> For the complete documentation index, see [llms.txt](https://mediam.gitbook.io/mediam/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mediam.gitbook.io/mediam/perspectives/conclusion/how-to-implement-regulatory-requirements.md). # How to implement regulatory requirements During the mediam project, we focused on the building blocks required to build healthcare services (IT, IoT, BMS) that are more dependable, safe and secure. [ETSI EN 303 645](https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf) provides a detailed list of requirements for IoT in particular. However, a key lesson is that we need a technology layer that removes silos, instead of strengthening the current divide between IT/CISOs and biomedical engineers. That's the reason why we prototyped towards a better convergence of IoT and datacenter environments. If we look back on the high level requirements analysed from regulations: | Regulatory requirement | Solution | Prototype status | | ---------------------------- | --------------------------------------- | ---------------------- | | Software patches and updates | scheduler + dependable DLU | Opensource + standard | | User authN/authZ | IETF GNAP | Opensource + standard | | Encryption | DIF KERI | Opensource + standard | | Secure network communication | Ockam workers or HTTP message signature | Opensource + standard | | Risk management | -- | Not included in medIAM | | Supply chain management | -- | Not included in medIAM | | Cybersecurity testing | -- | Not included in medIAM | While we focused on the protocols, we suggested ways to also cover the organizational requirements: * doCRA's notion of duty of care for cyber risk management fits well with healthcare values. Threat management is of particular importance, and could be managed using opensource databases (CVE) and software (ex: ) * cybersecurity testing can be done by organisms such as BSI, which made insightful studies referenced in the litterature section * supplychain management is arguably the hardest part to cover, because it is very vast. However, we provided tools for end to end encryption, which removes the requirement to get messages through third parties. We also provided tools for dependable updates from those vendors and tested requirements based on a mock user interface. Getting the full picture would require industrial use cases, such as those mentioned in the "designing new devices". --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mediam.gitbook.io/mediam/perspectives/conclusion/how-to-implement-regulatory-requirements.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.