Last reviewed: May 1, 2026
Listen now
What are the four security architecture views that the FDA prioritizes, and how do they impact your device's design?
This episode explores the FDA-defined security architecture views essential for medical device cybersecurity. Christian and Trevor break down the four views - global system, updatability/patchability, multi-patient harm, and secure use cases - with real-world examples and practical advice.
Key points:
(5:25) The Global System View
-
Companion apps and cloud infrastructure must be part of the device scope.
-
Many device manufacturers overlook update infrastructure in this view.
-
Distinguishing in-scope versus out-of-scope components is a common challenge.
(12:52) Updatability and Patchability
-
Secure update procedures must cover the entire lifecycle.
-
FDA wants manufacturers to consider both infrastructure and delivery integrity.
-
A weak development environment can compromise update trustworthiness.
(18:21) Multi-Patient Harm Scenarios
-
Risk is based on the scope and scale of potential compromise.
-
Even small devices can cause large-scale issues depending on their connectivity.
(23:09) Secure Use Case Views and Closing Advice
-
Every device function should have a corresponding security consideration.
-
Functional requirements can guide secure use case documentation.
More episodes
Keep listening
-
Episode 69
Science Before Hype in MedTech Investing with Varun Turlapati of Chaanakya Capital
With Varun Turlapati
-
Episode 68
Why MedTech Needs More Than Approval with Michael Branagan Harris of HealthTech Strategies Limited
With Michael Branagan Harris
-
Episode 67
De-Risking Product Decisions in MedTech Startups with Brent Lavin of Ironwood MedTech Partners
With Brent Lavin
-
Episode 66
Vibe Coding Security Risks and Malicious Code Injection with Jake Rodriguez of Triangle Tech
With Jake Rodriguez