AAMI TIR97:2019 – Principles for Medical Device Security: Postmarket Risk Management for Device Manufacturers Training by Tonex
This course explores the principles outlined in AAMI TIR97:2019, focusing on managing cybersecurity risks for medical devices in the postmarket phase. Participants will learn practical strategies for identifying, mitigating, and responding to cybersecurity threats, ensuring compliance with regulatory expectations, and maintaining device security throughout its lifecycle.
Learning Objectives
By the end of this course, participants will be able to:
- Understand the principles and application of AAMI TIR97:2019.
- Identify and assess cybersecurity risks in the postmarket phase of medical devices.
- Implement mitigation strategies to address identified vulnerabilities.
- Develop and maintain incident response plans for medical device security events.
- Align postmarket cybersecurity practices with regulatory and industry standards.
- Establish continuous monitoring and improvement processes for device security.
- Communicate effectively with stakeholders regarding postmarket cybersecurity risks and solutions.
Audience
This course is ideal for:
- Medical Device Manufacturers: Professionals responsible for device design, manufacturing, and postmarket activities.
- Cybersecurity Specialists: Experts involved in protecting medical devices from cyber threats.
- Regulatory Affairs Professionals: Individuals managing compliance with FDA, ISO, and other regulations.
- Quality Assurance (QA) Managers: Those ensuring medical device quality and security throughout its lifecycle.
- Risk Management Teams: Professionals analyzing and mitigating cybersecurity risks for deployed devices.
- Healthcare IT and Security Professionals: Stakeholders supporting secure deployment and integration of medical devices.
Course Modules:
Day 1: Foundations of Postmarket Cybersecurity
Module 1: Introduction to AAMI TIR97:2019
- Purpose and scope of AAMI TIR97:2019
- Importance of postmarket cybersecurity in medical devices
- Key definitions and concepts in postmarket risk management
Module 2: Cybersecurity Threats in Medical Devices
- Types of cybersecurity threats targeting medical devices
- Real-world examples of postmarket vulnerabilities and attacks
- Emerging trends in cybersecurity threats
Module 3: Postmarket Risk Management Framework
- Overview of risk management principles in TIR97:2019
- Integration with ISO 14971 and FDA guidance on postmarket cybersecurity
- Tools for evaluating and managing risks after market release
Module 4: Security Risk Assessment in the Postmarket Phase
- Conducting vulnerability assessments for deployed devices
- Identifying critical cybersecurity risks and their potential impact
- Case Study: Analyzing postmarket risks for a medical device
Day 1 Workshop:
- Participants will work in groups to identify vulnerabilities in a hypothetical medical device, assess the associated risks, and propose mitigation strategies based on AAMI TIR97:2019.
Day 2: Implementing and Maintaining Postmarket Security
Module 5: Mitigation Strategies for Identified Risks
- Practical approaches to addressing postmarket vulnerabilities
- Developing and implementing patches, updates, and mitigations
- Risk communication with stakeholders, including users and regulators
Module 6: Cybersecurity Incident Response Planning
- Building an effective postmarket incident response plan
- Monitoring, detecting, and responding to cybersecurity events
- Coordination with regulatory bodies and external stakeholders
Module 7: Lifecycle Management for Device Security
- Continuous monitoring and maintenance of medical device security
- Leveraging lessons learned for future device designs
- Importance of stakeholder engagement and feedback loops
Module 8: Workshop and Certification
- Simulation: Develop a postmarket risk management plan for a medical device, including mitigation strategies, communication plans, and incident response.
- Feedback and debrief on workshop results.
Certificate of Completion for the AAMI TIR97:2019 course