R-002-002 Quality objectives_2025_003
Objective details
Objective number
3
Description
Enhance cybersecurity
Establishment date
January 2025
This is a new quality objective identified for 2025 which aims to enhance the cybersecurity of our medical device as part of continuous product and compliance improvement.
Planning
Responsible
JD-005, JD-003, JD-004
Departments involved
The main departments involved in the implementation of this quality objective are the product development and quality & regulatory departments.
Planned actions for 2025 period
During 2024, we selected a provider (Dmed software) to support us with the implementation of this objective, especially in view of the FDA submission.
The actions foreseen for 2025 are:
- Perform the kick-off meeting with Dmed software to start the cybersecurity project
- Review the procedure for cybersecurity requirements
- Collaborate with Dmed software in creating and reviewing cybersecurity records, such as threat modelling, security risk assessment, security requirements
- Execute the penetration test
- Address any vulnerabilities found during the penetration test
- Implement a robust cybersecurity monitoring during the post-market phase.
Resources needed
Personnel from the product development team to support Dmed software with the creation/revision of cybersecurity records; personnel from the regulatory & quality department to review the cybersecurity procedure and to overview the cybersecurity records.
Monitoring and follow up
| Period | % Completion | Follow up | Short-term actions |
|---|---|---|---|
| Q1 2025 | 25% | Kick-off meeting with Dmed software completed. Started review of cybersecurity procedure SP-012-001. | Begin threat modelling and security risk assessment. |
| Q2 2025 | 50% | Threat modelling completed. Security risk assessment documented. Cybersecurity requirements defined according to FDA guidance. | Prepare for penetration test execution. |
| Q3 2025 | 80% | Penetration test executed by Dmed software. Vulnerabilities identified and addressed. Security requirements verified. | Finalize documentation and implement post-market monitoring. |
| Q4 2025 | 100% | All cybersecurity documentation completed. Post-market cybersecurity monitoring implemented. Procedure SP-012-001 updated with FDA requirements. | Maintain continuous vulnerability monitoring. |
Final status
Status: Completed ✅
All planned cybersecurity activities were successfully completed:
- Dmed software project finalized
- Penetration test executed and vulnerabilities addressed
- Cybersecurity documentation created for FDA submission
- Post-market cybersecurity monitoring implemented
Related indicators
The following quality indicators from R-002-003 are linked to this objective:
| ID | Indicator | Target | Result 2025 | Achieved |
|---|---|---|---|---|
| #25 | Number of data breaches | 0 | 0 | ✅ |
| #26 | Number of infrastructure non-conformities | ≤3 | 0 | ✅ |
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
- Approver: JD-001 General Manager