MDCG 2019-16 医疗器械网络安全指南.pdf

Medical Device Medical Device Coordination Group Document MDCG 2019-16 rev. 1 MDCG 2019-16 Guidance on Cybersecurity for medical devices December 2019 July 2020 rev.1 This document has been endorsed by the Medical Device Coordination Group (MDCG) established by Article 103 of Regulation (EU) 2017/745. The MDCG is composed of representatives of all Member States and it is chaired by a representative of the European Commission.The document is not a European Commission document and it cannot be regarded as reflecting the official position of the European Commission. Any views expressed in this document are not legally binding and only the Court of Justice of the European Union can give binding interpretations of Union law. Page 1 of 46 Medical Device Medical Device Coordination Group Document MDCG 2019-16 rev. 1 Table of Contents 1. Introduction4 1.1. Background 4 1.2. Objectives 4 1.3. Cybersecurity Requirements included in Annex I of the Medical Devices Regulations 4 1.4. Other Cybersecurity Requirements 6 1.5. Abbreviations 7 2. Basic Cybersecurity Concepts 8 2.1. IT Security, Information Security, Operation Security 8 2.2. Safety, Security and Effectiveness 9 2.3. Intended use and intended operational environment of use 10 2.4. Reasonably foreseeable misuse 11 2.5. Operating Environment 11 2.6. Joint Responsibility - Specific expectations from other stakeholders 12 2.6.1. Integrator 12 2.6.2. Operator 13 2.6.3. Users including healthcare medica