Cybersecurity for Medical Devices – Crash Course

Course Identifier:  e30-010

Training Objectives:

This training is organized into 5 modules with the goal of providing participants with an extended understanding of the requirements related to medical device software. The individual modules link key regulatory and technical consideration related to developing medical device software, with a specific focus on cybersecurity requirements. The training is aimed at any software engineer, product manager, regulatory affairs specialist, or regulatory manager seeking to enhance their competence in this rapidly developing domain.


Module 1: Key requirements for marketing medical device software

  • When would my software a qualify medical device?
  • How do I classify my software under the Medical Device Regulation?
  • How is cybersecurity linked with regulatory requirements?
  • What is the scope of my responsibility toward cybersecurity?
  • Which guidance and standards can help me meet these requirements?

Module 2: IEC 62304: Medical device software life cycle processes

  • How do I develop medical device software within a quality management system?
  • How do manage vulnerabilities within the risk management process?
  • What is Software Safety Classification under IEC 62304?
  • How do I develop a verification and validation plan for my software?
  • How do I test cybersecurity requirements?

Module 3: IEC 62443-4-1: Tailoring of the SW life cycle process with cybersecurity

  • How to map the generic model of IEC 62443 to specific MD concerns
  • What are the relevant parts of IEC 62443 and how to use them?
  • How to extend IEC 62304 to cover advanced cybersecurity aspects?
  • Introduction to cybersecurity principles and methods
  • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 1
  • Proposition of Cybersecure MD Software lifecycle

Module 4: IEC 62443-4-2/3-3: Application of cybersecurity related technical requirements for MD)

  • What are the relevant parts of IEC 62443 and how to use them?
  • Introduction to cybersecurity primitives and algorithms
  • State-of-the-Art of Cybersecurity for IoT applied to Medical industry
  • Use case – Threat Analysis and Risk Assessment (TARA) – Phase 2

Module 5: Demonstrating Conformity

  • What are the key steps to ensure compliance with cybersecurity requirements for my CE Mark
  • How do I generate and organize technical documentation?
  • What is the IEC 62443 certification scheme and why should I pursue it?
  • What shall I present to my notified body during a CE Mark conformity assessment process?
  • How do I leverage my Post Market Surveillance process to further demonstrate compliance on my CE Marked software?

Training Approach & Structure:

The training is currently undergoing restructuring to align with state-of-the-art practices in cybersecurity within the medical domain.

The training will be delivered online across five sessions, each lasting approximately 3 to 4 hours, during an intensive week-long program. If you are interested in this training, please do not hesitate to contact us. We will schedule a session once there is sufficient participation.


A certificate about the training participation will be delivered to participants following all modules.



Interested by participating to this cyber security course targeting medical devices industry ? please pre-register by e-mail to