UL 2900-2-1
The UL 2900-2-1 standard is based on the general Software Cybersecurity for Network-Connectable Products standard and has been supplemented with the industry-specific standards of the healthcare industry. UL 2900-2-1 establishes the requirement for a quality management system that complies with ISO 13485, while also requiring software development to be compliant with IEC 62304. Medical device manufacturers must work through potential vulnerabilities in the device, generate protocols on fuzzing, perform penetration testing and implement a patch management system that regularly installs required updates for apps and operating systems before launching a new product.