Vector Consulting for Medical Industry

Rising quality awareness as well as increasing cost pressure in the public health sector create high demands on hospitals, pharmaceutical companies, and manufacturers of medical equipment. At the same time, vulnerabilities in modern electronic devices dramatically increase with complexity and connectivity. 

For medical companies, Vector Consulting Services provides professional support in developing and optimizing business and engineering processes. As part of the Vector Group, we work with the industry to improve efficiency with reference to Medical SPICE, to manage quality according to standards and to minimize risks and increase safety. 

Through necessary change management, our consultants achieve cost efficiency with measurable benefits, thanks to our experiences in implementing lean and agile  processes. 


"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"

- Michael Prantke, Project Manager, Panasonic

"Vector Consulting has been supporting Realtech with interim management in a professional and effective way. The structured, methodical and consistent management has sustained our development organization and improved our performance."

- Thomas Mayerbacher, CEO, Realtech

Solutions for Medical

Medical Security

Safety of Medical Devices depends on Cybersecurity

Security of medical devices is of prime importance as these are dealing with the health and data of people. Most of the devices have limited size and hardware to fit those on to the patient's skin. It leads to low level encryptions of data, giving easy attack potention to the adversaries. 

Examples of cyberattacks on medical devices: eavesdropping, data leakage, data corruption, password attacks, sensor confusion, vulnerabilities in application, deceiving forensic examiners (repudiation).

Most security attacks are process and implementation related. Therefore, security is about identification of the attack surface starting with Security Requirements and risk mitigation across the Life-Cycle

Security by Design

  • Promoted by safety-driven development
  • Critical systems should be "Secure by Design"
  • Fontloading with requirements, bottom-up protection and security engineering

Security by Life-Cycle

  • Promoted by experiences in IT and Software-intensiv systems
  • Add-on to traditional "security-by-design" approach
  • Counters dynamic changes and evolution of threats and secuirty mechanisms


Risk-Oriented Cybersecuirty for Medical Devices

Security is about identification of the attack surface starting with security requirements and risk mitigation across the life-cycle. Read Vector presentation at MedConf 2019 and find out about our systematic security engineering with case studies and our Grey-Box Penetration Testing Approach. 

Medical SPICE

SPICE (Software Process Improvement and Capability Determination) defines methods for evaluating complete process models and organizations. A distinction is made between process reference models (PRM) and process assessment models (PAM). The former describes process requirements. Based on this, process assessment models define assessments criteria and assessment methods. 

When using Medical SPICE, medical device manufacturers can, among other things, gain more security when working with software suppliers. In the automotive sector, SPICE has proven itself in evaluating the performance of development processes. An equivalent evaluation model is now available specifically for medical technology. 

Medical SPICE brings two topics together: check compliance and measure and improve process capability. With Medical SPICE, medical companies can, e.g. Reduce risks for audit and approval, control risks of suppliers and improve process capability and security.

Solutions in Medical SPICE

  • Training and Coaching of projects and management in CMMI and SPICE

  • Pragmatic and objective-driven application of Medical SPICE, based on our broad and long-standing experiences
  • Implementation of comprehensive improvement programs
  • Support to successfully achieve a target maturity level
  • Conducting appraisals with experienced authorized assessors
  • Supplier assessments and optimization of supplier processes
  • Process and project assessments with Medical SPICE
  • Application of Medical SPICE to improve systems, software, hardware and mechanics development


Lean Requirements Engineering

Software-intensive critical systems in medical technology are under immense market pressure. While they must be technologically innovative, and exhibit safety without any compromise, the global markets require an ever shorter cycle time with simutaneous efficiency pressure. This Siemens industry case study showed increased productivity through lean and efficient development processes.