Regulatory compliance and cyber security risk management in digitalized In Vitro Diagnostic systems

Abstract

The digitalization, networking and software based solutions have changed the development of in vitro diagnostic devices. Devices may be susceptible to cyber security challenges that affect on patient safety, data integrity or device functionality. These have raised the need to understand how technological development, regulatory requirements and safe development can be adapted throughout the device’s life cycle. This thesis examines how cyber security risks can be identified and managed in in vitro diagnostic devices. The thesis progresses from a theoretical overview to limited case study. First the regulatory requirements and standards are analyzed and then executed an case study about the device’s documentation and organizational actions. The case study contains the organization’s cyber security practices, product and user requirements and demonstartes how they meet regulatory requirements. The results show that many essential parts of security and quality management have been incorporated into the organization’s operations, but there is still room for development, especially in the accuracy of documentation and the traceability of requirements. The results present that standard based risk management and clearly defined safety requirements can strengthen the reliability and regulatory compliance of the in vitro diagnostic device. The thesis also provides concrete improvements for organizations documentation and actions.