Certification Program for Medical Device Manufacturers
The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solutions providers, and industry associations from around the world.
This program offers a straightforward evaluation process with a clear definition of scope and test requirements specific to medical devices; with advantages over other programs:
- Pre-assessment of your medical device by an IEEE-recognized lab
- Testing using IEEE 2621 Test Plan and Checklists that remove ambiguity from the process
- Standardized report on testing results
- IEEE Certification Mark that helps manufacturers differentiate their products from competitors
- Certified products to be included in the IEEE Medical Device Registry
- Assistance with submission to regulatory bodies.
- Meets FDA submission criteria
IEEE 2621 Standards have been recognized by the FDA and are designed to align with national cybersecurity strategies released by the U.S. Government. The IEEE 2621 certification has been augmented by adding two Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57. They cover Software Security Lifecycle and Risk Management Assessment respectively. Together they match all functionalities of UL 2900 and meet FDA’s submission requirements. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt these standards for regulatory compliance and product differentiation. IEEE has also been actively planning to extend the standards to other types of medical devices and industries.
Helping medical device developers meet regulatory requirements across the globe.
Conformity assessment programs are the best way to demonstrate to users that connected devices conform to the IEEE 2621™ Series of standards and IEEE 2621 Test Plan. In addition, the IEEE Medical Device Cybersecurity Certification includes Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57, covering Software Security Lifecycle and Risk Management Assessment respectively and fully meet the Federal Food, Drug, and Cosmetic Act (FD&C Act) Section 524B, Ensuring Cybersecurity of Devices (section 3305).
Already applied use cases include diabetes medical devices, such as:
- BGM (Blood Glucose Monitor)
- CGM (Continuous Glucose Monitor)
- Insulin pump and Insulin Pen
- Closed loop system / AID systems
However, the IEEE 2621 Series of standards have been designed to be extensible to all medical devices.
The IEEE Medical Device Cybersecurity Certification Program aids in:
- insights and adherence based on global, consensus-based industry standards
- knowledge of FDA submission criteria
- adherence to best practices
- identifying ways to mitigate cyber attacks
All From a Reputable Brand With Proven Processes
2023 SC Awards Finalists: Best Regulatory Compliance Solution
*This contest held by SC MEDIA – Cyberisk Alliance Resource bills itself as cybersecurity’s most prestigious award program honoring outstanding innovations, organizations and leaders that are advancing the practice of information security.
Learn about the IEEE 2621 Series of Standards
Medical devices used for monitoring and managing diabetes provide life-saving benefits to patients and effective implementation options to healthcare professionals. With ever-increasing connectivity and data exchange there is an increased risk to the safety and privacy between devices. This standard will aid medical device manufacturers and users in managing cybersecurity risks.
IEEE 2621 standards conform to the requirements of ISO 15408 and it is made up of three specifications:
-
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
- Assurance Levels: Basic, Enhanced-Basic, Moderate
- Lab Accreditation, Certification Criteria, and Assurance Maintenance
- IEEE 2621.2 – security requirements and protection profile
- Security threats/risks and functional requirements that counter these threats
- Protection profile
- IEEE 2621.3 – guidance for mobile devices in diabetes control contexts
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
View recent IEEE 2621 article authored by Working Group members
Committee Members
Medical Device Cybersecurity Certification Registries
| Authorized Test Laboratory | Test Lab Locations | Standard | Test Suite | Test Report |
|---|---|---|---|---|
 |
Princeton, New Jersey | IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_1 | 505671-L2-03 dated 4 October 2024 |
 |
Selangor, Malaysia | IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_0 | 505671-L2-02 dated 23 July 2024 |
 |
Austin, Texas
Danderyd, Sweden Munich, Germany |
IEEE 2621.2 - Standards for Wireless Diabetes Device Security Assurance | IEEE 2621 Test Plan v1_0 | 505671-L2-01 dated 18 April 2023 |
Membership Fees
IEEE SA Entity Members receive a 10% discount on annual fees.
| Manufacturers, Solution Providers, End Users, Test Labs and Others | Annual Membership Fees |
|---|---|
| Corporations with more than $500 million annual revenue | $20,000 USD |
| $100 to $500 million annual revenue | $15,000 USD |
| $5 to $100 million annual revenue | $10,000 USD |
| Less than $5 million annual revenue, academic institutions, associations, nonprofits, government agencies | $5,000 USD |
Join the Committee
The certification program is being developed by the IEEE 2621 Conformity Assessment Committee (CAC), comprised of stakeholders, that will benefit users, manufacturers, clinicians, regulators, payers, and other potential beneficiaries.
Submit A Device
Fill out the enrollment form to get the certification process started.