Guest user Created: Oct 28, 2018 Last commented: Oct 28, 2018

Information security standards for medical devices

We need to ensure that "Sector Specific: ISO 27001:2013 requirements for medical devices are implemented to meet FDA regulatory compliance when our clients wish to file a PMA, 510(k), De Novo, etc. Perhaps ISO 27009 or some other ISO 27001 related documentation? Just not sure at this point.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 28, 2018

Answer:

For the protection of personal health information and compliance with medical-related regulations, I suggest you to consider ISO 27001 together with ISO 27299 and ISO 13485.

ISO 27799 has the objective to provide security controls to protect personal health information, presenting guidance for this specific sector.

ISO 13485 has the objective to specify requirements for a Quality Management System where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

These articles will provide you further explanation about these standards:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
- What is ISO 13485? https://advisera.com/13485academy/what-is-iso-13485/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 28, 2018

Expert Advice Community