Cybersecurity
Engineering
We can help you to design a secure system from the beginning (secure design principles, first time right).
We can analyse your system for vulnerabilities (reverse engineering, code reviews, penetration testing, brute force, fuzz testing, DOS attacs, man in the middle, spoofing, eavesdropping, SQL injection, buffer overflow, etc.)
We can provide you a detailed test report, identifying vulnerabilities and proposing mitigation actions or demonstrating cybersecurity. This report fulfils medical device regulations and can be used for submission.
Quality by Design / Process Controls / Design Controls
Cybersecurity Planning
Cybersecurity Analysis (Vulnerability Analysis, Thread Modeling, I/O Analysis, etc.)
Cybersecurity Architectural and Detailed Design (secure design principles)
Cybersecurity Implementation (secure coding standards)
Cybersecurity Unit/Item/System Testing
Cybersecurity Release (Checklists)
Risk Management and Usability Engineering
Cybersecurity Risk Management according to ISO 14971, AAMI TIR57, Guidelines Worldwide and Usability Engineering according to IEC 62366-1
Identification of assets, attack vectors, threats and vulnerabilities and define mitigation actions to demonstrate cybersecurity
Assessment of the impact of threats and vulnerabilities on safety, device functionality, usability and end user/patients
Define security risk assessment criteria
Determination of risk levels and suitable mitigation strategies
Assessment of residual risk and risk acceptance criteria
5 Functions Principle: Identify, Detect, Protect, Respond, Recover
Cybersecurity must not compromise the safety, the essential functioning and usability of the medical device (trade-off)
Post-Market-Surveillance
We analyze the market for new assets, threats, vulnerabilities and trends and can help you to establish periodic security update reports for your device.
We can help you to receive, review, assess, address and disclose security issues post market.
In conclusion: We provide the entire range of cybersecurity services to make your device secure, be compliant with medical device regulations worldwide and therefore ready to submit and launch your product. We can help you with establishing a cybersecurity concept, designing, usability, risk assessing, implementing, testing, documenting/reporting and submitting your device according to medical device regulations worldwide.