pre-market Cybersecurity solutions

Cybersecurity -  the Problem 

Medical devices around the world have been exposed as vulnerable.  The Department of Homeland Security revealed last year that it is investigating Cybersecurity vulnerabilities in a wide range of medical equipment, from medical imaging devices to hospital networking systems. From infusion pumps to pace-makers, devices and their manufacturers have been in the news.  Promenade Software has experts on staff, and solutions to help you make sure your device is secure.
Medical device vulnerability is a result of modern medical devices becoming more connected. They are connected to local databases, the cloud, and to patient's smart phones. Each one of these connections is a potential attack vector for hackers.

Premarket Cybersecurity Activities 

Promenade Software Security Experts can help you on appropriate cybersecurity activities for your device. Using a risk based approach, several options are often available to mitigate the determined risks, and your device specific technologies will be used to determine the best fit for you. We will help you:

  1. Perform a Risk Analysis to determine appropriate protections for your product's lifecycle.
  2. Ensure best-in-class user and device authentication, content integrity, and confidentiality of data.
  3. Create a Cybersecurity Bill of Materials (CBOM) and do active vulnerability monitoring through the device's lifecycle.
  4. Generate the necessary submission documentation.
Frances Cohen of Promenade Software with Marcel Hill of Intertek discussing Cybersecurity for the Med Tech Monday Conference in Irvine.

Cybersecurity -  Risk Analysis 

The FDA guidance for Management of Cybersecurity in Medical Devices suggests that manufacturers perform a Risk Analysis approach to the cybersecurity management of there devices.  Promenade Cybersecurity experts can assist you through the process, identifying and documenting the risks from your device's potential threats and vulnerabilities.  We will help you to assess the potential impact to the end-users and patients, if the devices loses functionality or data integrity is compromised. 
If your device can connect to a network,  your device's vulnerabilities may be exploited to breach the security of the network, and that too will be addressed. We will advise you on suitable mitigation strategies to adhere to regulatory expectations, and the risk acceptance criteria established. 

Cybersecurity - Controls

Promenade Software Services use state-of-the-art security designs from the cloud and financial industries and incorporated them into prebuilt solutions for medical devices. The designs include:

  1. Private/Public key infrastructure for secure device authentication
  2. All communications over secure TLS tunnels
  3. State of the art encryption using RSA or Elliptic Curve Cryptography
  4. Easy certificate revocation in case of a breach 
  5. Secure remote service and authenticated cloud updates

Cybersecurity Bill of Materials (CBOM)

The Cybersecurity Bill of Materials (CBOM) is a list of software components included in the device (including open source libraries and OTS software) that could be susceptible to vulnerabilities. This list is considered by the FDA as a critical element in identifying assets, threats and liabilities. Promenade can help you:

  1. Create a CBOM using our automated CBOM generation tools.
  2. Run the CBOM through the National Vulnerability Database (NVD), generating a list of known vulnerabilities of your device.
  3. Provide criteria for addressing, or rational for not addressing the list of vulnerabilities.
  4. Provide support for on-going vulnerability monitoring postmarket.

Cybersecurity - Documentation 

Promenade Software Services can guide you through the creation of the regulatory documentation to ensure your submission goes smoothly. We will collect the information for you, and help you:

  1. Create a list of all cybersecurity risks considered
  2. Create a list and justification for all controls that were established for your device, and verify they are listed in the device requirements
  3. Create a traceability matrix of risk to controls
  4. Create a plan for software upgrades.
  5. Document summary of controls that will assure that the device software will maintain its integrity
  6. Create instructions for use, as it pertains to maintaining cybersecurity for the intended use.
  7. Generate CBOM vulnerability report with controls and justifications as applicable.
About Promenade Software

Promenade Software, Inc. specializes in software development for medical devices and other safety-critical applications.
Promenade is ISO 13485 and 9001 certified.


Promenade Software, Inc.
16 Technology Drive, Suite 100
Irvine, CA 92618, U.S.A.
phone: (949) 333-4634
Contact Form

© 2019 Promenade Software, Inc.