Home » Courses » Cybersecurity Training » Risk Management Framework Training » MDCG IT Security Workshop

MDCG IT Security Workshop

Length: 2 Days
Print Friendly, PDF & Email

MDCG IT Security Workshop by Tonex

Certified Medical Device Cybersecurity Analyst (CMCA) Certification Program by Tonex

Healthcare systems are increasingly digital, connected, and regulated—yet security expectations continue to rise faster than most programs can mature. This workshop aligns teams to the Medical Device Coordination Group (MDCG) guidance and related EU MDR expectations while translating them into clear, testable engineering and governance practices. You will learn how to integrate security into clinical safety cases, supplier oversight, and product lifecycle controls. Impact on cybersecurity is direct and measurable: stronger threat modeling, resilient architectures, and auditable evidence across development and post-market. Cybersecurity readiness also reduces regulatory friction, shortens approval cycles, and limits costly recalls through defensible risk reduction.

Learning Objectives

  • Interpret MDCG guidance within EU MDR compliance workflows
  • Build a defensible security risk management file and traceability
  • Operationalize secure SDLC for embedded, mobile, cloud, and hospital IT
  • Establish SBOM, VEX, and coordinated vulnerability disclosure practices
  • Align post-market surveillance with vulnerability handling and patching
  • Strengthen data protection and clinical safety cases
  • Apply measurable controls that raise cybersecurity posture across the lifecycle

Audience

  • Product Managers and Owners
  • Systems and Software Engineers
  • Quality and Regulatory Affairs Professionals
  • Risk and Compliance Officers
  • Clinical IT and Biomedical Engineers
  • Cybersecurity Professionals

Course Modules

Module 1 – MDCG essentials

  • Scope and intent of MDCG security expectations
  • EU MDR links to security and safety risk
  • Harmonized standards and technical reports
  • Mapping to ISO 14971 and IEC 62304
  • Security vs safety evidence interplay
  • Governance roles and accountability

Module 2 – Risk management

  • Security risk within ISO 14971 process
  • Hazard, sequence of events, and harms
  • Threat modeling for clinical scenarios
  • Risk controls and verification plans
  • Residual risk and benefit–risk balance
  • Documentation and audit readiness

Module 3 – Secure development

  • Secure SDLC across device and cloud
  • IEC 81001-5-1 secure processes
  • Dependency and OSS governance
  • SBOM generation and maintenance
  • VEX creation and usage patterns
  • Secure build and release gates

Module 4 – Architecture and controls

  • Security objectives and trust boundaries
  • Identity, authN/authZ, and provisioning
  • Data protection and cryptographic use
  • Interface hardening and protocol choices
  • Logging, monitoring, and diagnostics
  • Safety-security co-engineering patterns

Module 5 – Vulnerability handling

  • Coordinated vulnerability disclosure
  • Triage, scoring, and risk acceptance
  • Patching and secure update strategies
  • Field safety corrective considerations
  • Communication to operators and patients
  • Evidence for regulators and auditors

Module 6 – Post-market operations

  • PMS integration with security signals
  • Threat intel and supplier advisories
  • Incident response and containment
  • KPI/OKR metrics for security efficacy
  • Periodic review and management reports
  • Continuous improvement roadmaps

Ready to align your device security program with MDCG expectations and accelerate compliant delivery? Enroll your team now to turn guidance into actionable, auditable results that protect patients, preserve trust, and speed market access.

Request More Information