Home » Courses » Cybersecurity Training » Risk Management Framework Training » MDCG 2019-16: Cybersecurity Guidance Fundamentals

MDCG 2019-16: Cybersecurity Guidance Fundamentals

Length: 2 Days
Print Friendly, PDF & Email

MDCG 2019-16: Cybersecurity Guidance Fundamentals Training by Tonex

Certified Medical Device Cyber Risk Manager (CMCRM)

Regulators expect medical device cybersecurity to be built in, documented, and maintained throughout the lifecycle. This course translates MDCG 2019-16 into practical steps aligned with MDR requirements and Notified Body expectations. Participants learn how to embed security-by-design, perform risk management, and prepare audit-ready technical documentation. Strong cybersecurity controls reduce patient safety risks, protect clinical data integrity, and sustain device availability in hospitals and remote settings. The program highlights threat modeling, SBOM, secure updates, and coordinated vulnerability disclosure so manufacturers can meet GSPR obligations without slowing innovation.

Learning Objectives

  • Interpret MDCG 2019-16 and its alignment with MDR Annex I GSPR
  • Apply security-by-design to software and hardware architectures
  • Perform cybersecurity risk analysis consistent with ISO 14971 practices
  • Produce audit-ready technical documentation and measurable security claims
  • Plan post-market monitoring, vulnerability handling, and patch delivery
  • Communicate cybersecurity evidence to Notified Bodies with confidence
  • Strengthen device safety, data integrity, and availability through cybersecurity

Audience

  • Medical device engineers
  • Quality and regulatory affairs specialists
  • Product and R&D managers
  • Clinical IT and hospital integration leads
  • Cybersecurity Professionals
  • Compliance and audit readiness teams

Module 1 – Guidance Overview

  • Scope and intent of MDCG 2019-16
  • Links to MDR Annex I GSPR requirements
  • Key definitions and terminology alignment
  • Security-by-design and lifecycle concepts
  • Relationship to IEC 62304 and 81001-5-1
  • Roles of manufacturer, operator, suppliers

Module 2 – Risk Management

  • Threat modeling methods and data flows
  • Asset inventory and security objectives
  • Hazardous situations from cyber threats
  • Likelihood, severity, and risk controls
  • Residual risk acceptability and rationale
  • Verification of control effectiveness

Module 3 – Secure Architecture

  • Partitioning, least privilege, and hardening
  • Authentication, authorization, and logging
  • Cryptography choices and key management
  • Secure update and rollback mechanisms
  • Network interfaces and secure protocols
  • Safety–security co-engineering decisions

Module 4 – Technical Documentation

  • Security plan and lifecycle traceability
  • SBOM creation, maintenance, and baselining
  • Evidence for claims and security requirements
  • Verification and validation test records
  • Usability and security risk interactions
  • Field configuration and servicing controls

Module 5 – Lifecycle and Updates

  • Secure development and coding practices
  • Dependency management and vulnerability intake
  • Patch triage, timelines, and advisories
  • Post-market surveillance and trending
  • Coordinated vulnerability disclosure flows
  • CAPA linkage and continuous improvement

Module 6 – Audit Readiness

  • Notified Body focus areas and questions
  • Mapping evidence to MDR and MDCG items
  • Objective metrics, KPIs, and dashboards
  • Supplier controls and contractual assurances
  • Installation, deployment, and operator guidance
  • Preparing teams for onsite assessments

Ready to operationalize MDCG 2019-16 and pass audits with clarity and confidence? Enroll your team today and build secure, MDR-conformant devices that protect patients and your brand.

Request More Information