Certification Program for Medical Device Manufacturers
The IEEE Medical Device Cybersecurity Certification Program has been developed by the IEEE 2621 Conformity Assessment Committee (CAC), composed of stakeholders such as manufacturers, clinicians, FDA, test laboratories, cybersecurity solutions providers, and industry associations from around the world.
This program offers a straightforward evaluation process with a clear definition of scope and test requirements specific to medical devices; with advantages over other programs:
- Pre-assessment of your medical device by an IEEE approved lab
- Testing using IEEE 2621 Test Plan and Checklists that remove ambiguity from the process
- Standardized report on testing results
- IEEE Certification Mark that helps manufacturers differentiate their products from competitors
- Certified products to be included in the IEEE Medical Device Registry
- Assistance with submission to regulatory bodies.
- Meets FDA submission criteria
IEEE 2621 Standards have been recognized by the FDA and are expected to align with the new National Cybersecurity Strategy released by the Biden-Harris administration. The IEEE 2621 certification has been augmented by adding two Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57. They cover Software Security Lifecycle and Risk Management Assessment respectively. Together they match all functionalities of UL 2900 and meet FDA’s submission requirements. As awareness of the need for diabetes device cybersecurity grows, the medical device industry will likely increasingly adopt these standards for regulatory compliance and product differentiation. IEEE has also been actively planning to extend the standards to other types of medical devices and industries.
Helping medical device developers meet regulatory requirements across the globe.
Conformity assessment programs are the best way to demonstrate to users that connected devices conform to the IEEE 2621™ Series of standards and IEEE 2621 Test Plan. In addition, the IEEE Medical Device Cybersecurity Certification includes Inspection Checklists based on IEC 80001-5-1 and IEC/AAMI TIR57, covering Software Security Lifecycle and Risk Management Assessment respectively and fully meet the Federal Food, Drug, and Cosmetic Act (FD&C Act) Section 524B, Ensuring Cybersecurity of Devices (section 3305).
Already applied use cases include diabetes medical devices, such as:
- BGM (Blood Glucose Monitor)
- CGM (Continuous Glucose Monitor)
- Insulin pump and Insulin Pen
- Closed loop system / AID systems
However, the IEEE 2621 Series of standards have been designed to be extensible to all medical devices.
The IEEE Medical Device Cybersecurity Certification Program aids in:
- insights and adherence based on global, consensus-based industry standards
- knowledge of FDA submission criteria
- adherence to best practices
- identifying ways to mitigate cyber attacks
All From a Reputable Brand With Proven Processes

2023 SC Awards Finalists: Best Regulatory Compliance Solution
*This contest held by SC MEDIA – Cyberisk Alliance Resource bills itself as cybersecurity’s most prestigious award program honoring outstanding innovations, organizations and leaders that are advancing the practice of information security.
Learn about the IEEE 2621 Series of Standards
Medical devices used for monitoring and managing diabetes provide life-saving benefits to patients and effective implementation options to healthcare professionals. With ever-increasing connectivity and data exchange there is an increased risk to the safety and privacy between devices. This standard will aid medical device manufacturers and users in managing cybersecurity risks.
IEEE 2621 standards conform to the requirements of ISO 15408 and it is made up of three specifications:
-
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
- Assurance Levels: Basic, Enhanced-Basic, Moderate
- Lab Accreditation, Certification Criteria, and Assurance Maintenance
- IEEE 2621.2 – security requirements and protection profile
- Security threats/risks and functional requirements that counter these threats
- Protection profile
- IEEE 2621.3 – guidance for mobile devices in diabetes control contexts
- IEEE 2621.1 – framework for a connected electronic product security evaluation program
View recent IEEE 2621 article authored by Working Group members
Join the Committee
The certification program is being developed by the IEEE 2621 Conformity Assessment Committee (CAC), comprised of stakeholders, that will benefit users, manufacturers, clinicians, regulators, payers, and other potential beneficiaries.
Submit A Device
Fill out the enrollment form to get the certification process started.