Home » Courses » Cybersecurity Training » Risk Management Framework Training » IEC 62304 Workshop

IEC 62304 Workshop

Length: 2 Days
Print Friendly, PDF & Email

IEC 62304 Workshop by Tonex

Certified AI Product Strategy & Leadership Professional (C-AI-SLP)

Designed for cross-functional medical device teams aiming to ship safer, compliant software with confidence. Participants explore the full IEC 62304 lifecycle—classification, documentation, risk control, verification, and maintenance—mapped to real organizational workflows. Special attention is given to aligning engineering practices with quality management systems and regulatory expectations to streamline audits and submissions.

Cybersecurity receives explicit treatment across hazard analysis, secure design controls, and post-market surveillance so that threats are engineered down, not bolted on. You will learn to integrate security risk management alongside safety, ensuring resilient architectures and faster incident response in connected health ecosystems.

Learning Objectives

  • Apply IEC 62304 lifecycle activities from planning through maintenance
  • Classify software safety classes and tailor process rigor appropriately
  • Build compliant development plans, design inputs, and traceability
  • Execute risk management with effective risk controls and verification
  • Integrate usability, configuration, and supplier controls into workflows
  • Strengthen software assurance with vulnerability handling and threat modeling using cybersecurity practices

Audience

  • Software Engineers and Architects
  • Quality and Regulatory Affairs Professionals
  • Product and Project Managers
  • Systems and Test Engineers
  • Clinical and Safety Engineers
  • Cybersecurity Professionals

Course Modules

Module 1 – Foundations

  • Standard scope and structure
  • Roles and responsibilities
  • Safety classes A, B, C
  • Process tailoring principles
  • Quality system alignment
  • Documentation expectations

Module 2 – Planning

  • Software development plan
  • Configuration management plan
  • Problem resolution plan
  • Verification strategy selection
  • Supplier and tool controls
  • Traceability strategy

Module 3 – Requirements

  • Gathering software requirements
  • Safety requirements derivation
  • Security requirements capture
  • Interface and data specifications
  • Risk-based prioritization
  • Baseline and change control

Module 4 – Architecture

  • Modular decomposition methods
  • Risk segregation strategies
  • Defensive design patterns
  • Interface contracts and APIs
  • Resource and performance budgets
  • Reuse and SOUP evaluation

Module 5 – Implementation

  • Coding standards and checklists
  • Static analysis and reviews
  • Unit verification practices
  • SOUP controls and evidence
  • Build and release discipline
  • Defect triage workflows

Module 6 – Verification

  • Integration verification methods
  • System verification readiness
  • Traceability to risk controls
  • Anomaly reporting quality
  • Acceptance criteria design
  • Objective evidence packaging

Module 7 – Risk Management

  • Hazard identification techniques
  • Risk estimation and ranking
  • Control selection and linkage
  • Residual risk evaluation
  • Risk-benefit documentation
  • Post-market risk updates

Module 8 – Maintenance

  • Change impact assessment
  • Regression verification scope
  • Field issue reproduction
  • Patch and hotfix strategy
  • Records and release notes
  • Retirement and decommissioning

Module 9 – Cybersecurity

  • Threat modeling in context
  • Secure architecture patterns
  • Vulnerability intake triage
  • SBOM and dependency health
  • Secure update mechanisms
  • Incident response coordination

Module 10 – SOUP and Tools

  • SOUP identification criteria
  • Tool qualification approach
  • Evidence for tool reliability
  • Open-source governance
  • Licensing and attribution
  • Monitoring and patch cadence

Module 11 – Documentation

  • Plans, specifications, reports
  • Verification protocols and logs
  • Risk files and rationales
  • Trace matrices end-to-end
  • Audit-ready organization
  • Reviewer-friendly narratives

Module 12 – Readiness

  • Gap assessment checklist
  • Tailoring justification package
  • KPIs and process metrics
  • Continuous improvement loops
  • Cross-team handshake points
  • Submission preparation tips

Ready to operationalize IEC 62304 with clean evidence, predictable delivery, and built-in security? Enroll your team today with Tonex and turn compliance into a sustained engineering advantage.

Request More Information