The FDA’s “Refuse to Accept” cybersecurity policy went into effect October 2023.  Japan will require evidence that a cyber-secure software development process called IEC 81001-5-1 has been followed. In the EU, MDR will adopt that same development process.  The movement of these agencies in North America, Europe, and Japan to require cybersecurity has been spurred by exposure of multiple security vulnerabilities in medical devices leading to significant risk to patient safety. 

BG Networks offers a full range of cybersecurity consulting services to help you prepare your pre-market submission in the shortest amount of time and will give you confidence that it will be accepted.  

BG Networks’ services, specially tailored for medical device cybersecurity, include: 

• Establishing a regulation-complaint Secure Product Development Framework (SPDF) for security-by-design development 
• IEC 81001-5-1 compliant SPDFs  
• Threat and risk assessments of your medical device 
• Development of secure embedded software, including software updates 
• Generation of SBOMs   
• Threat mitigation, vulnerability, and penetration testing  
• Vulnerability monitoring  

 BG Networks services are unique as we also develop cybersecurity automation tools that we use when providing services. This results in less time to complete tasks, reduces costs, and gets your device to market sooner.  In particular, BG Networks offers security automation tools for penetration testing and development of embedded security software that we use when consulting.