SGS has amalgamated its existing cybersecurity capabilities under a single umbrella – Digital Trust Services (DTS). DTS covers the four key cybersecurity areas: 

• Products and systems
• Networks, communications & clouds
• Management systems, services & professional certifications
• Data integrity

The virtual world is increasingly becoming an important part of our daily lives. Consumer devices, including household items like smart refrigerators, vehicles and even production plants are all becoming connected. The Internet of Things (IoT), where devices, computers and cloud systems communicate seamlessly, is no longer the stuff of science fiction.

These products and systems are, however, under threat from cyber-attacks and authorities are responding to protect consumers and businesses. Recent initiatives include:

• EU Cybersecurity Act (in force since June 2019)
• European Union’s General Data Protection Regulation (GDPR)
• Cyberspace Administration of China (CAC) promotes Cybersecurity Law and several draft regulations, and related standards
• United States has several federal and state cybersecurity regulations – e.g. California has signed into law the California Consumer Privacy Act (CCPA), effective in 2020
• Charter of Trust (CoT) – global business initiative to promote a structured approach to security, covering the complete life cycle of a product

Standards are now a primary focus for the implementation of effective cybersecurity measures in products, services and systems. Product security certification helps businesses ensure their products comply with relevant standards, cybersecurity requirements and data privacy regulations. These requirements include the need to update and maintain security applications once a product is in the field.

For medical device manufacturers, authorities are now including cybersecurity requirements in their medical device regulations. For example, the EU’s new Medical Device Regulation 2017/745, effective 2020, mandates the information security requirements to be covered. The US’s AAMI TIR 57 proposes a security risk management process based on the methodology of ISO 14971 Medical Devices – Application of risk management to medical devices standard.

Furthermore, GDPR and the EU Cybersecurity Act are increasing the pressure to introduce product security certification that covers:  

·        Handling personally identifiable information (PII)

• Being confronted with safety risks induced by cybersecurity threats
• Implemented into critical infrastructure systems like hospital IT systems 

Medical products and systems will probably be among the first products to fall under the EU’s new stringent cybersecurity regulations. The US FDA has started to request evidence of cybersecurity protection during product approvals. Accordingly, guidance documents were issued: “Premarket Submissions for Management of Cybersecurity in Medical Devices” and “Postmarket Management of Cybersecurity in Medical Devices”.

SGS DTS offers a range of solutions to help manufacturers and suppliers comply with international regulations. These include:

• Cybersecurity assessment to ISO 14971 – offering risk management reviews/audits where security threats are generating safety risks requiring mitigation
• Audits connected to the new EU Medical Device Regulation
• Product security assessment and certification based on new vertical agnostic lightweight security certification schemes tailored to meet the requirements of the industry:
• For example: LINCE introduced by CCN in Spain and BSZ introduced by BSI in Germany
• FDA recognized cybersecurity testing per UL 2900 standards – accepted as evidence for product approvals
• Certification of Information Security Management Systems according to the ISO/IEC 270xx family of standards
• IT Security Certification for Industrial Automation and Control Systems according to the IEC 62443 family of standards

SGS opened a new CyberLab in Graz, Austria, on September 19, 2019, to join its existing laboratory in Madrid, Spain. Utilizing these capabilities, SGS can assist stakeholders around the world in the provision of world-class cybersecurity evaluation and certification services. SGS DTS is the one-stop-shop solution for all cybersecurity certification matters.

SGS Medical Device Services

SGS provides tailor-made services to help medical device manufacturers and suppliers deliver secure and compliant products, offering fast turnaround times, value-based pricing, technical assistance and key account management. Learn more about SGS Medical Device Services.

For more information, please contact:

Thomas Röder

Head of Marketing & Sales, Secure Products & Systems

Tel: +43 664 88210582

Email: crs.media@sgs.com

Website: www.sgs.com/ee  

LinkedIn: sgs-consumer-goods-&-retail