Medical Device Cybersecurity Maturity Survey

COMPLETION DEADLINE: November 24, 2023

Thank you for taking the time to complete this important survey developed by the Medical Device Innovation Consortium (MDIC)  in collaboration with Healthcare and Public Health Sector Coordinating Council (HSCC), and Apraciti.

The Medical Device Innovation Consortium (MDIC) will utilize survey findings to create resources to measure maturity over time and enable industry growth through continuous product security enhancements.

**Please note, all information provided by each company will be kept confidential and withheld from any regulatory or governing bodies. Non-identifiable summaries of the overall findings will be made public as part of the overarching benchmark study.**

The survey encompasses multiple questions each drawn from the Medical Device and Health IT Joint Security Plan’s (JSP) maturity assessment framework, along with basic demographic questions and should take approximately 15-30 minutes to complete (you can save your progress at any time to resume later). Previous or current use of the JSP is not a requirement for participation.

This survey should be completed by a cross functional team composed, but not limited to, Product Security, Quality, R&D, and Risk Management with direct responsibility and knowledge of the organization’s product portfolio and relative security posture. In a circumstance where a cross functional team is not able to complete this, we recommend a senior member of the Product Security Organization who can provide relevant and accurate responses to the survey.

Only one survey per company or organization is meant to be completed and submitted; duplicates will be discarded.

  • All identifiable information provided by survey respondents will be kept confidential, withheld from any regulatory or governing bodies and not shared outside of MDIC and Apraciti. Only non-identifiable, anonymous summaries of the overall findings will be made public as part of the overarching benchmark study.
  • To participate in this free assessment, MDIC membership or purchase of any services from Apraciti are NOT required. However, you will be required to create a free account in order to access the survey.
  • Please email cybersecurity@mdic.org if you need any additional info. or if your organization would prefer to initiate an NDA before submitting data for this assessment.

Survey Information

Cybersecurity Benchmark Survey Participant BadgUpon completion of this survey, respondents will receive a high-level report containing the organization’s overall score, sub-score per category (Organization, Risk Management, Design Control & Complaint Handling) and a high-level depiction of current posture relative to industry peers based on the participating pool of Medical Device Manufacturers.

We hope these insights will enable medical device manufacturers of various sizes to better understand and measure their product security programs; to further adopt secure product development processes; and to build more robust, higher quality, medical devices that positively impact public health. While similar maturity models have been used previously by some medical device manufacturers (e.g., OWASP SAMM, CMMI, NIST), this benchmark is a first step to provide a standardized assessment custom to the medical device industry while building evidence-based data sets for on-going improvement.

Please note this survey does not provide a certification or attestation and should not be considered a substitute for completing a comprehensive security maturity assessment or for conducting a third-party security audit. Respondents may publicly disclose survey results for marketing purposes but by participating in this survey, each respondent acknowledges and agrees that (1) it will be clearly stated that these survey scores are based on a subjective self-assessment that yielded results which have not been certified by an objective third-party each and every time the respondent publicly discloses the survey scores in any and all media or discloses the scores to a third party, and (2) it will not indicate or imply that the Medical Device Innovation Consortium has certified or attested to the survey results.

  • Once you select the “Continue to the 2023 benchmarking assessment” button, a new window will open. To initiate the survey, simply click “sign up now” and fill out the required information.
  • Please answer each question to the best of your ability and revert to other colleagues for additional data, where relevant.
  • You are strongly encouraged to refer to the JSP before answering each question. Specific line numbers of the JSP corresponding to each question have been added to help guide you.
  • An explanatory note and additional guidance have been provided where needed. Each question includes an optional comment field to supply additional context at respondents’ discretion.
  • For your convenience, all survey questions are available as a PDF in this document and may be freely shared with other members of your organization to assist with the survey process.
  • You may save your progress and return to the survey at a later time by clicking the “Save and Continue Later” link at the bottom of the page.
  • COMPLETION DEADLINE: October 20, 2023

For additional support, please contact cybersecurity@mdic.org

Continue to the 2023 Benchmarking Assessment