Cybersecurity Services for Medical Technology

Medical Devices with connected capabilities are becoming more prevalent around the globe – and due to their use in human health and associated functions, cybersecurity is highly significant to ensure safe use.

Bureau Veritas has a range of capabilities focused on helping hospitals, clinics and device manufacturers globally ensure the security of their medical devices.

Cybersecure Medical Devices

Medical devices must pass a range of extensive regulations and achieve certification to multiple standards in order to confirm their clinical performance. With a recent rise in cyber vulnerabilities being exposed in such devices, Cybersecurity has become an important element in the testing and inspection in the field.

Therefore, cybersecurity has been integrated into both standards and requirements for manufacturers of medical devices, pertaining to both the development process and the testing and validation of security features found in the device.

Bureau Veritas can support medical device manufacturers with the regulatory compliance for US and/or EU, as well as testing and certification based on the most relevant international standards.

Certification

Medical devices are among the products with the most extensive set of regulations regarding local market access. For both the EU and USA, but also many other regions and countries, local regulations need to be satisfied by the developers. While these regulations historically focused on the clinical performance of the products, recent updates to the FDA and EU MDR have introduced specific requirements linked to cybersecurity. Developers are required to compile an evidence file aimed to demonstrate compliance with these requirements. The requirements include compliance with development processes, risk assessment, but also a state of the art security controls (using standards such as ANSI UL 2900 and IEC 62443 as reference) and evidence of conducted testing.

Bureau Veritas can support manufacturers of medical devices with testing and certification of their products based on ANSI UL 2900 and IEC 62443. At the same time, support can be given for identifying compliance gaps with the FDA and EU MDR regulations, as well as consultancy in closing these gaps.

OUR CAPABILITIES
Support and Preparation	- Design Reviews - Validation and Penetration Testing - Code Reviews - Processes Reviews
Compliance and Testing	- IEC 62443 Compliance - UL 2900 Compliance
Certification/Regulatory	- UL 2900 Certification - Common Criteria Certification - EU MDR Compliance Gap Analysis - FDA Compliance Gap Analysis

Get in touchwith us

First name

Last name

Email

Phone (e.g. +1 415-555-1234)

Company

Country / Territory

How can we help you?

Would you like to receive marketing communication from Bureau Veritas?

Yes

No

INFORMATION NOTICE TO DATA SUBJECTS
Your personal data are collected by Bureau Veritas Consumer Products Services Division (“BVCPS”), through its entity Bureau Veritas Hong Kong Limited (having its registered office at 1/F, Pacific Trade Centre, 2 Kai Hing Road, Kowloon Bay, Kowloon, Hong Kong), as well as the BVCPS affiliate(s) with which you had, have or will have a business relationship or that otherwise decide(s) which of your personal data is collected and how it is used.  A list of BVCPS affiliates is available at: BVCPS Locations (https://www.cps.bureauveritas.com/sites/g/files/zypfnx236/files/media/document/BVCPS%20Locations_20210611_for%20web.pdf)
Your personal data are subject to computer processing in order to respond to your requests and to provide you with additional information about BVCPS services, events or topics that may be of interest to you on the basis of your consent to the processing of your personal data for that purpose (by checking the box below).
Your personal data are intended for use by the relevant business departments of BVCPS and/or their service providers depending on the nature of your requests, as well as by BVCPS IT department.    Your personal data will be retained until the earlier of (a) one year after the last communication, or (b) your request to delete the personal data. 
Your personal data may be transferred outside the European Union, on the basis of your explicit consent, as the data subject, to the proposed transfer. By checking the box below, you are providing your explicit consent to the proposed transfer, with your acknowledgement of the possible risks of such transfer due to the absence of an adequacy decision pursuant to Article 45 of the General Data Protection Regulation of 27 April 2016 or of appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation of 27 April 2016.
In accordance with the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation of 27 April 2016, you may have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by connecting to the site or application (https://personaldataprotection.bureauveritas.com). and unchecking the box dedicated to the collection of your consent. You also have the right to set out general and specific guidelines that define how you intend these rights to be exercised after your death. You can exercise your rights by e-mail at the following address: https://personaldataprotection.bureauveritas.com. Finally, you have a right to lodge a complaint to the Commission Nationale Informatique et Libertés (CNIL) or the relevant authorities in your country.
Fields marked with an asterisk must be filled in. Otherwise, BVCPS would not be able to respond to your requests and/or provide you with additional information.

Cybersecurity Services forMedical Technology

Cybersecure Medical Devices

Certification

Cybersecurity Services
for
Medical Technology