Here are answers to the most common questions about our medical device cybersecurity testing services.
It varies depending on product complexity and test scope, but it typically takes 6 to 10 weeks on average. A detailed schedule is agreed upon during the preliminary consultation phase.
Yes, you can. You may select and request individual items such as vulnerability assessment, penetration testing, or fuzz testing. However, requesting an integrated package is more cost-effective and schedule-efficient.
WiseLab test reports are prepared in accordance with the items and evidence formats required by regulatory authorities such as the FDA, MFDS, and EU MDR. They can be used as regulatory submission materials without additional processing.
Tests are primarily based on IEC 81001-5-1 and IEC/TR 60601-4-5, and are mapped to global standards including IEC 62443-4-2, MDCG 2019-16, ISO/IEC 27001, and UL 2900-2-1.
The test report includes a risk assessment and recommended remediation measures for each vulnerability. If needed, we can verify that remediation is complete through re-testing after corrective actions are taken.
We support both SPDX and CycloneDX formats. In addition to verifying the accuracy of the SBOM submitted by the manufacturer, our service includes identifying missing components, checking for license conflicts, and VEX mapping.
Software-based tests (SAST/DAST, SBOM verification, etc.) can be performed remotely. Penetration testing or fuzz testing that involves hardware interfaces requires the device to be brought to our laboratory.