Platform
Secure Product Development Framework
Embed cybersecurity practices into your products, software, services and processes by designing with a security-first approach. Talk to an Advisor
Overview
Regulatory-Proof Product Security
A secure design helps create products that are resilient to cyberattacks as they age. Security-by-design is required by various regulators and is a key component of liability protection.
Secure by design is here — and growing across all product industries.
ELTON Enables
Secure Product Development Framework (SPDF)
ELTON embeds cybersecurity into every stage of medical device development. From design to postmarket, it delivers vulnerability discovery, testing, and vulnerability management with exploitability analysis across every release Manufacturers meet FDA and global requirements while reducing costs, ensuring products are secure, compliant, and defensible across the entire lifecycle.
Secure-in-Development (Premarket)
Develop innovative products in a secure environment.
Secure-in-Deployment (Testing/Trials)
Launch your products securely and in alignment with regulations.
Secure-in-Postmarket
Monitor the security of your products and devices post-launch.
Build for the future with secure-by-design practices that meet global regulations.
Responsibility is placed on the manufacturers most capable of taking action to prevent bad outcomes, not on the end-customers that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.
US FDA
Released March 2023
DHS and CISA
Take Urgent Steps to Ship Secure-by-Design Products
America’s Cyber Defense Agency, CISA, offers joint guidance urging software manufacturers to ship products that are secure-by-design and revamp design and development programs to permit secure products for customers.
Enact SPDF Across Markets
Secure-by-design practice traverses industries and sectors as regulatory bodies and governments react to increasing cyberattacks that threaten consumer and business data. Global regulators are aligning on Secure Product Development Framework principles, requiring cybersecurity to be embedded across the medical device lifecycle through standards like IEC 81001-5-1, JIS T 81001-5-1, and FDA SPDF.
Medical Devices
Implement and adopt a Secure Product Development Framework (SPDF) aligned to federal and international regulatory requirements.
Industrial Control Systems
Safeguard ICS manufacturers and customers while aligning to ANSI/ISA 62443-4-1 Security for industrial automation and control systems Part 4-1.
Automotive
ISO/SAE 21434, UN Regulations on Cybersecurity (UNECE WP.29), and WP.29 R155 align to market pressure, EV adoption, and the increasing tech and data involved in autos.
State Requirements
Leverage “Safe Harbor” Laws
Several states have introduced “Safe Harbor” laws that shield manufacturers from to liability resulting from security incidents with the aim of encouraging businesses to be proactive with their cybersecurity.
Want to qualify for Safe Harbor protection? ELTON can help determine what Safe Harbor may be available in your jurisdiction and apply industry-recognized standards that demonstrate reasonable compliance before a data breach.
Secure-by-Design Medical Devices
Meet Medical Device Regulatory Requirements
Implement and adopt a Secure Product Development Framework (SPDF) and proactively address medical device security.
Heach Software Lifecycle
Health IT Joint Security Plan (JSP) and IEC 81001-5-1 covers the entire life cycle of health software from development through to post-marketing monitoring.
2023 FDA 542b Legislation
In the US it’s ‘the law’ in the US for connected devices to meet 2023 FDA 524b legislation for medical devices.
Medical Device Regulation (MDR)
In the EU, Medical Device Regulation (MDR) requires all medical devices sold in the EU be re-certified to cybersecurity standards 745/2017 (MDR) and 746/2017 (IVDR).
International Standards
Internationally, medical devices must meet the agreed upon cybersecurity standard: IMDRF/CYBER WG/N70FINAL:20223
IMDRF Regulations
The U.S., Canada, European Commission, China, Japan, Australia, Russia, Brazil, Singapore and South Korea comprise the IMDRF.
Cybersecurity Solutions
Cybersecurity Solutions Beyond Medical Devices
When you partner with ELTON, you’ll have the confidence in your medical device cybersecurity program to focus more on your mission.
Medical Device 524B
Mitigate the risk of security incidents and strengthen medical device cybersecurity by complying with section 524B of the FD&C Act.
ICS and OT Compliance
Improve your operational technology and industrial control systems’ (OT/ICS) security, and comply with critical infrastructure regulations.
Cloud Security
Protect data in transit and at rest while securing your cloud infrastructure from vulnerabilities with enhanced cloud security.
Supply Chain Security
Defend against digital warfare and supply chain attacks with end-to-end critical infrastructure cybersecurity solutions.
ELTON Knows
Global Regulatory Insights
ELTON experts regularly share insights and updates from the field. View more insights
ELTON Enables SPDF
For 10+ years, we’ve helped manufacturers apply secure-by-design principles.