TIP: Cybersecurity and Risk Control

Here are some thoughts from a recent conversation between Sherman Eagles, Brian Pate, and Alan Kusinitz of SoftwareCPR®:

Cybersecurity vulnerabilities can have unpredictable effects on safety.  Unpredictable effects … to those who have worked to reduce risks of software failures in medical device software, that phrase may be familiar.  That concept is explained in relation to common cause/indirect software failures (as in AAMI TIR-32 and IEC/TR 80002-1). Therefore, it is usually advantageous to identify vulnerabilities (not threats; those are harder for a manufacturer to identify) and apply controls rather than focus on probability estimation. Treat cybersecurity vulnerabilities like common cause software failures while thinking about realistic scenarios and simple mitigation, the evaluating of the mitigations seems sufficient – given the overall risk of the device based on its intended use, and the role of the potentially affected software in the device is generally a useful approach.

CSV Training Course

Learn FDA expectations for software validation for computer systems, quality system software, manufacturing and production process software, and engineering tools. Email training@softwarecpr.com for more info.

Corporate Office

Partners located in the US (CA, FL, MA, MN, TN) and Italy.