Threat Model Readiness
We check whether assets, hazards, attack paths, mitigations, and residual risks are traceable enough for regulatory review.
Know where your device cybersecurity file is exposed before submission.
We check whether assets, hazards, attack paths, mitigations, and residual risks are traceable enough for regulatory review.
We review component visibility, known-vulnerability handling, update logic, and monitoring responsibilities before they become review questions.
We test the logic between architecture, security testing, labeling, and post-market processes so claims are supported by usable evidence.
You know what you are buying, what we need from you, what is included, and where remediation or testing becomes a separate workstream.
Request assessmentFor Korea, we map the file against MFDS cybersecurity expectations, SaMD and AI-related considerations, Korean technical documentation needs, and the applicable technical-document review route.
Threat model, SBOM, architecture, vulnerability process, security testing evidence, labeling, and post-market controls.; Penetration testing execution, software redesign, threat-model authoring, and authority filing unless separately scoped.
Cybersecurity gap matrix with severity, rationale, owner, and recommended action.; Working session to align regulatory, software, QA, and security owners.
Typically 2-4 weeks after complete intake.; Kickoff, intake check, technical review, gap report, and review meeting.
Architecture, intended use, data flows, SBOM, risk file, test reports, labeling, and vulnerability process.; Access to engineering or security SMEs for clarification.
One consolidated feedback round on the report after delivery.; Email or shared workspace for written decisions and document control.
Fixed fee when file scope and inputs are clear.; Remediation, testing, authoring, and submission management are scoped separately.
Reviewed the threat model, SBOM, and vulnerability process before submission and separated defensible evidence from remediation work.
Mapped a changed software architecture to security evidence, labeling updates, and post-market monitoring responsibilities.
Common questions about cybersecurity gap analysis for medical devices.