well with IEC 62304)

Security services

Medical Standards & Recognitions

AAMI TIR 57

UL-2900​

MDCG 2019-16​

IEC TR 60601-4-5​

IEC 81001-5-1 ​

ISO/ISA/IEC 62443