Skip to the main content.
Contact Us
Contact Us

Get IEEE 2621 Certified:
Reduce Risk, Ensure FDA Compliance. 

Align with global cybersecurity standards and fortify your medical device against cyber threats 

Palindrome guides medical device manufacturers through IEEE 2621 certification, ensuring FDA compliance and robust cybersecurity for connected healthcare devices. 

IEEE 2621 Medical Device Certification Logo Palindrome Tech

Why IEEE 2621 Matters for Medical Device Manufacturers 

 

The IEEE 2621 standard sets the benchmark for connected healthcare device cybersecurity, aligning seamlessly with FDA requirements and global regulatory standards. At Palindrome, we specialize in guiding medical device manufacturers through the certification process, enhancing your chances of a successful FDA case submission. 

 The IEEE 2621 program offers a streamlined evaluation process with clear definition of scope and test requirements to ensure medical devices maintain a consistent set of baseline security requirements. The benefits of this offering include: 

  • Pre-assessment of your medical device by an IEEE-recognized lab 
  • Testing using a vetted IEEE 2621 Test Plan and requirements that remove ambiguity from the process 
  • Standardized report on testing results 
  • IEEE Certification Mark that helps manufacturers differentiate their products from competitors 
  • Certified products to be included in the IEEE Medical Device Registry 
  • Assistance with submission to regulatory bodies 
  • Meets FDA submission criteria 

IEEE 2621: Cybersecurity Standards for Connected Medical Devices 

The IEEE 2621 specifications outline the framework for a connected electronic product security evaluation program and incorporates best security practices for connected diabetes devices (CDDs).   

The IEEE 2621 standard comprises the following specifications: 

  1. IEEE 2621.1: This standard outlines the framework for a connected electronic product security evaluation program along with the assurance levels, including (in order of increasing rigor):
    Basic: This level of assurance is based on developer-led affirmation of the security functional requirements (SFRs) rather than a lab. 

    Enhanced-Basic: This level of assurance involves an evaluation by an authorized testing lab to assess the device's compliance with more stringent security requirements. The evaluation follows ISO/IEC 18045 and ISO/IEC 15408-3:2008 standards, focusing on Assurance Security Environment (ASE) AVA_VAN.3 activities. 
    Moderate; This level of assurance represents the highest rigor, requiring evaluation by an authorized testing lab. The assessment incorporates additional security measures and follows ISO/IEC 18045 and ISO/IEC 15408-3:2008 standards, with a focus on Assurance Security Environment (ASE) AVA_VAN.4 activities to address complex cybersecurity risks

  2. IEEE 2621.2: This standard outlines the functional requirements for connected diabetes devices (CDD) within a security evaluation program. It also provides guidance on how to identify and counter relevant threats, and to differentiate between mandatory and optional security requirements.
  3. IEEE 2621.3: This standard defines recommendations on using mobile devices within diabetes contexts that are considered necessary by the corresponding stakeholder(s).

Why Partner with Palindrome? 

At Palindrome, we combine technical expertise with deep knowledge of regulatory standards to help you achieve seamless certification under IEEE 2621.

Our services include:  

  • Pre-certification readiness evaluation
  • Comprehensive vulnerability testing
  • Guidance on implementing robust security controls 

Achieving IEEE 2621 certification not only ensures FDA compliance but also enhances your market position by demonstrating robust cybersecurity measures. Let Palindrome guide you through this process.