Regulatory & Compliance
Medical device cybersecurity is no longer optional—it's mandatory across every major regulatory body. Product Security Hub helps you meet expections of FDA, Health Canada, EU MDR, Australia TGA, Japan PMDA, and beyond.
Why Regulatory Alignment Matters
Every major health regulator now requires evidence that medical device makers have identified and managed cybersecurity risks. Your security program must align with multiple frameworks simultaneously—and Product Security Hub makes that possible.
FDA (United States)
The FDA's cybersecurity guidance requires device makers to:
- • Identify and document cybersecurity risks in your device
- • Implement appropriate controls based on risk level
- • Maintain evidence of vulnerability management and security testing
- • Report security incidents transparently
Product Security Hub Mapping: Threat model → architecture threats | SBOM import → vulnerability tracking | Requirements tab → evidence of controls | Risk decisions → audit trail
Health Canada
Health Canada aligns with FDA guidance but adds specific requirements for:
- • Software as a Medical Device (SaMD) cybersecurity considerations
- • Post-market vulnerability disclosure practices
- • Regular security updates and maintenance commitment
Product Security Hub Mapping: Document post-market security processes in product versions | Track maintenance schedules | Record vulnerability triage decisions
EU MDR (Medical Device Regulation)
EU MDR Article 15.4 requires cybersecurity risk management as part of the overall risk management file:
- • Cybersecurity must be addressed in your risk management report
- • Security controls must be commensurate with risk level
- • Post-market surveillance includes vulnerability monitoring
Product Security Hub Mapping: Generate risk management evidence | Report residual risks | Create vulnerability management documentation for notified body review
Australia TGA (Therapeutic Goods Administration)
Australia's TGA aligns with international standards and requires:
- • Cybersecurity risk management as part of device lifecycle
- • Evidence of vulnerability identification and management
- • Supply chain security considerations
Product Security Hub Mapping: Track architecture & threat model | SBOM management | Supply chain risk assessment via vulnerability tracking
Japan PMDA (Pharmaceuticals and Medical Devices Agency)
Japan's PMDA increasingly aligns with FDA and ICH guidelines on cybersecurity:
- • Cybersecurity risk assessment during device review
- • Post-market surveillance and vulnerability management
- • Alignment with international security standards (NIST, IEC 62304)
Product Security Hub Mapping: Map security controls to IEC standards | Generate audit-ready risk assessment reports | Track ongoing vulnerability management
One Platform, Many Regulators
The challenge isn't compliance to one regulator—it's compliance to all of them simultaneously. Product Security Hub is designed for that reality:
Single Source of Truth
Your threat model, architecture, requirements, and vulnerability data live in one place—no spreadsheets, no version confusion.
Threats & Requirements Connected
Your architecture threats link directly to regulatory requirements—see which requirements address which risks in your design.
Audit-Ready Evidence
Generate reports that show regulators exactly what you've done to identify, assess, and manage cybersecurity risk.
Continuous Updates
When regulations change or new guidance emerges, you update your requirements once and propagate across all reviews.
Common Requirements Across All Regulators
Despite regional differences, every major regulator expects your team to:
Identify & Document Threats
Maintain a living threat model tied to your product architecture
Manage Vulnerabilities
Track discovered vulnerabilities, assess their impact, and document remediation decisions
Implement Controls
Deploy security controls proportionate to your risk level and document their effectiveness
Monitor & Report
Continuously monitor for new threats and vulnerabilities; report security incidents as required
Generate Audit Evidence
Produce audit trails, risk assessments, and compliance reports on demand
Simplify Global Compliance
Stop juggling multiple spreadsheets for multiple regulators. Let Product Security Hub be your single platform for FDA, Health Canada, EU MDR, TGA, PMDA, and beyond.