Advice and best practices for writing SOPs, training for product launch, outsourcing technical documentation, and more.

Best Practices for Medical Device Cyber Security Documentation

It's MEDTECH season again and, as we do each year, Novatek and Launch Team are taking a close look at the current trends, changes and technologies that are impacting the medical device industry. From product launches to new sales models, we're examining the 2018 outlook and sharing our insights.


As we discussed in a previous post, the development and adoption of new medical technologies such as robotics, telemedicine, and connected medical devices have created a range of cyber security concerns.

This concern is well-founded. The healthcare sector was the most targeted sector for cyber attacks in 2015, according to Symantec’s 2016 Internet Security Threat Report. In a Deloitte survey, more than a third of professionals in the IoT-connected medical device sector said that their organizations experienced a cyber security incident in the past year.

Many device manufacturers are now investing in security measures to identify and mitigate these potential threats. While implementing the right technology is the first step, employee training and process documentation are just as essential to the success of any risk mitigation plan. Effective cyber security documentation ensures:

  • Regulatory compliance
  • Protection against employee mistakes
  • Identification of vulnerabilities and risks in IT systems
  • Efficient incident response and resolution

When developing an incident response plan and other needed documentation, it is important to clearly define roles, timing, and review cycles to keep everything on track. Here are a few other best practices:

Three Best Practices for Cyber Security Documentation

  1. Identify notification policies for breaches or scams – Develop a structured system to make employees aware of incidents, and create standard procedures for alerting appropriate persons of suspicious activity.
  2. Define access protocols and who is allowed to view specific information – The sensitivity of medical information requires clearly defined policies regarding which employment levels can access specific information.
  3. Establish password policies that inform employees of sharing, updating and privacy guidelines – Beyond access levels, strict guidelines for password-protected access should also be implemented. Detailed rules for password sharing and creation should be documented.

For our full list of best practices...

Download our free checklist:
10 Best Practices for Cyber Security Documentation

Download Checklist

Working with your cyber security team or one of our partners, Novatek can help you develop documentation that protects your company against cyber threats. Our Cyber Security Risk Mitigation Plan offers complete implementation of critical procedures and employee training.

Check back for more of the 2017 Medical Device Market series!

Topics: product launch, medical device launch, cyber security