Hannah Murfet

Founder and Vice Chair, CQI Next Generation Network
The Chartered Quality Institute
Hannah Murfet is a volunteer for the Chartered Quality Institute, as a Founder and Vice Chair of the CQI Next Generation Network, a group aiming to inspire and support young quality professionals. Through this she has published a number of articles and enjoys sharing best practices from the medical device sector with professionals from other industries. In addition, Hannah is currently finalising an MSc in Medical Technology Regulatory Affairs. Her MSc thesis is on the subject of cybersecurity risk management practices at Cranfield University, supervised by Dr Phil Warner. This forms the subject of both her workshop and presentation at this conference, where Hannah will share her research and the insights gained from the industry professionals that took part. As a senior quality and regulatory professional, Hannah has gained experience in developing and implementing quality systems and regulatory strategies. Hannah has worked across a number of small and start-up medical device organisations, primarily focussed on In Vitro Diagnostic (IVD) and software devices. Hannah is currently Quality Assurance Manager at Team Consulting Limited, a design and development consultancy focussed on medical technology. At Team Consulting, Hannah has collaborated with a number of stakeholders across the business to develop compliance to IEC 62304, UL 2900 and general software best practices. Hannah’s main achievements include a number of direct interactions with the medical regulators including FDA presubmissions and MHRA scientific advice meetings. In addition Hannah has completed clearance activities, including for software medical devices, in Canada and developing markets such as India. Hannah has a passion for writing, and one of her personal achievements is achieving a publication in a clinical journal. When she has some spare time, she enjoys relaxing with her family and pet rabbit.

9:00 AM Cyber Security and Medical Device Software

Cybersecurity is emerging as an increasing issue for device manufacturers, from high profile attacks to mass
recalls. Most research to date has focused on the extent of the problem, and less on what actions medical device manufacturers can do to address the problem. This leaves many organisations with nowhere to focus their attention.

By considering full lifecycle approach, this can allow medical device manufacturers to consider the right control at the right time for managing cybersecurity risk. This session supports and builds upon new research on cybersecurity practices and focuses primarily on the solutions to the problem. Attend this workshop to share and learn about best practices for managing cybersecurity.

Session Objectives:
In this interactive session you will work within groups to discuss and identify key practices through the product lifecycle including:
- Device development activities, such as planning cybersecurity into device requirements.
- Device verification and validation activities, such as considering the value of independence
- Design transfer and manufacturing activities, such as configuration control.
- Post-market activities, such as updates, post-market surveillance and market withdrawal
- Compliance with current standards and regulations, such as the FDA guidance documents for cybersecurity

11:30 AM ‘Cyber Threat’ – Considerations for Risk Management in the Product Lifecycle

With increasing cybersecurity threats, should this prompt new questions on the safety and effectiveness of medical devices? In this session discover how risk management of cybersecurity can be considered throughout your product lifecycle, including:
- Developing an understanding of key regulatory sources that include management of cybersecurity risk.
- Gaining an insight into original research into cybersecurity risk management practices for medical devices, including safety and effectiveness considerations.
- Debriefing on findings from the related conference workshop, and learning how others are considering cybersecurity in their product lifecycle.