• Medtech


Security Evaluation Services for Medical Devices 

The relevance of cybersecurity for eHealth and connected medical devices is increasing. Organisations worldwide are establishing minimum sets of cybersecurity requirements. These include:

  • U.S. Food and Drug Administration (FDA)
  • National Telecommunications and Information Administration (NTIA)
  • Medical Device Regulation (MDR)

SGS Brightsight can help you show security compliance with readiness for these and other standards in the medical sector. Additionally, SGS Brightsight is a recognised laboratory for DTSec certifications.


DTSec focuses on Connected Diabetes Devices: glucose meters, insulin pumps and artificial pancreases. DTSec is US-centric and developed by a team with members from the medical, government, technology provider, cybersecurity and academia sectors. The scheme uses ISO 150408 (Common Criteria for IT Security Evaluation) to specify requirements.

DTSec works: high-risk medical devices can be security certified at high assurance levels at a reasonable cost 

IEC 62304

On average, the medical sector requires a much higher degree of software quality than typical IT security. IEC 62304 provides sufficient information about software to perform high-quality vulnerability analysis. Software can be easily analysed to a high degree of precision at a reasonable cost. 

(ISO 15408 works well with IEC 62304)

Security services

Medical Standards & Recognitions



MDCG 2019-16​

IEC TR 60601-4-5​

IEC 81001-5-1 ​