FAQ

Healthcare

Standards: IEC 62443, IEC 81001-5-1, IEC 80001-1, IEC/TR 80001-2-x, IEC/TR 60601-4-5; IEC 62304; IEC 82304

Legislation: MDR, NIS2, GDPR, CSA

IEC 81001-5-1 focuses on producers of “medical software”. This encompasses not only medical devices, but also other software used in healthcare. The EU is currently planning to harmonise IEC 81001-5-1, with a current target date of May 2024.

In addition to the aforementioned compliance with statutory regulations, certification offers further, demonstrable benefits, such as:

  • Improved processes, products and services
  • Improved response to incidents and risk management
  • Excellent company reputation and the trust of clients
  • Greater competitiveness on foreign markets
  • Strengthening of cooperation with healthcare providers

In this respect, IEC 62443 also deals with the relationship with health delivery organisations (HDO), which share responsibility for cyber security with producers. One of the goals, for example, is to ensure that operators of IT systems have sufficient information about the secure operation of products from the producers.

Operators must, for example, inform producers immediately about problems with IT security so that they can work together to find a solution quickly.

Industry

Standards: IEC 62443, ETSI EN 303 645

Legislation: RED, CSA, NIS2, GDPR, AIA, CRA

In general it can be said that the key event will be the introduction of NIS2, the basis for the amendment of the Cybersecurity Act in the Czech Republic. This should occur in the second half of 2024, and other European directives will gradually follow.

For the majority of the aforementioned European guidelines and directives, the IEC 62443 and ETSI EN 303 645 standards are listed as adequate for fulfilment of the majority of cybersecurity requirements in this area. By introducing these standards and having your organisation certified according to them, you ensure that it will all current and future cybersecurity requirements in valid legislation.

In addition to the aforementioned compliance with statutory regulations, certification offers further demonstrable benefits, such as:

  • Proven cybersecurity management capability for partners in the supply chain
  • Improved processes, products and services
  • Improved response to incidents and risk management
  • Excellent company reputation and the trust of clients
  • Greater competitiveness on foreign markets

State administration

The amendment to the Cybersecurity Act was based on the Regulation of the European parliament and of the Council, known as NIS2, and should come into effect in the second half of 2024. The most fundamental point of the amendment to the Cybersecurity Act is the expansion of its scope – it will now apply to a minimum 6,000 entities. For further information on the topic, see the website of the Czech National Cyber and Information Security Agency (NUKIB): New EU Directive on Cyber Security (nukib.gov.cz/en/)

Others

The area of information systems is governed by standards ČSN ISO/IEC 27001 (ISMS) – information (information system) security management systems
and ČSN ISO/IEC 20000-1 – information (information system) security management systems.

The most common IT system vulnerabilities include:

  • non-compliance with applicable standards (RFC, W3C, ISO)
  • inconsistent device configuration (redundant/unused network services, poor encryption).
  • inconvenient network topology
  • poor knowledge of management/operation.
  • disorder

Public administration information systems are systems defined in Act No. 365/2000 Sb., on Information System in Public Administration, as amended. Section 3 paragraph 1 of the Act defines the information system of public administration as a “set of information systems used for the performance of public administration“.

Operating systems, web browsers, email clients, text editor and spreadsheets by themselves are not public administration information systems.

Yes, not only public authorities, but also commercial entities which supply information systems for public administration can apply for certification.

Yes, training services can be ordered at our website: www.ezuedu.cz, where we regularly provide a list of all training courses, not only in IT certification. If you want a course tailored to your needs, you can apply for it here.

Electrotechnical Testing Institute is a holder of a number of certificates. The most important certificates in the IT area include Accreditation Certificate No. 42/2017 (product certification), Accreditation Certificate No. 48/2018 (Inspection Authority – public administration information system), and  Accreditation Certificate No. 487/2017 (management system certification).