Secure Product Development Framework & Services for
FDA Medical Device Cybersecurity Submissions

Cybersecurity content that supports the fastest possible premarket submissions and helps to avoid time-consuming deficiency letters

Secure Product Development Framework (SPDF) compliant to IEC 81001-5-1 and ANSI/ AAMI SW96:2023

Full range of complementary services available

Medical Device SPDF Documentation Package

Services Based on Standards and a SPDF

Section 524B of the Federal Food, Drug, and Cosmetic Act (FD&C Act), published October 2023, gave the FDA clear legal authority to mandate and enforce cybersecurity in medical devices. Enforcement started in October 2023.

The FDA’s expectations for cybersecurity content for pre-market submissions are mainly covered in two documents: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions and Postmarket Management of Cybersecurity in Medical Devices. BG Networks’ SPDF documentation and services not only comply with these recommendations but also incorporate additional requirements spread across other supporting FDA Guidance documents.

Collectively, FDA Cybersecurity related Guidance documents call for cybersecurity across the Total Product Lifecycle (TPLC) and the implementation of a Secure Product Development Framework (SPDF), meaning the FDA expects a Cybersecurity Management System approach that is risk-based and implemented from a device’s initial design stages to end of life. BG Networks comprehensive SPDF System does just that, integrating seamlessly with your current Quality Management System.

IEC 81001-5-1 and ANSI/AAMI SW96:2023 provide an excellent foundation for a risk-based cybersecurity QMS. Both were developed to complement existing QMS and risk processes (e.g., ISO 13485, ISO 14971) and are recognized by the FDA.

Our services, cybersecurity SPDF procedures, templates, and SPDF documentation package are based on these standards and were developed by experts with over 50+ years of medical device, quality management systems, and cybersecurity expertise.

Because our SPDF covers all requirements and recommendations, it ensures that your premarket submission will not be held up due to cybersecurity weaknesses and provides confidence in early FDA acceptance.

Cybersecurity Meddevices02 Cybersecurity Meddevices02
FDA Medical 01 FDA Medical 01

Off-the-Shelf SPDF Package

Our cybersecurity SPDF includes:

  • FDA Premarket Submission Templates: 15 templates covering all required documentation that directly matches eSTAR terminology.
  • SPDF Manual: A Cybersecurity Management System manual for medical devices.
  • SPDF Procedures & Templates: 25 procedures with 25 templates that guide SPDF activities for everything needed to successfully navigate an FDA inspection.

Webinar Series - Medical Device Cybersecurity - Free

Seven Off-The-Shelf Services Offerings

BG Networks offers a complete range of cybersecurity consulting services to help you prepare your pre-market submission with confidence that it will not be delayed due to cybersecurity weaknesses.
Our services include several options so you can choose to do it yourself, collaborate with a mix of training and services, or we can generate the complete cybersecurity submission for you. The seven options we offer are listed below.
  1. Cybersecurity Gap Assessment Services: First step to understand how much needs to be done and uses a broad range of standards and FDA Guidance documentation to ensure a comprehensive assessment.
  2. Premarket Submission Training: For our FDA premarket submission templates, so you can create everything needed to submit.
  3. Full Documentation Package Training: Covers implementation of a SPDF so you can establish a risk-based cybersecurity QMS. Ensures the right level of security is included in your medical devices and prepares your organization for an FDA inspection.
  4. FDA Cybersecurity and Full Documentation Package Training: Multi-day workshop covering cybersecurity fundamentals, FDA’s cybersecurity recommendations, cryptographic risk mitigation techniques, the use of our SPDF documentation package, and establishment of an SPDF.
  5. SPDF Integration Services: An SPDF and a QMS share common themes. These services ensure a smooth integration between your existing QMS/Risk Management processes and our cybersecurity SPDF. Resulting documentation will clearly connect cybersecurity and traditional safety processes, making sure these activities aren’t siloed.
  6. Full Premarket Submission Services: We’ll generate all cybersecurity documentation required for your FDA 510(k) or PMA submission.
  7. Full Premarket Submission and SPDF Services (includes training): In addition to generating everything required for a premarket submission, we will install a SDPF and train your team on using the SDPF for new medical device developments and post-market activities.

Please contact us for standard pricing information for these training and services options.

FDA Medical 03 FDA Medical 03

“The medical device industry is wide and deep where companies demonstrate broad ranges of regulatory and cybersecurity capabilities.  Recognizing that there is no “one size” that can “fit all”, we took the approach of providing a wide range of scalable offerings to meet our clients right where they are and provide them only what they need, “ says Eric Pettes, Medical Device Cybersecurity Services Lead at BG Networks, who has 25 years of experience in medical device QMS and cybersecurity.


In support of the training and services listed above, BG Networks’ cybersecurity competencies that will be leveraged include:

  • Threat analysis
  • Risk assessments
  • Creation of cybersecurity requirements and technical specifications
  • SBOM Generation
  • Threat mitigation, vulnerability, security, and penetration testing
  • Vulnerability monitoring

For More Information on Our SPDF Product & Services

For more information on our training and services, including our price list, please fill out this form or give us a call at 18887878708. Our product and services will enable the fastest possible generation of cybersecurity premarket submission materials.