Medical device cybersecurity consultancy & training
Drawing from extensive experience in risk management within medical device, hardware, and software development, Lorit Consultancy Team is your trusted partner for navigating the complexities of medical device cybersecurity. From AAMI TIR 57 to NIST SP 800-30 and IEC 81001-5-1, we guide you through the latest standards, providing insights into methodologies for asset and vulnerability analysis.
Whether consultancy, support, or training – we excel in guiding you towards safe and secure product design, aligning with FDA cybersecurity guidance and relevant EU regulations.
In the dynamic field of the medical device industry, our firm leverages years of project experience to guide you through numerous standards and guidelines used to assess, mitigate and verify satisfactory cybersecurity implementation.
We can support you in implementing strategies like the Secure Product Development Lifecycle (SPDL) defined in the IEC 623443 series, ensuring your cybersecurity measures are aligned with industry best practices. Our expertise covers the cybersecurity risk management processes outlined in NIST SP 800-30 and AAMI TIR 57, drawing their connection to ISO 14971. We conduct vulnerability analyses using frameworks such as the Common Vulnerability Scoring System (CVSS) and Microsoft STRIDE.
Post-market activities are integral to the development of medical devices, and our firm is adept at guiding you through the formulation and execution of your post-market cybersecurity strategy. We provide consultation on aligning cybersecurity assessments with ISO 14971 risk management activities. Recognizing the evolving nature of the cybersecurity landscape, we help establish strategies for ongoing assessment, ensuring an acceptable residual risk is maintained.
Consultancy & Support:
- Security analysis, evaluation and control
- Definition of security solutions
- Post-market monitoring
Our services extend to defining product hardening techniques to reduce vulnerabilities and establishing robust verification strategies such as fuzz and penetration testing.
We support you with tool choices e.g. the choice of Software Composition Analysis tools and provide expertise in managing your Software of Unknown Provenance (SOUP), along with guidance on generating and overseeing Software Bill of Material (SBOM). With extensive experience, we specialize in post-market cybersecurity strategies, referencing standards like AAMI TIR 97.
We offer (online) training courses that can be customised to meet your requirements in terms of date, format and content.
Our cybersecurity course for medical devices relates to cybersecurity in general, with references to international standards such as ISO 14971, AAMI TIR 57 and NIST. In addition to a comprehensive overview, we also provide detailed insights into the areas of analysis and methods.
In this way, you learn how cybersecurity becomes an integral part of your projects and benefit from our industry knowledge and experience.