What is UL 2900?

UL 2900 is a series of standards published by UL (formerly Underwriters Laboratories), who is a global safety consulting and certification company. UL 2900 sets cyber security standards on “smart” devices, aka devices that have network connectable functionality.

UL 2900 is a part of the UL CAP, which is a certification program for evaluating IoT security of network-connectable products and systems.

Who Must Follow UL 2900?

Generally, UL 2900 applies to manufacturers who create devices or hardware with network connectable functionality. This includes network connectable products (governed by UL 2900-1), medical and healthcare systems (UL 2900-2-1), industrial control systems (UL 2900-2-2), and security and life safety signaling systems (UL 2900 2-3). 

GRC Tool Meeting

What are the Requirements of UL 2900?

UL 2900 has product documentation and technical requirements that manufacturers should follow. Most of the product documentation standards are already required by other regulations like IEC 62304, but there is an additional documentation requirement for UL 2900 that is essentially a summary of the efforts taken to meet the technical requirements listed below.

The technical requirements are grouped in the following topics:

  • Risk controls applicable to software design,
  • Access controls and user authentication,
  • Use of cryptographically secure mechanisms,
  • Remote communication integrity and authenticity,
  • Confidentiality of sensitive data,
  • Product management in post-market: security updates, decommissioning,
  • Validation of tools and processes from a security standpoint,
  • Vulnerabilities exploits and software weaknesses,
  • Testing strategies and code reviews,
  • Static and dynamic analysis.
Healthcare Compliance and UL 2900 Compliance

Getting Started with UL 2900

Do you have questions regarding how to get started with UL 2900 compliance? Red Lion professionals are knowledgeable, experienced, and always willing to help. Contact us below to get on the road to UL 2900 compliance!

Let Red Lion Assist in your UL 2900 Compliance

Do you still have questions regarding UL 2900? Our compliance professionals can help you to understand and comply with UL 2900, regardless of complexity.

Contact Us Today

Other Regulations & Services That You May Be Interested In:

HIPAA

Health Insurance Portability and Accountability Act

SOX

The Sarbanes-Oxley Act
Translate »

Discover the treasures or trouble that lie hidden in your processes

Taco Bell Goes From -16% Earnings to $1.98 Billion Valuation By Re-engineering Core Processes.
Microsoft Azure experienced 4.46 billion hours of collective downtime after their standard deployment process was not followed correctly.
Triaster calculates that one client saved over £300,000 per year by improving just one process
NASA’s Process Failure Resulted in the Disintegration of $193 million Mars Climate Orbiter Satellite
Previous
Next

Share Your Email below to get a free quote for
Red Lion's Business Process Mapping Services.

CLICK HERE to Learn More About This Service

no thanks, maybe next time.