Rising quality awareness as well as increasing cost pressure in the public health sector create high demands on hospitals, pharmaceutical companies, and manufacturers of medical equipment. At the same time, vulnerabilities in modern electronic devices dramatically increase with complexity and connectivity.
For medical companies, Vector Consulting Services provides professional support in developing and optimizing business and engineering processes. As part of the Vector Group, we work with the industry to improve efficiency with reference to Medical SPICE, to manage quality according to standards and to minimize risks and increase safety.
Through necessary change management, our consultants achieve cost efficiency with measurable benefits, thanks to our experiences in implementing lean and agile processes.
"Vector Consulting Services supported Panasonic with cybersecurity, demonstrating an outstanding level of expertise. The goal of a comprehensive TARA integrated into a security concept was achieved. The support was intense and very successful!"
- Michael Prantke, Project Manager, Panasonic
"Vector Consulting has been supporting Realtech with interim management in a professional and effective way. The structured, methodical and consistent management has sustained our development organization and improved our performance."
Safety of Medical Devices depends on Cybersecurity
Security of medical devices is of prime importance as these are dealing with the health and data of people. Most of the devices have limited size and hardware to fit those on to the patient's skin. It leads to low level encryptions of data, giving easy attack potention to the adversaries.
Examples of cyberattacks on medical devices: eavesdropping, data leakage, data corruption, password attacks, sensor confusion, vulnerabilities in application, deceiving forensic examiners (repudiation).
Most security attacks are process and implementation related. Therefore, security is about identification of the attack surface starting with Security Requirements and risk mitigation across the Life-Cycle.
Security by Design
Promoted by safety-driven development
Critical systems should be "Secure by Design"
Fontloading with requirements, bottom-up protection and security engineering
Security by Life-Cycle
Promoted by experiences in IT and Software-intensiv systems
Add-on to traditional "security-by-design" approach
Counters dynamic changes and evolution of threats and secuirty mechanisms
Security is about identification of the attack surface starting with security requirements and risk mitigation across the life-cycle. Read Vector presentation at MedConf 2019 and find out about our systematic security engineering with case studies and our Grey-Box Penetration Testing Approach.
SPICE (Software Process Improvement and Capability Determination) defines methods for evaluating complete process models and organizations. A distinction is made between process reference models (PRM) and process assessment models (PAM). The former describes process requirements. Based on this, process assessment models define assessments criteria and assessment methods.
When using Medical SPICE, medical device manufacturers can, among other things, gain more security when working with software suppliers. In the automotive sector, SPICE has proven itself in evaluating the performance of development processes. An equivalent evaluation model is now available specifically for medical technology.
Medical SPICE brings two topics together: check compliance and measure and improve process capability. With Medical SPICE, medical companies can, e.g. Reduce risks for audit and approval, control risks of suppliers and improve process capability and security.
Pragmatic and objective-driven application of Medical SPICE, based on our broad and long-standing experiences
Implementation of comprehensive improvement programs
Support to successfully achieve a target maturity level
Conducting appraisals with experienced authorized assessors
Supplier assessments and optimization of supplier processes
Process and project assessments with Medical SPICE
Application of Medical SPICE to improve systems, software, hardware and mechanics development
SIEMENS INDUSTRY CASE STUDY
Lean Requirements Engineering
Software-intensive critical systems in medical technology are under immense market pressure. While they must be technologically innovative, and exhibit safety without any compromise, the global markets require an ever shorter cycle time with simutaneous efficiency pressure. This Siemens industry case study showed increased productivity through lean and efficient development processes.