IEEE Medical Device Cybersecurity Certification Program

With connected devices, telehealth, and remote patient monitoring becoming more widely used, there is an increasing risk of cybersecurity threats. Managing these vulnerabilities can be challenging. It is crucial for device manufacturers, clinicians, hospitals, and testing organizations to work collaboratively to create a safe and interoperable health care environment. The development of standards and adherence to an industry adopted conformity assessment program can help reduce these risks and demonstrate the product’s adheres to guidelines.

Certification Program for Medical Device Manufacturers

The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solutions providers, and industry associations from around the world.

This program offers a straightforward evaluation process with a clear definition of scope and test requirements specific to medical devices; with advantages over other programs:

  • Pre-assessment of your medical device by an IEEE approved lab
  • Testing using IEEE 2621 Test Plan and Checklists that remove ambiguity from the process
  • Standardized report on testing results
  • IEEE Certification Mark that helps manufacturers differentiate their products from competitors
  • Certified products to be included in the IEEE Medical Device Registry
  • Assistance with submission to regulatory bodies.
  • Meets FDA submission criteria

IEEE 2621 Standards have been recognized by the FDA and are expected to align with the new National Cybersecurity Strategy released by the Biden-Harris administration. The IEEE 2621 certification has been augmented by adding two Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57. They cover Software Security Lifecycle and Risk Management Assessment respectively. Together they match all functionalities of UL 2900 and meet FDA’s submission requirements. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt these standards for regulatory compliance and product differentiation. IEEE has also been actively planning to extend the standards to other types of medical devices and industries.

Helping medical device developers meet regulatory requirements across the globe.

Conformity assessment programs are the best way to demonstrate to users that connected devices conform to the IEEE 2621™ Series of standards and IEEE 2621 Test Plan. In addition, the IEEE Medical Device Cybersecurity Certification includes Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57, covering Software Security Lifecycle and Risk Management Assessment respectively and fully meet the Federal Food, Drug, and Cosmetic Act (FD&C Act) Section 524B, Ensuring Cybersecurity of Devices (section 3305).

Already applied use cases include diabetes medical devices, such as:

  • BGM (Blood Glucose Monitor)
  • CGM (Continuous Glucose Monitor)
  • Insulin pump and Insulin Pen
  • Closed loop system / AID systems

However, the IEEE 2621 Series of standards have been designed to be extensible to all medical devices.

The IEEE Medical Device Cybersecurity Certification Program aids in:

  • insights and adherence based on global, consensus-based industry standards
  • knowledge of FDA submission criteria
  • adherence to best practices
  • identifying ways to mitigate cyber attacks

All From a Reputable Brand With Proven Processes

IEEE 2621: Cybersecurity Standard for Diabetes Devices
Voted in to the top 5 Regulatory Compliance Solution category
2023 SC Awards Finalists: Best Regulatory Compliance Solution
*This contest held by SC MEDIA – Cyberisk Alliance Resource bills itself as cybersecurity’s most prestigious award program honoring outstanding innovations, organizations and leaders that are advancing the practice of information security.

Learn about the IEEE 2621 Series of Standards

Medical devices used for monitoring and managing diabetes provide life-saving benefits to patients and effective implementation options to healthcare professionals. With ever-increasing connectivity and data exchange there is an increased risk to the safety and privacy between devices. This standard will aid medical device manufacturers and users in managing cybersecurity risks.

IEEE 2621 standards conform to the requirements of ISO 15408 and it is made up of three specifications:

    1. IEEE 2621.1 – framework for a connected electronic product security evaluation program
      • Assurance Levels: Basic, Enhanced-Basic, Moderate
      • Lab Accreditation, Certification Criteria, and Assurance Maintenance
    2. IEEE 2621.2 – security requirements and protection profile
      • Security threats/risks and functional requirements that counter these threats
      • Protection profile
    3. IEEE 2621.3 – guidance for mobile devices in diabetes control contexts

View recent IEEE 2621 article authored by Working Group members

Take the Next Step

Submit the form below to get involved.

Participants

Abbott Logo
BD Logo
Diabetes Technology Society Logo
Eoflow Logo
FDA Logo
Google Logo
Intertek EWA Canada Logo
Lifescan Logo
MedCrypt Logo
Sansum Diabetes Research Institute Logo
ThirdWayv Logo. Connected. Protected.
Process at a Glance
ICAP Medical Device Cybersecurity Certification Program. Preparing Your Medical Device for Regulatory Submission graphic.

Join the Committee

The certification program is being developed by the IEEE 2621 Conformity Assessment Committee (CAC), comprised of stakeholders, that will benefit users, manufacturers, clinicians, regulators, payers, and other potential beneficiaries.

Join the Committee Now

Submit A Device

Fill out the enrollment form to get the certification process started.

Enroll Now
Subscribe

Sign up for our monthly newsletter to learn about new developments, including resources, insights and more.