Cybersecurity without compromise. How Sii ensures medical device reliability and quality  

Bringing a medical device to market is challenging, especially for companies with innovative ideas but limited resources and regulatory knowledge. The 2023 State of Cybersecurity for Medical Devices and Healthcare Systems report puts the increase in security vulnerabilities for healthcare software and firmware at 59%. Sii offers a comprehensive suite of services to help these companies overcome these challenges, focusing on critical areas like cybersecurity and compliance to ensure medical devices reach the market with the highest quality standards. Read on to discover how Sii specialists can support your endeavors from development to market entry.

Ensuring quality management, risk mitigation, and rigorous software testing

Sii takes an all-encompassing approach to medical device development, meticulously addressing every aspect, from quality management to cybersecurity.

A robust Quality Management System (QMS) ensures compliance and quality assurance in device development. Sii assists clients in navigating QMS complexities, helping them meet the highest standards, including establishing continuous risk management frameworks to identify, evaluate, and mitigate risks from early development to market entry.

— Continuous risk management is essential for the lifecycle of any medical device. Our frameworks help clients identify, assess, and mitigate risks effectively, ensuring safety and compliance — emphasizes Marcin Lis, Compliance and Medical Software Validation Specialist at Sii.

Thorough documentation is another critical component for compliance and smooth project progression. Delayed documentation can lead to significant setbacks. Sii experts help companies maintain detailed records throughout development, preventing last-minute issues.

Frequent changes in project scope can increase costs, cause delays, and compromise quality. Sii’s project management services ensure these changes are managed and documented carefully, aligning with project goals and regulatory requirements and maintaining project stability and focus.

Rigorous software testing is essential for risk-critical devices. Sii provides specialized software testing services, ensuring all requirements are met and potential issues are addressed before market release.

Complete cybersecurity solutions for medical devices

Securing medical devices against cyber threats is crucial in the face of ever-growing digital interconnectivity. Sii offers end-to-end support, starting with threat modeling and security architecture design, followed by implementation and continuous monitoring. Its cybersecurity experts deliver complete solutions to ensure the safety and integrity of the product.

Sii Medical Device Security Suite includes:

1. Threat modeling. Identifying security requirements, ranking potential threats, and prioritizing assets to address all possible security issues early.

2. Architecture and design. Tailoring a security architecture to the device’s needs and developing countermeasures for identified threats.

3. Implementation. Incorporating security best practices into the application code to mitigate vulnerabilities from the outset.

4. Verification. Conducting thorough vulnerability assessments and penetration tests to ensure the effectiveness of security measures.

5. Monitoring. Continuous monitoring and a Vulnerability Management process for prompt detection and response to security incidents.

6. Cybersecurity vs. ISO 14971. Balancing security and safety controls to align with ISO 14971, maintaining both without compromise.

— Cybersecurity is not just about protecting data; it’s about safeguarding patient trust and ensuring the integrity of medical devices. Our comprehensive cybersecurity support covers everything from threat modeling to continuous monitoring, providing our clients with the peace of mind that their devices are secure at every stage of development — comments Dawid Jankowski, Cybersecurity Competency Center Director at Sii.

Regulatory Assurance Suite by Sii

Meeting regulatory requirements is crucial for market entry and long-term success. Sii offers Regulatory Assurance Suite to help clients navigate the complex regulatory landscape and ensure compliance.

— Navigating the regulatory landscape is often one of the most daunting tasks for medical device companies. Our Regulatory Assurance Suite simplifies this process, ensuring that clients meet all necessary standards and regulations efficiently and effectively — says Dawid Jankowski.

Here’s what the Regulatory Assurance Suite covers:

1. Identifying regulatory requirements. Determining whether the product qualifies as a medical device and understanding the regulatory landscape for the target market.

2. Assessment. Evaluating the device’s current state, documentation, and development process against security requirements, best practices, and relevant regulations such as MDR 2017/745 or FDA 21 CFR Part 11.

3. Processes and documentation. Implementing necessary processes and creating comprehensive documentation, including setting up a QMS based on ISO 13485, a Risk Management system following ISO 14971, and a Software Development Life Cycle process based on IEC 62304.

4. Maintenance. Managing and maintaining processes and documentation, preparing medical device and Healthcare Software (SaMD) documentation for market release, and maintaining document control and traceability to ensure ongoing compliance.

5. Training. Providing targeted training sessions to equip the project team with the knowledge to manage compliance issues effectively, maintaining high standards throughout the product lifecycle.

Sii projects in medical device security, safety, and compliance

Sii consistently demonstrates expertise through successful projects that deliver custom solutions addressing specific client challenges, ensuring quality, security, and compliance.

Expanding US market reach for mobility-enhancing devices

A company specializing in mobility-enhancing products aimed to expand sales and enter the US market. Sii conducted a comprehensive review and assessment to ensure the company’s technical documentation complied with MDR requirements and ISO 14971 and updated software documentation per EN 62304. Additionally, Sii assisted with the transition from MDD to MDR, prepared FDA application documentation, and oversaw conformity assessments with IEC 60601 standards. These efforts ensured the company’s regulatory compliance and supported its expansion into the US market.

Securing IoT devices with advanced PKI solutions for Qiagen

In another project, Qiagen, a leader in delivering solutions for molecular testing and one of the most dynamically growing biotechnology companies focused on digital transformation, introduced new IoT devices connected to a central application hosted in Azure Cloud. The company sought advice on securing these devices, particularly in authentication and certificate management.

Sii specialists reviewed the initial design of the planned Public Key Infrastructure (PKI) solution, designed and proposed an updated PKI architecture, provided detailed documentation of required security controls, and suggested improvements for future versions. These actions ensured robust security for the client’s IoT devices, enhancing their overall system security.

Enhancing ultrasound scanner performance

Sii’s proficiency was also evident in its work with a prominent medical device manufacturer needing support in developing its 2D and 3D ultrasound scanners to improve quality and develop new software components. Sii assembled a team of C++ engineers and testers to enhance system stability and reliability, extend system self-diagnostics, optimize DICOM transmission and setup, and improve data transfer reliability – all this to enable healthcare professionals to view, store, and share medical images across supported equipment while meeting the stringent requirements of the healthcare sector.

Partnering with Sii for success in medical device development

Developing medical devices demands technical know-how, strict compliance, and steadfast dedication to quality and safety. Sii is a dependable partner, providing comprehensive support throughout the process, including risk assessment, hardware and software development, thorough documentation, and help with certification.

— Our mission is to help companies navigate the complex realities of development and compliance, ensuring their innovations reach the market safely and efficiently. We take pride in providing tailored solutions that adhere to the highest security and quality standards — concludes Wojciech Drescher, Head of Healthcare at Sii.