Medical Device Cybersecurity Maturity Survey
Upon completion of this survey, respondents may confidentially opt-in to share their contact information to receive a high-level report containing the organization’s overall score, sub-score per category (Organization, Risk Management, Design Control & Complaint Handling) and a high-level depiction of current posture relative to industry peers based on the participating pool of Medical Device Manufacturers.
We hope these insights will enable medical device manufacturers of various sizes to better understand and measure their product security programs; to further adopt secure product development processes; and to build more robust, higher quality, medical devices that positively impact public health. While similar maturity models have been used previously by some medical device manufacturers (e.g., OWASP SAMM, CMMI, NIST), this benchmark is a first step to provide a standardized assessment custom to the medical device industry while building evidence-based data sets for on-going improvement.
Please note this survey does not provide a certification or attestation and should not be considered a substitute for completing a comprehensive security maturity assessment or for conducting a third-party security audit. Respondents may publicly disclose survey results for marketing purposes but by participating in this survey, each respondent acknowledges and agrees that (1) it will be clearly stated that these survey scores are based on a subjective self-assessment that yielded results which have not been certified by an objective third-party each and every time the respondent publicly discloses the survey scores in any and all media or discloses the scores to a third party, and (2) it will not indicate or imply that the Medical Device Innovation Consortium has certified or attested to the survey results.