Title: Combining GAMP5 And IoT Security Compliance Framework to Secure IoT Devices of the Healthcare Industry

Year of Publication: Nov - 2019
Page Numbers: 1-13
Authors: Eleftherios Sigioltzakis, Emmanouil Serrelis
Conference Name: The Fifth International Conference on Information Security and Digital Forensics (ISDF2019)
- Greece


The increasing use of IoT healthcare devices and their direct impact on human lives has transformed the need to secure them as an issue of paramount importance. Furthermore, it is important for this need of secure manufacturing and operation to be assured throughout the lifecycle of the devices, which requires the combination of high-quality frameworks and methodologies. Within this paper, the proposed combination of frameworks includes the Good Automated Manufacturing Practices (GAMP5), a risk-based approach for the compliance of Computerized Systems in the pharmaceutical and food industries, and IoT Security Compliance Framework (IoTS CF), a specialized compliance framework to guide an organization through the security assurance of IoT devices. The combination of those two frameworks is considered a novelty to both medical and IoT industries, utilizing effective visualization tools such as mind maps and matching tables. In addition, the development and implementation of a combined risk form assessment and management according to GAMP5 lifecycle phases in conjunction with the appropriate requirements of the IoTS CF has been developed to demonstrate the wide potential of such a combination.