Signed in as:
Signed in as:
Design Inputs are critical in establishing and memorializing the intended use of the SaMD, the environment, safety, security, privacy and overall compliance requirement.
Information from the user requirements should be used to document the basis for the development of quantifiable engineering inputs for SaMD realization as defined in a Design and Development Plan.
The requirements development process may be iterative and continue through the completion of the Design Outputs prior to verification. Design Input documents shall be reviewed, approved, and revision controlled.
One of the areas that development teams struggle with is setting requirements for data protection and information security for the SaMD, especially when planning commercialization in countries subject to GDPR. These requirements must reflect the need for data protection and information security and should be included as part of the Design and Development Plan.
When requirements for data protection and security, tolerance levels, data protection impacts, and security risks are established early, the engineering team will already know which requirements they need to meet and can therefore mitigate the risks associated with data protection and information security throughout the SaMD development process.
It is important to know what categories of data will be processed by the SaMD or product, what conclusions can be drawn about individuals based on the data being processed, who is the user and owner of the data, and if deploying in the EU, who is defined as the controller, and if applicable, who is the data processor or recipient of the personal data. This is necessary for determining which laws, rules, guidelines, and codes of conduct are applicable to the software being developed.
Clear and concise information about how the data will be used is fundamental to ensure protection of data subject’s rights. The SaMD must make it easy for the data subjects to exercise their rights, such as access, information, rectification, restriction, and data portability. SaMD developers must ensure the security of data during e.g., collection, storage, alteration, viewing, communication, and deletion. Encryption and access control are examples of measures that can be used to help ensure security.
The SaMD security requirements are best determined by identifying which risks the SaMD may be exposed to, and which risks the SaMD developer/manufacturer is willing to take.
Defining risk tolerance levels
Risk assessment is about identifying the potential consequences of different incidents or scenarios and assessing how likely or easy it is that an unwanted incident occurs. SaMD manufacturers should establish the degree of risk they are willing to take in different scenarios. This is called risk tolerance. This tolerance level provides guidance on what measures and resources need to be put in place to ensure that the SaMD does not exceed the defined level of acceptable risk.
Security Risk Assessment
A risk assessment begins with mapping values that should be secured. A threat assessment should be carried out to identify which actors could be interested in the values, and which attack vectors different threat actors use. An evaluation is then carried out to determine which values are vulnerable to any given threat. Information security standards can help to detect vulnerabilities, thus also identifying the requirements that need to be established for data protection and security. The result of the risk assessment should be assessed against the security tolerance level. If the risk level is higher than the pre-determined level of acceptable risk, measures must be implemented to mitigate the risk. It is also necessary to determine who will be responsible for the measure, and to set a deadline for implementation.
Generally, the following security design inputs are to be considered:
Special consideration for :
SaMD Access control
The SaMD must ensure that there is appropriate and sufficient information security during the storage and communication of data. Encryption can help to achieve this. When using encryption, widespread and recognized algorithms and methods must be used at all times, with a sufficient key length. Minimum requirements must be set for administration, specifying how often security algorithms must be reviewed and updated
The SaMD must protect the integrity of data and be able to detect changes in files, servers, and networks, by:
The SaMD must ensure that personal data is available when necessary through
b. contingency plans
c. incident management
d. the software must be able to restore availability and access to personal data in a timely manner in the event of a physical or technical incident
The SaMD must be resilient. It must:
a. be secured against known security holes and vulnerabilities
b. be correctly configured
c. ensure segmentation of stored data, systems, processors, and networks
d. ensure that third party software and patches are kept up-to-date
e. be capable of receiving notifications from users and others about vulnerabilities in the software, and of ensuring that they are managed and taken seriously ensure the secure destruction of media that process personal data
The SaMD must allow changes to be traced and enable management of security breaches by:
a. documenting software and procedures
b. logging configuration changes, processes, activities, and incidents
c. access control to logs based on the principle of least privilege and only when access is specifically required
d. deleting or anonymising logs after a given deadline
e. not storing logs for longer than necessary