MDISS announces best practices for securing medical systems based on ISA/IEC 62443 series of standards

  • February 13, 2019
  • ISA
  • News
MDISS announces best practices for securing medical systems based on ISA/IEC 62443 series of standards
MDISS announces best practices for securing medical systems based on ISA/IEC 62443 series of standards

February 13, 2019 - The Medical Device Innovation, Safety, and Security Consortium (MDISS), a major nonprofit public health and patient safety organization, has announced it is developing a set of recommended practices and profiles for securing medical systems based on the normative requirements in the ISA/IEC 62443 series of standards for industrial automation and control systems cybersecurity.

The intent is to share the information across the network of MDISS member organizations, which includes medical device manufacturers, healthcare software companies, hospital networks, and insurance companies.

The ISA/IEC 62443 standards are developed primarily by the ISA99 committee of the International Society of Automation, with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission.ISA99 draws on the input of cybersecurity experts from across the globe in developing standards in a balanced, consensus process that is accredited by the American National Standards Institute. The standards are applicable to all industry sectors and critical infrastructure, providing a flexible and comprehensive framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems.

Application to connected medical devices reflects the growing use of the standards across multiple sectors worldwide, points out long-time ISA99 co-chair Eric Cosman. “When we first formed the ISA99 committee, we deliberately stated our scope in terms of potential consequences rather than limiting ourselves to specific industries.”

The MDISS announcement follows another recent indication of the widespread adoption of the ISA/IEC 62443 standards in which the United Nations Economic Commission for Europe confirmed it will integrate the standards into its forthcoming Common Regulatory Framework on Cybersecurity (CRF). The CRF will serve as an official UN policy position statement for the massive EU trade markets.


About ISA The International Society of Automation is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world. 

ISA owns, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation, an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute and the ISA Wireless Compliance Institute

Learn More

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..