Royal Philips, a global leader in health technology, announced that the company was named the first medical device manufacturer to receive a new Underwriters Laboratories (UL) product cybersecurity testing certification. Underwriters Laboratories is an independent global safety certification and testing company with locations worldwide.
The UL IEC 62304 certification was designed by Underwriters Laboratories to provide an overall framework to evaluate the robustness and maturity of a medical device manufacturer’s cybersecurity controls and capabilities for product development.
In support of the successful Philips firm registration for the security option of IEC 62304, UL performed a comprehensive audit of the Philips Security Center of Excellence. The Center was launched in 2015 to develop cyber-resilient products and services through security-by-design, risk assessment, vulnerability and penetration assessment, specialized trainings, and incident response.
The audit reviewed and verified core Philips Security Center of Excellence product security processes, including security risk management and risk control measures, software security verification planning, change management and continuous improvement, and the Center’s laboratory quality management system.
The UL certification combines cybersecurity testing elements of the established UL 2900-2-1 standard for Software Cybersecurity for Network-Connectable Products, which focuses on the demanding requirements of healthcare and wellness systems, as well as security principles from international standards (ISO 13485 and ISO 14971).
“For the Philips Security Center of Excellence to receive this certification from Underwriters Laboratories, a long-established global leader in standards creation and safety testing, is a strong validation of our program and an opportunity to advance healthcare and personal health product security even further,” said Michael McNeil, global product security & services officer, Philips.
“We’ve spent years building and investing in a robust end-to-end Security by Design programme, embedding security principles and best practices throughout a product’s life cycle,” McNeil added. “At Philips, we understand that our customers have high and growing expectations for the security of the solutions that they rely on. In addition, global regulatory authorities have also increased the scope and scale of product cybersecurity compliance requirements to help protect patients and consumers. We look forward to continuing to meet these critical commitments.”
Royal Philips is a leading health technology company focused on improving people's health and enabling better outcomes across the health continuum from healthy living and prevention, to diagnosis, treatment and home care.