Medical Device Focused Cybersecurity Services

Threat modeling and risk analysis through penetration tests and vulnerability assessments, completed with reports on recommended controls and mitigation practices

Cybersecurity Services

CriTech offers services during both Premarket and Postmarket.

Premarket Services

Our Premarket services are focused on identifying and mitigating cybersecurity risk.  We perform cybersecurity risk analysis and control to assess and recommend changes to the system design.  We then carry out various levels of testing to ensure the system correctly implements the cybersecurity risk mitigations.  Both static analysis and dynamic penetration testing are performed.  Key activities are:

  • Cybersecurity Threat Modeling, including identification of Trust Boundaries
  • Cybersecurity Risk Analysis – intended to assess the potential vulnerabilities, threats, and impacts of a device
  • Cybersecurity Risk Control Measures – intended to add risk control measure to each identified risk as well as its corresponding risk level
  • Vulnerabilities Assessment – identifies any known vulnerabilities inadvertently incorporated into the system's software
  • Penetration Testing – focused on ensuring proper implementation of the cybersecurity risk (requirements), exercising interfaces between the components, and misuse and fuzzy testing
  • Preparation of Software Bill of Materials (SBOM)
_0005_fmf_axZd4q

_0008_Layer 0

Postmarket Services

Our Postmarket services focus on the needs of ensuring any newly uncovered cybersecurity risk is identified and remediated quickly and efficiently.

  • Monitoring cybersecurity information sources for identification and detection of cybersecurity vulnerabilities and risk
  • Maintaining robust software lifecycle processes that include mechanisms for:
  • Monitoring third party software components for new vulnerabilities throughout the device’s total product lifecycle
  • Design verification and validation for software updates and patches that are used to remediate vulnerabilities, including those related to off-the-shelf software
  • Understanding, assessing, and detecting presence and impact of a vulnerability
  • Establishing and communicating processes for vulnerability intake and handling
  • Using threat modeling to clearly define how to maintain safety and essential performance of a device by developing mitigations that protect, respond, and recover from the cybersecurity risk

We look forward to talking with you!

We are ready to assist in getting your medical device software compliant and can start at any point during your life cycle process!

Contact Us