pre-market Cybersecurity solutions


Medical device vulnerability is a result of modern medical devices becoming more connected. They are connected to local databases, the cloud, and to patient's smart phones. Each one of these connections is a potential attack vector for hackers.

Premarket Cybersecurity Activities 

Promenade Software Security Experts can help you on appropriate cybersecurity activities for your device. Using a risk based approach, several options are often available to mitigate the determined risks, and your device specific technologies will be used to determine the best fit for you. We will help you:

  1. Perform a Risk Analysis to determine risks and appropriate protections for your product throughout its lifecycle.
  2. Ensure best-in-class user and device authentication, content integrity, and confidentiality of data, ensuring defensible in-depth security.
  3. Create a Cybersecurity Bill of Materials (CBOM) for active vulnerability monitoring in the field.
  4. Generate the necessary submission documentation for the FDA, including a the Design Documentation, Threat Model, Risk Analysis and Penetration Test Report.
  5. Generate the documentation package per the EU MDR MDCG 2019 - 16 Guidance for Cybersecurity in Medical Devices showing a Defense-in-Depth Design Strategy, and Feature Testing, Fuzz Testing, Vulnerability Scanning and Penetration Testing have been performed per the guidance.
EU MDR Medical device regulation European Commission logoFDA logo

Cybersecurity -  Risk Analysis 

The FDA guidance for Management of Cybersecurity in Medical Devices suggests that manufacturers perform a Risk Analysis approach to the cybersecurity management of there devices. Promenade Cybersecurity experts can assist you through the process, identifying and documenting the risks from your device's potential threats and vulnerabilities. We will help you to assess the potential impact to the end-users and patients, if the devices loses functionality or data integrity is compromised. 
If your device can connect to a network,  your device's vulnerabilities may be exploited to breach the security of the network, and that too will be addressed. We will advise you on suitable mitigation strategies to adhere to regulatory expectations, and the risk acceptance criteria established. 

Green circle with a Lock

Cybersecurity - Design Controls

Promenade Software Services use state-of-the-art security designs from the cloud and financial industries and incorporated them into prebuilt solutions for medical devices. The designs include:

  1. Private/Public key infrastructure for secure device authentication
  2. All communications over secure TLS tunnels
  3. State of the art encryption using RSA or Elliptic Curve Cryptography
  4. Easy certificate revocation in case of a breach 
  5. Secure remote service and authenticated cloud updates

Cybersecurity - Penetration Testing

Promenade Software Services include expert Penetration Testing of your Medical Device. We will analyze your device and attempt to exploit vulnerabilities in your devices security.
White Box and Black Box testing will be performed to assess your security gaps.

Contact Us for

PEN Testing
Office worker with headphones, laptop and two monitors

Cybersecurity Bill of Materials (CBOM)

The Cybersecurity Bill of Materials (CBOM) is a list of software components included in the device (including open source libraries and OTS software) that could be susceptible to vulnerabilities. This list is considered by the FDA as a critical element in identifying assets, threats and liabilities. Promenade can help you:

  1. Create a CBOM using our automated CBOM generation tools.
  2. Run the CBOM through the National Vulnerability Database (NVD), generating a list of known vulnerabilities of your device.
  3. Provide criteria for addressing, or rational for not addressing the list of vulnerabilities.
  4. Provide support for on-going vulnerability monitoring postmarket.
FDA logo with a green check markEU MDR with a yellow check mark logo

Cybersecurity - Documentation 

Promenade Software Services can guide you through the creation of the regulatory documentation to ensure your submission goes smoothly, whether for the FDA, MDR, or IVDR. We will collect the information for you, and help you create the necessary components in a way that satisfies both the U.S. and European regulations.

About Promenade Software

Promenade Software, Inc. specializes in software development for medical devices and other safety-critical applications.
Promenade is ISO 13485 and 9001 certified.

American Systems registrar

Promenade Software, Inc.
16 Technology Drive, Suite 100
Irvine, CA 92618, U.S.A.
phone: (949) 333-4634
Contact Form

© 2021 Promenade Software, Inc.