• Medtech


Medical Device Services

The relevance of cybersecurity for eHealth and connected medical devices is increasing. Organisations worldwide are establishing minimum sets of cybersecurity requirements. These include:

  • U.S. Food and Drug Administration (FDA)
  • National Telecommunications and Information Administration (NTIA)
  • Medical Device Regulation (MDR)

SGS Brightsight can help you show security compliance with readiness for these and other standards in the medical sector. Additionally, SGS Brightsight is an accredited laboratory for DTSec certifications.


DTSec focuses on Connected Diabetes Devices: glucose meters, insulin pumps and artificial pancreases. DTSec is US-centric and developed by a team with members from the medical, government, technology provider, cybersecurity and academia sectors. The scheme uses ISO 150408 (Common Criteria for IT Security Evaluation) to specify requirements.

DTSec works: high-risk medical devices can be security certified at high assurance levels at a reasonable cost 

IEC 62304

On average, the medical sector requires a much higher degree of software quality than typical IT security. IEC 62304 provides sufficient information about software to perform high-quality vulnerability analysis. Software can be easily analysed to a high degree of precision at a reasonable cost. 

(ISO 15408 works well with IEC 62304)

Security services

Medical accreditations & schemes

SEC 62443 logo