Cybersecurity for Life Science / Lab Device

Hi everyone -

Does anyone know of cybersecurity standards or relevant guidances that would be applicable for a laboratory device in the EU?

How about the MDCG Guidance?

You could also look at IEC 62443, IEC 80001 and IEC 60601-4-5 (which is only available as a draft). We also applied FDA Cybersecurity guidance and UK DCB0129 guidance. Even though there not harmonised, you can still treat them as state-of-the-art.

Thank you for the replies.
Looking for the equivalent of UL-2900. The device is non-medical - would it be IEC 27001??
Isn't the FDA guidance for medical device? Is there one for non-medical devices?

​

The reason regulatory bodies get behind standards is to enable a common approach with common understanding. There's nothing magical about cybersecurity for medical devices. 27001 is more of a general quality system standard for IT. Certainly good practices but not specific to cybersecurity.

You might want to check out the NIST site.

Without knowing how this device is used or its connectivity, a risk based analysis might solve your problems. We used PCs in production. To solve cybersecurity we removed the network and wireless ports, USB Drives, serial connectors and CD Or blue ray players and other floppy drives. It was essentially a one dog pony with no access to external factors other than a keyboard. If we needed to update it, IT would remove it and engineering would install new software.

If your device requires a connection though this approach wont work.