Cyber­security Medical Devices

Training Dates

Medical device cybersecurity consultancy & training

Drawing from extensive experience in risk management within medical device, hardware, and software development, Lorit Consultancy Team is your trusted partner for navigating the complexities of medical device cybersecurity. From AAMI TIR 57 to NIST SP 800-30 and IEC 81001-5-1, we guide you through the latest standards, providing insights into methodologies for asset and vulnerability analysis.

Whether consultancy, support, or training – we excel in guiding you towards safe and secure product design, aligning with FDA cybersecurity guidance and relevant EU regulations.

Cybersecurity Processes

In the dynamic field of the medical device industry, our firm leverages years of project experience to guide you through numerous standards and guidelines used to assess, mitigate and verify satisfactory cybersecurity implementation.

We can support you in implementing strategies like the Secure Product Development Lifecycle (SPDL) defined in the IEC 623443 series, ensuring your cybersecurity measures are aligned with industry best practices. Our expertise covers the cybersecurity risk management processes outlined in NIST SP 800-30 and AAMI TIR 57, drawing their connection to ISO 14971. We conduct vulnerability analyses using frameworks such as the Common Vulnerability Scoring System (CVSS) and Microsoft STRIDE.

Post-Market Cybersecurity

Post-market activities are integral to the development of medical devices, and our firm is adept at guiding you through the formulation and execution of your post-market cybersecurity strategy. We provide consultation on aligning cybersecurity assessments with ISO 14971 risk management activities. Recognizing the evolving nature of the cybersecurity landscape, we help establish strategies for ongoing assessment, ensuring an acceptable residual risk is maintained.

Our services

Consultancy & Support:

  • Security analysis, evaluation and control
  • Definition of security solutions
  • Post-market monitoring

Our services extend to defining product hardening techniques to reduce vulnerabilities and establishing robust verification strategies such as fuzz and penetration testing.

We support you with tool choices e.g. the choice of Software Composition Analysis tools and provide expertise in managing your Software of Unknown Provenance (SOUP), along with guidance on generating and overseeing Software Bill of Material (SBOM). With extensive experience, we specialize in post-market cybersecurity strategies, referencing standards like AAMI TIR 97.


We offer (online) training courses that can be customised to meet your requirements in terms of date, format and content.

Our cybersecurity course for medical devices relates to cybersecurity in general, with references to international standards such as ISO 14971, AAMI TIR 57 and NIST. In addition to a comprehensive overview, we also provide detailed insights into the areas of analysis and methods.

In this way, you learn how cybersecurity becomes an integral part of your projects and benefit from our industry knowledge and experience.

Cyber­security Medical Devices Trainer

Owner & Consultant

Alastair Walker


Medical Device Cybersecurity – Current dates

CourseCyber­security Medical Devices
Date31. Jul. / 1 Day
TrainerAlastair Walker
Costs€700 / £650
CourseCyber­security Medical Devices
Date25. Sep. / 1 Day
TrainerAlastair Walker
Costs€700 / £650


Companies around the world rely on our extensive knowledge in safety-relevant industries when developing their products.

In summary; very useful, the recommendations/observations are recognisable and the report will help steer future 62304 compliance efforts.
In addition, the report also satisfied our external stakeholders.

Phil Cooley – Quality Manager, Bond Digital Health Ltd


Thank you, for a terrific course!
The trainer was extremely knowledgeable about the material, and made the content very easily digestible, even the more challenging bits.  I am very satisfied.

Rhyse Jaeschke – Manager, System Verification & Validation Ultrasound R&D, Philips Healthtech


With Lorit Consultancy we have found an extremely reliable partner who sees the big picture. Through their Functional Safety Engineering (ISO 26262) competence, we enjoy support at the highest level within our automotive product development. Remarkable is the smooth integration into our internal development team and the always professional & uncomplicated communication. We look forward to many more joint projects!

Harald Sporer – Senior Project Manager, Automotive Sense & Control, Infineon

“It was really a very helpful and excellent training!”

Marco Augustin – Quality and Software Manager, Occyo


”Lorit Consultancy´s support was instrumental in helping us achieve compliance in IEC-62304/ 82304 and ISO 14971 for our software-as-a-medical-device product.”
Ju Zhang – Founder, CEO Formus Labs


“Plexus has used the services of Lorit Consultancy in relation to a new healthcare project where insights into ISO 14971 and IEC 60601-1 international standards was needed.  We have been very impressed with the quality of knowledge within Lorit and the quality of documentation and deliverable, and we look forward to continuing to partner with Lorit in the future.”
John Simpson – Senior Manager, Engineering  Plexus

“Lorit Consultancy gave us excellent support in defining the requirements and implementing the BS EN 62304 document structure for our first product.”
Selly Saini – CEO  Inside Biometrics

“Lorit Consultancy provided a professional and efficient service in defining regulatory requirements for both new developments and legacy products.”
Alastair Mutch – VP Research and Development, Diagnostics Cardiology Spacelabs Healthcare

“Lorit Consultancy gave us great support when guiding us through the process of hardware metric generation as defined in ISO 26262.  Providing both the FMEDAs and training on the use of them.”
Geoff Owen Protean

“Very well executed, very helpful. Thank you for your time and expertise.”
Senior Electronics Engineer


“Essential for my job. Reduced my fear of 60601.”
Senior Mechanical Engineer

“It’s great to have the opportunity to receive this training from somebody who is obviously an expert in the topic and understands the practical implementation.”
Senior Design Assurance Engineer

“Excellent course and very pragmatic approach on implementing compliance.”
Senior Software Engineer

“The instructor was extremely engaging and clearly had excellent knowledge of the material.”
Innovation Agent