Discover our Compliance Readiness service for RED DA
The cybersecurity requirements from the RED Delegated Act (EU) 2022/30 apply to internet-connected radio equipment. On January 28, 2025, the EN 18031 standards series was harmonized under the RED DA with restrictions.
Are you ready for compliance?
We are here to help.
What You Will Get
-
Production of a risk assessment document
-
Execution of a gap analysis with respect to EN 18031
-
Redaction of documentation for conceptual tests, as per EN 18031
-
Execution and reporting of functional tests, as per EN 18031
-
First report of ARIANNA platform confirming that the product under exam will be free from exploitable vulnerabilities at the date of 1st August, and vulnerability management over time
Those activities with their evidences are considered sufficient as self-assessment.
Discover our offering toward RED DA compliance in more detail:
1
Evaluate adherence to the EN18031 standard with Gap Analysis
2
Assess main threats and their mitigations with Security Checkup
3
Comprehensive Device Inventory through SBOM and HBOM
4
Full control over Device Vulnerabilities through Continuous Monitoring
Evaluate adherence to the EN18031 standard with Gap Analysis
​​​
The reference standard for this consultancy service is the European standard EN 18031, which has been harmonized for assessing compliance with the RED DA.
The process followed by Security Pattern to assess product compliance begins with a gap analysis with respect to the requirements of EN 18031. The guidance from EN 18301 for "conceptual tests" is followed for profiling the product and defining the actions needed to reach compliance.
After the gap analysis is complete, and adequate action has been taken to address the reported items, the process continues with the redaction of a risk assessment document, and of the relevant documentation for certifying compliance against the EN 18031 conceptual tests.
The final step of the compliance activities is the evaluation of the functional tests prescribed by EN 18031. These tests are carried out on the device by Security Pattern experts, which is tested both for the adherence of functionality with respect to the conceptual documentation (functional completeness) and for the appropriateness of the implemented security measures (functional sufficiency).
A test report is issued at the end of the activity, after all tests are passed.
Security Checkup
​
The analysis follows a structured Security Checkup framework designed to evaluate the system's architecture and identify potential cybersecurity risks. This includes:
-
A series of meetings to gather essential information about the devices, applications, and connected cloud services
-
A detailed report highlighting key cybersecurity threats and recommended best practices to mitigate them
-
A final meeting to present the findings and recommendations
​
The process generally begins with an in-person or remote session to start the information-gathering phase, followed by up to two online follow-up meetings if needed. Each session lasts up to two hours and involves technical representatives responsible for the components under review.
The outcome is a report summarizing identified threats, associated risks, and proposed mitigations, along with a priority list of actions to address any cybersecurity issues. The final results are presented in a closing video conference session.
​​
Comprehensive Device Inventory through SBOM and HBOM
​
ARIANNA’s strength lies in its ability to deliver unparalleled device models, providing a complete and transparent view of your device components, one of the main artifacts requested by medical regulations.
​
From hardware to software, our platform constructs a precise inventory of your device’s components, ensuring comprehensive visibility across the entire device lifecycle. This detailed inventory enables proactive identification and tracking of known vulnerabilities, as well as their evaluation and prompt resolution.
With ARIANNA’s comprehensive approach, you can stay ahead of cybersecurity threats while fully complying with evolving regulatory standards.
ARIANNA’s approach to building Device Models (SBOM+HBOM) is unique. By relying on the build procedure, we reach the highest level of accuracy and no false positives. Automation through APIs makes the maintenance of the components effortless, after every update. In addition, by monitoring the hardware, you can be assured of choosing the most secure hardware for your products and keeping this layer secure throughout the entire life cycle.
Full control over Device Vulnerabilities through Continuous Monitoring
​​
The second piece of evidence requested is the implementation of a sound Vulnerability Management Process (VMP). Relying on the Device Model (SBOM+HBOM) as input, the ARIANNA platform continuously monitors your device for known vulnerabilities. The system supports you to define the right priorities, by automated triaging and prioritization based on exploitability. Embedded systems are risky and costly to update; ARIANNA supports you in defining the right time and scope of your software updates.
​​
Security Pattern: Your Cybersecurity Partner
At Security Pattern, we understand the unique challenges faced by device manufacturers. From development to deployment, we are committed to being your trusted partner in navigating the complexities of cybersecurity and compliance.
​
Ready to enhance your device security? Contact us today to explore how we can help safeguard your innovations and simplify your path to compliance.
Join the growing number of manufacturers who trust Security Pattern to secure their medical devices. Together, we can build a secure and connected healthcare future.
​
Discover Our Resources:
ARIANNA Platform: SBOM & Vulnerability Management
Blog: The importance of Secure Product Development for Medical Devices
A software bill of materials (SBOM) has become a key element in supply chain security. This list of software components used within a device or system is a topic high on the agenda among regulators, security professionals, and manufacturers.