vendredi, septembre 27, 2024
Récents :
Télécommunications

Where do I start with software and cybersecurity documentation?

Mourad ELGORMA

Best practices when you are developing your concept/prototype software for a minimum viable product are:
1. write your code with small modules so you can easily move the code to future modules in your final commercial product
2. document your coding so other programmers that join the project later can figure out what you did

There are 4 things related to software documentation that you need to do BEFORE you start coding software (or firmware) for a medical device:
1. Software description
2. Sofware Architecture Diagram
3. Software Hazard Analysis (technically, you should also have a software risk management plan too)
4. Software Requirements Specification (SRS)

You should be using IEC 62304 as your standard for the software development and validation process: https://www.youtube.com/watch?v=2tlBn7-ZT-I

You should be using IEC/TR 80002-1 as your standard for software hazard analysis:

Our procedure for software validation is SYS-004:

Software Validation Procedure (SYS-044)

There are 4 things related to cybersecurity documentation that you need to do BEFORE you start coding software (or firmware) for a medical device:
1. Security Architecture Diagram
2. Views for the various use cases
3. Threat modeling – could be as simple as a data flow diagram showing the security controls and trust boundaries
4. Security Risk Management Plan

All of the above cybersecurity documentation should be completed before you start coding, you need to make sure you have the 8 required security risk controls included as software requirements in your SRS (found in the FDA eSTAR and the FDA cybersecurity guidance from 2023).

Once you have done all of the above…then you can start coding your commercial product.

If you don’t follow this advice, you may have software that you cannot validate or software that will not pass cybersecurity testing. Then you have to rewrite your code again.

Thank you for the great comments during the live session!

If you want little chuckle on a Friday afternoon, check out this video – https://www.youtube.com/watch?v=j6W0mcHUUvM

Views : 108
cyber security

Source by Medical Device Academy

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Vous pourrez aussi aimer

How to Make Sense of Cybersecurity Frameworks

Mourad ELGORMA

Phishing Attack | Phishing in cyber security #shorts #short #youtubeshorts #phishing

Mourad ELGORMA

Cyber Security Skills You NEED to Learn in the Age of AI

Mourad ELGORMA

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *