Cybersecurity Risk Management and Procurement Support


  • Have you identified cyber risks for your connected medical technology before bringing it to market?  
  • How do your risk management decisions impact your ability to complete procurement processes?
  • How can early cybersecurity assessments mitigate concerns, and delays to market, and facilitate regulatory compliance?

Cybersecurity risk is no longer relegated to computers and personal devices. Digital threats are part of any item with network connectivity, including medical devices. Our team can help you define your attack surface, attack vectors, and assets to be protected. We’ll help you identify those vulnerabilities that potentially impact functionality for users and outcomes for patients.

Aligning risk assessments for industry with regulatory and procurement requirements

A guidelines-based risk assessment will help you improve cybersecurity hygiene and speed to market of your devices. This includes evaluating and consulting on your products’ ability to meet the expectations of industry, regulators, Health Delivery Organizations, and Group Purchasing Organizations. Our risk assessments are based on the FDA-recognized UL 2900 standard and the National Institute of Standards and Technology

(NIST) Cyber Security Framework. The assessment will include:

  • Monitoring information sources to detect cyber vulnerabilities and risk
  • Identifying clinical performance to help develop protections and responses to cybersecurity risks
  • Recognizing methods to address risks prior to any occurrence

Product and supplier assessments to evaluate cybersecurity risks

Many companies invest considerable time and resources enhancing their cybersecurity measures. But if they fail to thoroughly assess all devices in their digital ecosystem, they can put the company, patients, and users at risk. Our team helps identify risks that may be introduced through your suppliers, technologies used in designing your devices, or to your technology infrastructure via procurement. Our supplier risk analysis considers:

  • Identification of potential assets, threats, and vulnerabilities,
  • Impact analysis of threats and vulnerabilities on device functionality and end users/patients,
  • Likelihood determination of a threat and/or a vulnerability being exploited.

Emergo provides cybersecurity risk assessments for procurement processes

Our knowledge of connected devices and cybersecurity regulations can help you control your procurement decisions and procedures against cyber threats. We understand where potential hardware and software vulnerabilities lie. Our team can support your efforts to demonstrate compliance with regulators expectations. Here’s how we can help:

  • UL 2900 FDA recognized standard compliance: Ensuring your device complies with FDA-recognized standards and guidance
  • Comprehensive cybersecurity risk assessment: Evaluate potential risks from the supplier and the devices/components in consideration
  • Build cybersecurity measures into procurement procedures: Establish purchasing protocols and documentation that address cybersecurity risks
  • Help identify your organization’s cybersecurity posture: Evaluate your organizations’ supply chain cybersecurity process maturity and establish a maturity model
  • Compliance and regulatory form submissions: Help compile the necessary cybersecurity documentation for device registration submissions

Please contact us for more information about procurement consulting on cybersecurity for network connected devices.

Request Information from our Specialists

By submitting this form I am agreeing to receive periodic emails from UL LLC (UL), Emergo, and affiliates containing best practices, education, industry research, news, updates and promotions related to UL’s products and services. I understand that I can unsubscribe at any time and agree to UL’s Online Policies.

Please add to your email’s Safe Senders List to prevent UL's emails from being sent to your spam folder.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.