Manualshelf

User's Manual

ManualsBrandsSTRATEC ManualsElectronicsIn-vitro diagnostic analyzer system
21222324252627282930
INTRODUCTION
CYBERSECURITY
KleeYa - User Manual - Version 2 1-19
1.7 CYBERSECURITY
1.7.1 INTRODUCTION
The KleeYa main software (= specific KleeYa instrument software, PC software,
which is used to control the instrument) is intended to be used in a defined and
controlled environment. Access to the KleeYa main software is allowed only to
trained and authorized users.
Nevertheless, despite the above mentioned, usage of the system may undergo the
risk of illicit, criminally motivated, unauthorized access, leading to possible data
loss, corruption or unauthorized distribution.
Furthermore, updates to the software modules provided with the system (e.g.
Operating System, OS = system software that manages computer hardware. The
KleeYa Operating System is Windows) must be distributed under controlled process
pre-defined by STRATEC, to ensure that the KleeYa System still behaves according to
its intended use after the update.
This chapter describes the policy followed by STRATEC and partners regarding
Cybersecurity of the KleeYa System. It is described how software elements can be
updated and the consequences of the installation of additional third party elements.
1.7.2 DEFINITION
Cybersecurity is generally understood as the protection of computer systems from
adverse effects on assets including hardware, software or electronic data, as well as
from disruption or misdirection of the services they provide.
In general, Cybersecurity is a shared responsibility of all stakeholders, meaning
anyone who touches the data.
Cyber risks for medical devices are grouped in the following three key concepts:
1. Confidentiality of information at rest and in transit. This means in detail that
sensitive data need to be prevented from being seen or accessed by non-
authorized users, while ensuring that those that have legitimate, like trained
and authorized users, have access to the data.
2. Integrity of data, which is necessary to ensure information authenticity and
accuracy (i.e. non-repudiation) – or more specifically that data remains
accurate and consistent throughout its life cycle.
3. Availability of the processes, devices, data, and connected systems, refers to
the importance of keeping computer systems available and accessible when
required by the activity.