Royal Philips announces that it has been named the first medical device manufacturer to receive a new Underwriters Laboratories (UL) product cybersecurity testing certification. Underwriters Laboratories (UL) is an independent global safety certification and testing company with locations worldwide.
The UL IEC 62304 certification was designed by Underwriters Laboratories to provide an overall framework to evaluate the robustness and maturity of a medical device manufacturer’s cybersecurity controls and capabilities for product development.
In support of the successful Philips firm registration for the security option of IEC 62304, UL performed a comprehensive audit of the Philips Security Center of Excellence. The center was launched in 2015 to develop cyber-resilient products and services through security-by-design, risk assessment, vulnerability and penetration assessment, specialized trainings, and incident response.
The audit reviewed and verified core Philips product security processes, including security risk management and risk control measures, software security verification planning, change management and continuous improvement, and the center’s laboratory quality management system.
The UL certification combines cybersecurity testing elements of the established UL 2900-2-1 standard for Software Cybersecurity for Network-Connectable Products, which focuses on the demanding requirements of healthcare and wellness systems, as well as security principles from international standards (ISO 13485 and ISO 14971).
“To receive this certification from Underwriters Laboratories, a long-established global leader in standards creation and safety testing, is a strong validation of our program and an opportunity to advance healthcare and personal health product security even further,” says Michael McNeil, Philips’ global product security and services officer.
“We’ve spent years building a successful and effective end-to-end Security by Design program, embedding security principles and best practices throughout a product’s life cycle,” McNeil adds. “At Philips, we understand that our customers have high and growing expectations for the security of the solutions that they rely on. In addition, global regulatory authorities have also increased the scope and scale of product cybersecurity compliance requirements to help protect patients and consumers. We look forward to continuing to meet these critical commitments.”