IT Security for Medical Products
April 9, 2019
09:30 - 13:15
_Room Nightingale, Hall 2.2
Note: the seminar will be held in German.
At the very latest with the introduction of the new regulations for medical products, the subject of IT security introduced a statutory requirement to be complied with by all manufacturers. What sounds simple enough is proving to be difficult to implement in everyday situations: How can one tell how secure a product is against intentional and unintentional threats, either internally or externally? What sort of actions are legislators expecting from manufacturers? How can such actions be included in the development process? And what must be done by manufacturers and by operators once the process has been put into effect? And how does one deal with a situation in which one’s team does not include any IT security experts, even though they may be skilled developers? And what are the requirements of the authorities, auditors and relevant bodies? This workshop not only provides information about statutory requirements but also offers concrete assistance and replies to the above questions.
The benefits for you: Following this workshop...
- you will be able to deal with these terms confidently
- you will be informed about the regulatory requirements applying to IT security
- you will be able to carry out threat modelling yourself
- you will know what possibilities exist for testing IT security, together with the skills and tools that are needed for this
- you will understand the interaction between the processes of development, risk management and IT security
- you will be familiar with the typical vulnerabilities of interconnected medical products
- you will know what documentation you need to compile
- you will know the guidelines for IT security that were developed jointly by the Johner Institute, TÜV Süd and TÜV Nord, and will be able to apply these guidelines to your projects
- Regulatory principles
- Concepts and models
- Methods for analysing risks relating to IT security
- Threat modelling
- (Test) methods for checking IT security risks
- Incorporating actions in risk management and the development process
All participants should bring a laptop.