The FDA released a guidance providing recommendations for Postmarket Cybersecurity Solutions management of Cybersecurity in medical devices. This is in response to Executive Order 13691, recognizing the need to enhance Cybersecurity in critical infrastructure. The guidance is applicable to medical devices that contain software and software as a medical device. The agency considers the adoption of a proactive Postmarket Cybersecurity approach as critical!
Managing Postmarket Cybersecurity is a complex endeavor, requiring highly technical staff and comprehensive processes. Promenade Software Inc. provides services compliant with the FDA guidance Postmarket Management of Cybersecurity in Medical Devices and IEC 29147 Vulnerability Disclosure Requirements. Our services include:
Promenade Software provides postmarket monitoring services. As part of this service, we will create your software Cybersecurity Bill of Materials (CBOM), if you do not already have it. Your CBOM includes all of the software components that comprise your system. These components are proactively monitored, and when a vulnerability is discovered, we recommend and provide the recommended updates and patches. Promenade will assess the specific risk for the device, coming from exploitable Cybersecurity vulnerabilities that may compromise the device, thereby creating an uncontrolled risk to patient or user safety.
Try our free Device Checker tool to see where your embedded Linux system stands today.
Use Promenade's Coordinated Vulnerability Disclosure program to ensure IEC 29147 compliance. This service allows external individuals or organizations to report potential vulnerabilities through a web portal, customized with your branding. Promenade's team will immediately follow-up with the report, and acknowledge receipt. If we have information about the device system software, we can verify the report, inform the finder of status, and develop a resolution as appropriate. Additionally, in collaboration with our clients, we evaluate the risk and disseminate advisories to our client's customers.
Promenade
Software has the technical expertise to remediate discovered vulnerabilities, bringing the device risk down to an acceptable level. Based on an assessment of uncontrolled risk, Promenade Software will identify and implement compensating controls, and provide a deployable strategy to bring the risk to essential clinical performance to an acceptable level.
If your system is in need of development of a complete and robust Cybersecurity implementation, please refer to:
Promenade Software proudly sponsors MedISAO, a registered Information Sharing Analysis Organization (ISAO) specifically for the Medical Device Industry. MedISAO is a focal point of cybersecurity information sharing and collaboration, offering its members with a variety of services to help monitor for applicable discovered vulnerabilities. Our ISAO clients receive up-to-date information relevant to their devices.
visit: medISAO.com for more information
Try our free Device Checker tool to see where your embedded Linux system stands today.