Proof, not adjectives.

Last updated: Nov 2026 · Self-reported

Devices cleared

FDA success rate

Cyber-related RTAs

Years in medtech cyber

Engagements

Real engagements with real numbers.

Anonymized to honor NDAs - but every standard, timeline, deliverable, and outcome is exactly what we shipped.

Imaging & AI/SaMD

Series-B imaging AI manufacturer (US, ~60 FTEs)

30-day FDA response window - delivered in 21 days

• 21 days - Deficiency cleared in
• De Novo granted - Final submission outcome
• 0 - Additional reviewer rounds

Cardiovascular

Cardiac remote-monitoring manufacturer (US/EU dual market)

16 weeks pre-submission (Jan - Apr 2025), first-cycle clearance in 84 days

• Granted on first cycle - 510(k) clearance
• 0 - Cybersecurity AIs from FDA
• 100% - High/critical findings closed pre-submission

Neuromodulation / Active Implantables

Implantable neurostimulator manufacturer (Class III, life-sustaining)

11 months across pre-PMA and PMA review (May 2024 - Apr 2025), 2 AI rounds resolved

• Approved - PMA outcome
• 2 of 2 - Cybersecurity AI rounds resolved
• 100% - Field-replaceable cyber controls at approval

Redacted CycloneDX 1.5 SBOM

Real SBOM from a Class II SaMD submission with 312 components mapped against KEV/EPSS. Client name and component fingerprints redacted.

PDF · 14 pages

Threat model excerpt (STRIDE + ISO 14971)

Two pages from a 47-threat STRIDE model showing the traceability matrix from threat → harm → control. Demonstrates AAMI SW96 conformance.

PDF · 2 pages

FDA AI-R cybersecurity response letter

12-page response to a real FDA cybersecurity AI Request, with reviewer questions verbatim and our line-by-line response. Submission identifiers redacted.

PDF · 12 pages

Pen test executive summary

Sample executive summary page from a medical device pen test report - finding rollup, severity heatmap, and remediation roadmap.

PDF · 1 page

In their words

What clients say.

Blue Goat Cyber helped us navigate our first end-to-end cybersecurity testing for our wearable medical device. Their communication was excellent, their timeline exceeded expectations, and their report helped us achieve FDA clearance without any additional questions. It was a truly seamless experience.

Blue Goat provided testing on our system for cybersecurity and provided the necessary documentation to add to our regulatory submission. They were very knowledgeable in the requirements, and performed the testing onsite which made the logistics of equipment availability easier for us. The communication was excellent, and they were able to expedite the testing and provide final reports in a very short period of time. My experience with this team was fantastic and I would not hesitate to use them again in the future.

Blue Goat Cyber takes the burden off our engineers and makes FDA cybersecurity requirements easy to understand. Their expertise and smooth process mean we can focus on our product, not the paperwork. The organized documentation, perfectly formatted for eSTAR, saves us countless hours.

Third-party

Press, podcasts, and awards.

Validation we didn't write ourselves.