Cybersecurity is a must for FDA approval
It’s important for your bottom line to bring your product to market as quickly as possible.
It’s been calculated (source: Qualio) that clearance of a Class 2 medical device, through the 510(k) pathway takes on average about 6 months.
For Class 3 products requiring PMA (Premarket Approval), this average time to clearance is a bit longer, about 8 months.
The FDA has taken steps to make sure their processes support speed to market. They guarantee an initial response within sixty days. And they’ve shortened the PMA time considerably.
But all too often, manufacturers don’t take security into account when applying. They lose precious time by getting their initial request denied and having to go back to square one.
Threat Modeling for speed to market
Getting FDA clearance for your medical device, is all about proving safety and efficacy. In recent years, the safety issue has been expanded heavily to include cybersecurity. Connected devices require rigorous review of their setup to make sure patients (or their privacy) aren’t at risk.
To get a speedy clearance, your entry has to include a strong security dossier. This is what Threat Modeling provides. When we Threat Model, we bring all parties involved (product owner, architect, R&D, developers) to the table to perform a full risk analysis. We completely draw out the design of the system in a Data Flow Diagram. This shows all components and dataflows and it illustrates important ‘trust boundaries’. Using this documentation, we create scenarios that might occur to threaten the safety of the product. We can then look at ways to mitigate those threats and reduce risk.
The result of this exercise is a complete understanding of the ‘cyber safety’ of the medical device. The Threat Model serves as a powerful cybersecurity dossier to support your FDA filing.
This is a living document.
If something changes in the architecture, or an element is added, we review the Threat Model to make sure the right choices are made and the diagrams are amended. This way, the Threat Model is always up-to-date with the current product version.
How Toreon can help
Our Threat Modeling team is ready to help you through all the steps necessary for you to gain FDA clearance. Our experts analyze the cybersecurity of your device with your team. This way, you gain full understanding of any issues at hand and are fully capable of fixing any vulnerability we might find.
Then we make sure to create a robust Threat Modeling dossier that will show without a doubt that you have cybersecurity under control.
We don’t quit until you reach your goal of FDA approval.
Medical Technology & Security Solutions
VLAIO Security Foundations
VLAIO’s Security Foundations is the most cost-effective solution on the market to bootstrap your security. Thanks to VLAIO’s security government grant, we can address your secure product, infrastructure, and compliance challenges at half the cost (only valid for Flemish SMEs).
ISO27001 is the most commonly used security standard in Europe for demonstrating adequate security towards interested stakeholders. Toreon has a strong track record with ISO27001 implementation projects.
Threat Modeling is a structured approach to identify and evaluate system threats, potential vulnerabilities and mitigating controls. It allows us to consider, document, and assess the security implications of conceptual designs on all layers of the solution.
Hear from our clients
Get in touch
Siebe De Roovere
Business Unit Director / Principal Consultant