Secure Development Lifecycle Management

The process to design and develop, maintain and decommission medical devices while considering their associated cybersecurity risks is the best way to build security into devices. Manufacturers need to embed these practices into their processes for developing medical devices. This is considered a secure development lifecycle. Emergo by UL can help manufacturers by reviewing, assessing, recommending and developing a secure development lifecycle for their products. We can provide templates, training, industry best practices and guides on:

  • Requirements engineering for a new product development, or for re-engineering an existing product
  • Threat modeling and risk analysis
  • Software Bill of Materials (SBOM)
  • Software design and architecture
  • Design reviews
  • Security controls testing and validation
  • Penetration testing
  • Software of Unknown Provenance (SOUP) support
  • Patch Management
  • Decommissioning practices