Cybersecurity Solutions

Postmarket Cybersecurity Solutions for Medical Devices

The FDA released a guidance providing recommendations for Postmarket Cybersecurity Solutions management of Cybersecurity in medical devices. This is in response to Executive Order 13691, recognizing the need to enhance Cybersecurity in critical infrastructure. The guidance is applicable to medical devices that contain software and software as a medical device. The agency considers the adoption of a proactive Postmarket Cybersecurity approach as critical!

Managing Postmarket Cybersecurity is a complex endeavor, requiring highly technical staff and comprehensive processes. Promenade Software Inc. provides services compliant with the FDA guidance Postmarket Management of Cybersecurity in Medical Devices and IEC 29147 Vulnerability Disclosure Requirements. Our services include:

  1. Monitoring Cybersecurity information sources, understanding and detecting applicable vulnerabilities, and assessing the impact and risk to your medical device.
  2. Providing a Coordinated Vulnerability Disclosure Program, which can receive and handle information from external individuals and organizations.
  3. Development of mitigations to protect, respond and recover from risk.
  4. ISAO membership. ISAO membership is considered a critical component of a medical device manufacturers comprehensive and proactive management of cybersecurity threats.
CDRH Center for devices and Radiological health logo

Cybersecurity Bill of Materials (CBOM) and Vulnerability Monitoring

Promenade Software provides postmarket monitoring services. As part of this service, we will create your software Cybersecurity Bill of Materials (CBOM), if you do not already have it. Your CBOM includes all of the software components that comprise your system. These components are proactively monitored, and when a vulnerability is discovered, we recommend and provide the recommended updates and patches. Promenade will assess the specific risk for the device, coming from exploitable Cybersecurity vulnerabilities that may compromise the device, thereby creating an uncontrolled risk to patient or user safety.

Try our free Device Checker tool to see where your embedded Linux system stands today.

Coordinated Vulnerability Disclosure

Use Promenade's Coordinated Vulnerability Disclosure program to ensure IEC 29147 compliance. This service allows external individuals or organizations to report potential vulnerabilities through a web portal, customized with your branding. Promenade's team will immediately follow-up with the report, and acknowledge receipt. If we have information about the device system software, we can verify the report, inform the finder of status, and develop a resolution as appropriate. Additionally, in collaboration with our clients, we evaluate the risk and disseminate advisories to our client's customers.

 IEC 29147 compliance Security Techniques
Post market management of cybersecurity in medical devices

Cybersecurity Mitigation Development

Promenade Software has the technical expertise to remediate discovered vulnerabilities, bringing the device risk down to an acceptable level. Based on an assessment of uncontrolled risk, Promenade Software will identify and implement compensating controls, and provide a deployable strategy to bring the risk to essential clinical performance to an acceptable level.

If your system is in need of development of a complete and robust Cybersecurity implementation, please refer to:

Development Services for Cybersecurity

MedISAO  Membership

Promenade Software proudly sponsors MedISAO,  a registered Information Sharing Analysis Organization (ISAO) specifically for the Medical Device Industry. MedISAO is a focal point of cybersecurity information sharing and collaboration, offering its members with a variety of services to help monitor for applicable discovered vulnerabilities. Our ISAO clients receive up-to-date information relevant to their devices.

visit: for more information

Try our free Device Checker tool to see where your embedded Linux system stands today.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Promenade Software, Inc. specializes in software development for medical devices and other safety-critical applications.
Promenade is ISO 13485, and CypherMed Cloud is SOC2 Type II certified.

© 2022 Promenade Software, Inc.