Cybersecurity for Medical Devices – Crash Course

Course Identifier:  e30-010

Training Objectives:

This training is organized into 5 modules with the goal of providing participants with an extended understanding of the requirements related to medical device software. The individual modules link key regulatory and technical consideration related to developing medical device software, with a specific focus on cybersecurity requirements. The training is aimed at any software engineer, product manager, regulatory affairs specialist, or regulatory manager seeking to enhance their competence in this rapidly developing domain.


Module 1: Key requirements for marketing medical device software

  • When would my software a qualify medical device?
  • How do I classify my software under the Medical Device Regulation?
  • How is cybersecurity linked with regulatory requirements?
  • What is the scope of my responsibility toward cybersecurity?
  • Which guidance and standards can help me meet these requirements?

Module 2: IEC 62304: Medical device software life cycle processes

  • How do I develop medical device software within a quality management system?
  • How do manage vulnerabilities within the risk management process?
  • What is Software Safety Classification under IEC 62304?
  • How do I develop a verification and validation plan for my software?
  • How do I test cybersecurity requirements?

Module 3: IEC 62443-4-1: Tailoring of the SW life cycle process with cybersecurity

  • How to map the generic model of IEC 62443 to specific MD concerns
  • What are the relevant parts of IEC 62443 and how to use them?
  • How to extend IEC 62304 to cover advanced cybersecurity aspects?
  • Introduction to cybersecurity principles and methods
  • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 1
  • Proposition of Cybersecure MD Software lifecycle

Module 4: IEC 62443-4-2/3-3: Application of cybersecurity related technical requirements for MD)

  • What are the relevant parts of IEC 62443 and how to use them?
  • Introduction to cybersecurity primitives and algorithms
  • State-of-the-Art of Cybersecurity for IoT applied to Medical industry
  • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 2

Module 5: Demonstrating Conformity

  • What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark
  • How do I generate and organize technical documentation?
  • What is the IEC 62443 certification scheme and why should I pursue it?
  • What shall I present to my notified body during a CE Mark conformity assessment process?
  • How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE Marked software?

Training Approach & Structure:

The training is a partnership between CertX SA and Medidee Services SA. The training will be delivered online through 5 session of approximately 3 to 4h during a week intensive training. The training is scheduled to take place during June, the effective dates will be defined based on participants feedback. A certificate about the training participation will be delivered to participants following all modules.



Interested by participating to this cyber security course targeting medical devices industry ? please pre-register by e-mail to