As provider of development services, we develop complete medical devices, electronic components, firmware, and mechanical construction. The development takes place in the customer process or in our own ISO 13485 certified process. The field of medical products starts with portable devices and ends with complex systems such as medical robots and implants. These also meet the highest requirements such as risk class III (MDR), software safety class C (IEC 62304), and cybersecurity SL 3 (IEC 62443). Mastering the complexity of demanding development projects and ensuring safety through cybersecurity are probably the most important competencies of the business unit.
In addition, we advise our customers on risk management, standard-compliant documentation and usability. We excel in the timely provision of premium hardware and software as well as documentation suitable for successful approval in Europe and the USA. On request we transfer our know-how and the norm-compliant processes to our customers.
For medical technology, the German equavalent to the FDA, BfArM, has clarified: „Manufacturers and operators must increasingly focus on the IT security of networked medical devices: Cybersecurity is an essential prerequisite for medical device safety and patient protection”.
As a leading development service provider in product security and functional safety, embeX combines know-how from both areas to safeguard safety through security. The normative security extensions of the known safety-oriented standards are implemented.
On the one hand, synergies arise in the development of safe and securen products, as both areas place high demands on the diligence of development and predictable behaviour. On the other hand, it is necessary to weigh up the balance between a large number of opposing objectives of the safety concepts on a project-specific basis, which is shown in a table.
ISO 14971 and AAMI TIR 57 describe that the risk analyses of safety and security are fundamentally coupled. The challenge in development is therefore to select the risk-minimising measures of both areas in such a way that they do not interfere with each other.
Secure software must be developed through secure coding and this property must be proven in pen tests.
After development, the support of the products over the product life cycle is supported by the Product Security Incidence Response Teams (PSIRT) in accordance with IEC 81001-5-1. The EU is currently planning the harmonisation of IEC 81001-5-1 with a target date of 24 May 2024, as reported by the Johner Institute.
As trainers, we offer training courses on selected topics in medical technology via the “TÜV Süd Academie”, e.g. “IT Security of Medical Devices”.
For our customers, we have developed both diagnostic and therapeutic medical products for the most diverse areas of medical technology. You will find our expertise in anything involving electronic technology: In the OR, on intensive care units, in hospitals, and in the homecare sector. In infusion and medication pumps, gateways, medical robots, operating tables, surgical lamps, endoscopy systems. In small, mobile devices or large equipment.
We are certified to EN ISO 13485 and work to the following standards and directives among others