Information Security Management Systems (ISO 27001)

ISO 27001 is an international standard for Information Security Management Systems (ISMS). It defines requirements to protect an organization’s data from threats such as cyberattacks, theft, loss, or unauthorized access. While ISO 27001 does not guarantee full compliance with the NIS2 Directive (which mandates strict cybersecurity measures), it provides a solid foundation, addressing key requirements such as risk management, incident management, and supply chain security.

Both ISO 27001 and NIS2 apply to multiple sectors, including the medical device industry, as all medical device manufacturers fall under the NIS2 scope. In particular, software manufacturers, including those producing medical software, are considered economic operators involved in information security and cybersecurity.

Maytal can support any company seeking certification under these standards (e.g., manufacturers, importers, distributors of medical devices and IVDs) by:

• Implementing an Information Security Management System in compliance with ISO 27001 and cybersecurity measures aligned with the NIS2 Directive

• Conducting internal audits and supplier audits for outsourced processes

• Assisting the company during the certification audit