Medical Device Manufacturer Secure Development Lifecycle

Managing the software supply chain (including commercial, open source, and contracted components) within the Secure Software Development Lifecycle requires pre- and post-market management of cybersecurity starting with supplier candidate evaluation and selection, software and documentation delivery, to ongoing management during the device’s lifecycle.

A mature Secure Software Development Lifecycle program requires consideration and consistent management from premarket through postmarket.

Premarket activities include: defining security requirements, inclusion in architecture and design, implementation, and throughout testing and release for sale, all supported by the appropriate set of security documentation.

Postmarket activities include monitoring, vulnerability mitigation and management, software and documentation maintenance, and lifecycle-related customer communication.

During the postmarket phase, device owners and operators, typically a healthcare delivery organization (HDO), will require security-specific communication and support. They will define their security requirements during procurement and expect continual security maintenance (e.g., vulnerability disclosure, patching) during the device’s useful life until final decommission.

A mature Secure Software Development Lifecycle requires tight integration between engineering and release processes with supply chain and customer (HDO) needs, all supported by the appropriate security tools, technologies, processes, and training.

Want to learn more about developing medical devices that are secure by design? Reach out to us at info@medcrypt.com and discover how we help build devices that are secure by design.

‍