Data Encryption for Medical Devices: MDR and GDPR
Encryption at rest, in transit, and for backups: what MDR Annex I and GDPR demand from medical device manufacturers, and how startups implement it.
Category
IVDR & In Vitro Diagnostics
13 in-depth guides in this cluster
Secure Software Update Mechanisms for Medical Devices
How medical device software updates should be signed, verified, staged, and rolled back under MDR Annex I and EN IEC 81001-5-1:2022.
Cybersecurity Testing: Pentesting and Vulnerability Assessment
How penetration testing and vulnerability assessment fit into MDR cybersecurity evidence under Annex I ยง17.4 and EN IEC 81001-5-1:2022.
Cybersecurity Patch Management for Medical Devices
How cybersecurity patch management works under MDR, including change control, significant change, and when a patch triggers notified body notification.
The Software Bill of Materials (SBOM) for Cybersecurity
How an SBOM grows out of the EN 62304 configuration item list, the SPDX and CycloneDX formats, and how to track CVEs against it under MDR.
Cybersecurity Post-Market Surveillance for Medical Devices
How to monitor CVEs, vendor advisories, and threat intel under MDR Articles 83 to 86 and EN IEC 81001-5-1, wired into a working PMS plan.
What Is the EU IVDR (2017/746)? A Startup Guide
IVDR 2017/746 replaced the IVDD and has applied since 26 May 2022. A startup-friendly guide to the framework, scope, and first moves.
IVDR vs MDR: Key Differences for Diagnostic Startups
IVDR vs MDR differences for startups building diagnostic devices. Where the two regulations overlap and where they diverge in practice.
IVDR Device Classification: The New Risk-Based System
IVDR device classification uses a four-class system (A, B, C, D) driven by the diagnostic target and substances. A startup-friendly walkthrough.
IVDR Technical Documentation: What Is Different from MDR
IVDR technical documentation mirrors MDR structure but swaps clinical evaluation for performance evaluation. Here is what actually changes.
IVDR Conformity Assessment Routes: Notified Body Involvement
IVDR conformity assessment routes explained by class. Class A non-sterile self-declares, everything else needs a notified body at some level.
IVDR and the Notified Body Bottleneck
The IVDR notified body pool is much smaller than MDR's. Here is how IVD startups should plan for that bottleneck realistically.
IVDR Compliance Checklist for IVD Startups in 2026
A phase-by-phase IVDR compliance checklist for IVD startups in 2026, from classification through CE mark, in the Subtract to Ship style.