Find a cost effective and flexible application security testing solution. Well-structured security testing is required to streamline regulatory certification and code ratify an outsourced app development process.
TLT saw an opportunity when it realised that the current, cuff-based, blood pressure method is error-prone. Inflating a cuff can create alerting responses and false positives. It was clear doctors and patients are looking for more accuracy and ease of use in monitoring blood pressure.
Nita Shah, co-founder and CTO at TLT, continues the story: “Our biosensor is similar in design to a watch and can non-invasively acquire physiological data that is currently only available through intra-arterial blood monitoring. Having started a clinical study with Barts Hospital, we anticipate a positive outcome, and are in the process of commercialising our device. We have global patents in place, and are working with the regulatory authorities on CE mark and FDA approval.”
Delivering a high quality, safe, and fit for purpose device are top priorities for manufacturers. The TLT sensor contains software, embedded in the device, and as a user-friendly phone or tablet app. The challenge was in security verifying these software components, as Nita Shah explains: “Being a start-up, we are cost-constrained, and the static software analysis tools on the market were completely beyond my budget. With the increased global importance placed on cybersecurity we needed a flexible security testing solution to satisfy our regulatory auditors.”
All of our applications now go through a Fortify on Demand security scan that I feel will get our biosensor technical file fast-tracked through the auditors, with huge cost and time savings associated.
TLT turned to OpenText™ Partner IntelliQA for advice. An experienced application delivery management consultancy, IntelliQA recommended Fortify on Demand by OpenText™. This is designed to launch an application security initiative within a day, without the need for infrastructure investments or security staff.
This was welcome news for Nita Shah: “Fortify on Demand could not be easier to use. IntelliQA uploaded the app code, Micro Focus (now part of OpenText™) security professionals performed an immediate assessment and, within just a couple of hours, we received a comprehensive report with relevant metrics, filtered by severity, showing any potential vulnerabilities. Thankfully, the issues highlighted were relatively minor and easily rectified by our development partners. However, had they been included in the version submitted to our regulatory auditors, it would have caused unnecessary delays to our certification process. As it was, the issues were quickly fixed, we requested a remediation scan through the Fortify on Demand portal, and our app was security-cleared; all in the space of a couple of days.”
TLT’s core competencies are in medical engineering and science and, although the core device technology is managed in-house, the app development is outsourced. With a medical device, there is always the danger of a software bug causing issues in a clinical study or regulatory audit, so risk management is top of mind and the software and associated processes have to be failsafe. Nita Shah knows this is just the beginning for TLT: “We intend to launch at least another five apps for different use cases of our biosensor device, so establishing the right software development and security testing process now is vitally important to us. Using Fortify on Demand gives us an easy way to ratify our developer’s code so that we can feel confident in its performance during clinical studies.”
Because Fortify on Demand is flexible, as the app develops and user feedback is collated, TLT can make code improvements that are simply put through the same assessment to ensure it is robust before progressing its journey towards a commercial device.
It takes years to bring a new medical device to market. However, with the blood pressure monitoring market worth $9B annually and 36 million devices sold every year, it is worth getting it right. Every day saved in achieving regulatory certification is a day closer to bringing the new device to market. This is exactly where Nita Shah sees the value of OpenText™ and IntelliQA: “All of our applications now go through a Fortify on Demand security scan that I feel will get our biosensor technical file fast-tracked through the auditors, with huge cost and time savings associated.”
She concludes: “We estimate a static tool would have cost us 150 times more than using the flexible Fortify on Demand solution. Fortify on Demand is now a central part of our software development cycle, and we are delighted with the support from Micro Focus (now part of OpenText™) and IntelliQA.”
Fortify on Demand could not be easier to use. IntelliQA uploaded the app code, Micro Focus (now part of OpenText™) security professionals performed an immediate assessment, and within just a couple of hours we received a comprehensive report with relevant metrics, filtered by severity, showing any potential vulnerabilities.
TLT is a medical technology corporation that has successfully completed the breakthrough development of a standalone cuff less blood pressure monitoring device that not only delivers highly accurate readings almost anywhere in the body, but can also deliver key information about the entire arterial tree as well as the heart.