We are currently upgrading our website. Please bear with us if you are experiencing any loading issues.

Be Part of the Asia Pacific MedTech Forum 2024

Register Now
Linkedin-in Facebook Envelope

International Standards and Cybersecurity for Medical Devices Workshop

  • MONDAY, 20 JULY 2026
  • 09:00 AM – 17:00 PM (SGT)
  • J&J Training Room, 2 Science Park Dr, #07-13 Ascent, Singapore 118222
Register Now

Workshop Purpose

To equip regulatory, quality, and compliance professionals with a clear understanding of the international standards, lifecycle processes, and quality system requirements that define modern medical device cybersecurity—and to provide the knowledge needed to demonstrate regulatory cybersecurity readiness.

Core Learning Goals

1. Regulatory Foundation for Cybersecurity
  • Cybersecurity is a safety requirement, not an add-on.
  • Authorities (FDA, EU MDR/IVDR, IMDRF) demand integration of cybersecurity into the Total Product Lifecycle (TPLC).
  • Cybersecurity must be embedded into design controls, risk management, post-market surveillance, and QMS processes.

Participants will learn how the major global standards fit together:

  • IEC 81001-5-1 – Security activities across the health software lifecycle
  • ISO 14971 & ISO/TR 24971 – Risk management & guidance
  • ISO 13485 – QMS requirements and integration of cybersecurity
  • ISO/IEC 62443 – Security concepts adapted into healthcare
  • IMDRF Cybersecurity Principles – Global harmonization for pre- & post-market expectations
  • FDA Secure Product Development Framework (SPDF) – U.S. regulatory expectations for lifecycle security

The SDLC for medical device cybersecurity includes:

  • Requirements & architecture security considerations
  • Risk management and threat modeling
  • Secure implementation practices
  • Verification & validation of security controls
  • Documentation and lifecycle traceability
  • Preparation of evidence for regulatory submissions

This ensures security is built in—not bolted on.

The workshop covers testing from a compliance viewpoint:

  • Verification & validation of security controls
  • Vulnerability assessments
  • Role and limitations of penetration testing
  • How testing results must be documented to support submissions and audits

Cybersecurity must be embedded into:

  • ISO 13485 design control procedures
  • Risk files and quality documentation
  • Change control, CAPA, and documentation control
  • Post-market surveillance & vulnerability handling
  • Organizational roles and accountability

Participants learn how to prepare a coherent, audit-ready evidence package, including:

  • Architecture & design documents
  • Threat and risk analyses
  • Verification & validation results
  • Security testing outputs
  • Post-market cybersecurity plans
  • Traceability across the entire product lifecycle

This ensures confidence when engaging with regulators globally.

Registration

APACMed MemberUS$100
APACMed Non MemberUS$150
StudentUS$50

Register now to secure your seat

Registration Type
APACMed Non Member US$200
APACMed Member US$150
Virtual
(for members based outside of Singapore only) US$50

*Cancellations and refund requests must be submitted at least 48 hours prior to the event date.

Register as Member
Register as Non-Member
Register as Student

The MedTech Talent Summit will take place in person in Singapore only.
Virtual participation is not available.

For any further information or enquiry on sponsoring opportunities,
please contact Anirudh Sen anirudh_sen@apacmed.org

08:30 - 09:00 AM

Registration

09:00 - 09:05 AM

Framing the Workshop

Joern Lubadel, Global Head of Product Security, B.Braun (in-person)

09:05 - 09:30 AM

Regulatory Framing: Why Cybersecurity Is a Safety Requirement

  • Cybersecurity as part of device safety and QMS
  • MDR/IVDR cybersecurity obligations
  • IMDRF Total Product Lifecycle (TPLC) expectations

Preethika Shindhe, Director, Product Security Regulations, Philips (virtual)

09:30 - 10:00 AM

Medical Device Basics for Cybersecurity Context

  • Regulatory definitions (FDA, MDR/IVDR)
  • SaMD and connected device considerations
  • Cybersecurity as extension of ISO 14971 risk management

Preethika Shindhe, Director, Product Security Regulations, Philips (virtual)

10:00 AM - 10:15 AM

Break

10:15 AM - 11:15 PM

International Standards and Regulatory Expectations

  • IEC 81001‑5‑1 lifecycle security requirements
  • ISO 14971, ISO/TR 24971
  • ISO 13485 QMS alignment
  • ISO/IEC 62443 concepts
  • FDA Secure Product Development Framework (SPDF)
  • IMDRF global harmonization principles

Manan Hathi, Global Leader of Digital Health Regulatory Policy, Stryker (virtual)

11:15 - 11:45 PM

Management of lifecycle support phases for cybersecurity management of medical devices

  • IMDRF N70 guidance
  • Defining product support at every stage (guaranteed, limited, end of life)
  • Lifecycle considerations in device design and development

Manan Hathi, Global Leader of Digital Health Regulatory Policy, Stryker (virtual)

11:45 - 12:45 PM

Lunch

12:45 - 13:45 PM

Secure Development Lifecycle (SDLC): Regulatory Evidence

  • Threat modeling documentation
  • Architecture and design evidence
  • Risk control verification
  • Lifecycle traceability requirements
  • IMDRF documentation expectations

Joern Lubadel, Global Head of Product Security, B.Braun (in-person)

13:45 - 14:45 PM

Security Testing for Regulatory Submission

  • Verification & validation of security controls
  • Vulnerability assessments
  • Role of penetration testing
  • FDA and IMDRF expectations for testing evidence

Hans-Martin von Stockhausen, Principal Key Expert Cybersecurity Siemens Healthineers (virtual)

14:45 - 15:00 PM

Break

15:00 - 16:00 PM

Integrating Cybersecurity into the Quality Management System

  • ISO 13485 design controls
  • Cybersecurity processes, documentation & roles
  • CAPA and vulnerability handling
  • Post‑market surveillance requirements

Ashley Mancuso, Vice President, MedTech BISO & Product Security, J&J MedTech (in-person)

16:00 - 16:30 PM

Regulatory Case Studies & Submission Best Practices

  • FDA submission patterns (example)
  • Notified body observations
  • IMDRF-aligned documentation structure

Chris Reed, Senior Director of Cybersecurity Regulatory Policy, Medtronic (virtual)

16:30 - 17:00 PM

Demonstrating Regulatory Readiness

  • Preparing for audits
  • Evidence packaging
  • Ensuring lifecycle traceability

Ananda Uppalapati, Sr Director of Product Management Cybersecurity, Roche Digital Technology (in-person)

17:00 PM

Wrap Up & Q&A

Outcome

By the end of the workshop, participants will understand how to integrate cybersecurity into regulatory strategy, QMS processes, design controls, testing, documentation, and post-market oversight—enabling them to confidently demonstrate device cybersecurity compliance and support regulatory submissions.

Speakers

Joern Lubadel

Read More

Global Head of Product Security

B.Braun

Preethika Shindhe

Read More

Director, Product Security Regulations

Philips

Manan Hathi

Read More

Global Leader of Digital Health Regulatory Policy

Stryker

Hans-Martin von Stockhausen

Read More

Principal Key Expert Cybersecurity

Siemens Healthineers

Ashley Mancuso

Read More

Vice President, MedTech BISO & Product Security

J&J MedTech

Ananda Uppalapati

Read More

Senior Director of Product Management Cybersecurity

Roche Digital Technology

Chris Reed

Read More

Senior Director of Cybersecurity Regulatory Policy

Medtronic

Shopping Basket