professional Services

Postmarket Cybersecurity for Medical Devices

The FDA  released a guidance providing recommendations for Postmarket management of Cybersecurity in medical devices.  This is in response to Executive Order 13691, recognizing the need to enhance Cybersecurity in critical infrastructure. The guidance is applicable to medical devices that contain software and software as a medical device. The agency considers the adoption of a proactive Postmarket Cybersecurity approach as critical!

Managing Postmarket Cybersecurity is a complex endeavor, requiring highly technical staff and comprehensive processes. Promenade Software Inc. provides services compliant with the FDA guidance Postmarket Management of Cybersecurity in Medial Devices and IEC 29147 Vulnerability Disclosure Requirements. Our services include:

  1. Monitoring Cybersecurity information sources, understanding and detecting applicable vulnerabilities, and assessing the impact and risk to your medical device.
  2. Providing a Coordinated Vulnerability Disclosure Program, which can receive and handle information from external individuals and organizations.
  3. Development of mitigations to protect, respond and recover from risk.
  4. ISAO membership. ISAO membership is considered a critical component of a medical device manufacturers comprehensive and proactive management of cybersecurity threats.

Cybersecurity Monitoring

Promenade Software provides postmarket monitoring services for our clients for whom we provided software content, or can provide their software content.  In addition to proactively recommending and providing routine updates and patches, Promenade also will assess the specific risk for the device, coming from exploitable Cybersecurity vulnerabilities that may compromise the device, thereby creating an uncontrolled risk to patient or user safety.

Try our free Device Checker tool to see where your embedded Linux system stands today.

Coordinated Vulnerability Disclosure

Use Promenade's Coordinated Disclosure program to ensure IEC 29147 compliance. This service allows external individuals or organizations to report potential vulnerabilities through a web portal, customized with your branding. Promenade's team will immediately follow-up with the report, and acknowledge receipt. If we have information about the device system software, we can verify the report, inform the finder of status, and develop a resolution as appropriate. Additionally, in collaboration with our clients, we evaluate the risk and disseminate advisories to our client's customers.

Cybersecurity Mitigation Development

Promenade Software has the technical expertise to remediate discovered vulnerabilities, bringing the device risk down to an acceptable level. Based on an assessment of uncontrolled risk, Promenade Software will identify and implement compensating controls, and provide a deployable strategy to bring the risk to essential clinical performance to an acceptable level.

If your system is in need of a Cybersecurity solution, see our Pre-market solution development services for Cybersecurity.

ISAO Membership

Promenade Software proudly sponsors MedISAO,  a registered Information Sharing Analysis Organization (ISAO). MedISAO is a focal point of cybersecurity information sharing and collaboration, specifically for medical devices.  Our ISAO clients receive up-to-date information relevant to their devices.

visit: medISAO.com for more information

Try our free Device Checker tool to see where your embedded Linux system stands today.

About Promenade Software

Promenade Software, Inc. specializes in software development for Medical Devices and other safety-critical applications.

Contact

Promenade Software, Inc.
16 Technology Drive,  Suite 100
Irvine, CA 92618 
U.S.A.
info@promenadesoftware.com
(949) 329-8570
Go to Contact Form

© 2016 Promenade Software, Inc.