The creation and integration of security risk management processes into an existing medical device manufacturer’s quality management system is a difficult task.  This training will provide the framework for the required engineers and managers across differing domains to plan and execute this update.  The US FDA recognized publications, AAMI SW96, TIR57, and TIR97, will be used to demonstrate the uniqueness of security risk management and its key aspects in the premarket and post market phases. A mixture of lectures and practical exercises will be used.

Starting with the core processes and terms of a security risk management program, the students will learn why security risk management is best performed parallel to traditional ISO 14971 risk management processes focused on patient safety.  Key topics such as risk scoring, vulnerability processing, use of software bills of material, post market monitoring, end of support planning, and customer communications will be addressed.

Intertwined with the lecture content, students will have the opportunity during breakout sessions to explore the practical use of the material provided to them.  Upon completing the course, the students will have a strong foundation in security risk management and be ready to integrate processes into their quality system.

Over the course of (6) hours, the attendee will:

• Understand security risk management terms, processes, and activities.
• Understand the differences and similarities between security and safety risk management.
• Understand how to integrate security risk management into an existing risk management quality system.

Software, systems, security, and risk management engineers and managers, or others involved in the integration and use of a medical device manufacturer security risk management program.