Cybersecurity Labelling Scheme for Medical Devices (Level 1)
The Cybersecurity Labelling Scheme for Medical Devices (Level 1) is issued by the Cyber Security Agency of Singapore (CSA) for medical devices that meet specific cybersecurity provisions. This voluntary scheme aims to enhance cybersecurity awareness and is valid for up to 3 years, with processing typically completed in 1 day.
- Validity
- Up to 3 years
- Processing time
- 1 day
- Issuing authority
- CYBER SECURITY AGENCY OF SINGAPORE (CSA)
Need help applying for this licence?
We handle the full application — document prep, agency liaison, follow-up — alongside your incorporation.
Who needs the Cybersecurity Labelling Scheme for Medical Devices (Level 1)
This licence applies to Singapore businesses registered under the following SSIC industry codes:
- Voluntary / supplementaryDivision 21 — MANUFACTURE OF PHARMACEUTICALS AND BIOLOGICAL PRODUCTS
Includes: 21011 Manufacture of pharmaceutical intermediates and fine chemicals for human use, 21012 Manufacture of pharmaceutical products and preparations for human use, 21013 Manufacture of pharmaceutical products for veterinary use, 21021 Manufacture of vaccines for human use
- Voluntary / supplementaryDivision 26 — MANUFACTURE OF COMPUTER, ELECTRONIC AND OPTICAL PRODUCTS
Includes: 26111 Manufacture of discrete devices, 26112 Semiconductor wafer fabrication, 26113 Assembly and testing of semiconductors, 26114 Manufacture of solar wafers
What's involved in getting the Cybersecurity Labelling Scheme for Medical Devices (Level 1)
The scope of the application — what must be in place, how the agency reviews, and where applications typically stall.
What this licence allows the business to do
The Cybersecurity Labelling Scheme for Medical Devices (CLS(MD)) enables manufacturers to label their medical devices according to their cybersecurity provisions. This label serves as an assurance to consumers and healthcare providers regarding the security level of the devices, promoting informed decision-making in the healthcare sector.
What must be in place before the licence can be granted
Before the CLS(MD) can be granted, certain prerequisites must be fulfilled. A Declaration of Conformity is required, indicating that the device meets the relevant cybersecurity level security provisions. Additionally, a Supporting Evidence Document must be provided, demonstrating compliance with these requirements. This documentation is crucial for the agency's assessment of the device's cybersecurity capabilities.
How the agency reviews and decides
The Cyber Security Agency of Singapore (CSA) reviews the submitted documentation to ensure that the medical device complies with the necessary cybersecurity standards. This review process includes evaluating the Declaration of Conformity and the Supporting Evidence Document to confirm that the device meets the specified criteria for the cybersecurity label.
Common reasons applications stall
Applications for the CLS(MD) may experience delays due to incomplete documentation or insufficient evidence demonstrating compliance with cybersecurity requirements. A lack of clarity in the Declaration of Conformity or failure to provide adequate supporting evidence can lead to complications. Ensuring that all required documents are thorough and accurately reflect the device's capabilities is essential to avoid these common pitfalls.
Required documents and prerequisites
Items the applicant typically needs ready before submitting:
- Declaration of Conformity
- To declare that the device met with the relevant cybersecurity level security provision.
- Supporting Evidence Document
- To provide evidence that demonstrates the product's compliance with requirements.
- Download application templates here.
Cybersecurity Labelling Scheme for Medical Devices (Level 1) FAQ
Do I need this licence to start operating?
While the Cybersecurity Labelling Scheme for Medical Devices (CLS(MD)) is voluntary, obtaining this label can enhance the credibility of your medical device in the market. It is advisable for manufacturers aiming to demonstrate their commitment to cybersecurity.
What can my business do once licensed?
Once a medical device is labeled under the CLS(MD), it can be marketed with a recognized cybersecurity label, indicating its compliance with established cybersecurity standards. This can enhance consumer trust and potentially increase market competitiveness.
What happens if I operate without it?
Operating without the CLS(MD) label does not prevent a business from selling medical devices; however, it may limit the device's appeal to consumers and healthcare providers who prioritize cybersecurity. The absence of a label may raise concerns about the device's security measures.
What's the most common reason applications get rejected?
The most common reasons for rejection include incomplete documentation, such as missing the Declaration of Conformity or insufficient supporting evidence demonstrating compliance with cybersecurity provisions. Ensuring all required documents are complete and accurate is crucial.
Can a foreign-owned company hold this licence?
Yes, foreign-owned companies can apply for the Cybersecurity Labelling Scheme for Medical Devices (CLS(MD)). However, they must ensure that their medical devices meet the necessary cybersecurity standards and provide the required documentation for assessment.
Get a quote — incorporation + this licence
We package this with your company setup so you launch with the licence already approved.
Other CSA licences
Cybersecurity Labelling Scheme for Medical Devices (Level 2)
The Cybersecurity Labelling Scheme for Medical Devices (Level 2) is issued by the Cyber Security Agency of Singapore (CSA) for medical devices that meet specific cybersecurity provisions. This voluntary scheme aims to enhance cybersecurity awareness and practices among manufacturers. The label is valid for up to 3 years, with processing typically completed in 2 days.
Cybersecurity Labelling Scheme for Medical Devices (Level 3)
The Cybersecurity Labelling Scheme for Medical Devices (Level 3) is issued by the Cyber Security Agency of Singapore (CSA) for medical devices that handle personal identifiable information and connect to other systems. The licence is valid for up to 3 years, with processing typically completed in 1 month.
Cybersecurity Labelling Scheme for Medical Devices (Level 4)
The Cybersecurity Labelling Scheme for Medical Devices (Level 4) is issued by the Cyber Security Agency of Singapore (CSA) for medical devices that meet specific cybersecurity provisions. Valid for up to 3 years, the processing time for this scheme is approximately 3 months.