Cyber security services

In today's digital environment, data security is more important than ever. General and targeted attacks against organisations and individuals are prevalent and securing critical assets has become a mission-critical task in the always online, completely connected ecosystem we live in. Solita's cyber security services help you to design, develop and operate secure services that keep your and your customers' valuable information confidential, intact and available. We can help you from the first steps of design to running and operating your service in a secure fashion.

Cyber security consulting and training

Threat assessment
Discover the threat posture of your service

Our facilitated threat assessment service helps you identify and prepare for threats in a structured manner.
- Understand the security context
- Design appropriate mitigation
- Plan the implementation of controls
The assessment is conducted with a workshop-style method based on industry standard threat modelling practices.
Human-centric security design
Design your services with a security mindset

Our human-centric approach to security design allows you to design services with a security mindset.
- Ensure that security design actually meets user expectations and usability
- Plan for contingencies and continuity
- Prepare for unexpected events that might disrupt your capability to reach your business objectives
Secure software development lifecycle review and training
Improve your development security

We are experts in building secure software with industry leading secure software development processes and practices.
- Train your internal dev teams
- Evaluate current practices
- Form guidelines and requirements
We are more than happy to help you assess and improve your own practices, whether you are developing in-house or offering services externally.
Security assessments for software and services
Gain an expert opinion on your state of security

It is often necessary to have external expertise for evaluating the status of your services or software, either through a straightforward code review or an in-depth assessment of the security and practices of a service.
- Evaluation of practices
- Benchmarking to industry standards
- Clear, actionable recommendations
We offer a full suite of hands-on and practical assessment services that will give you actionable recommendations for improvement.
Penetration testing
Test your security against real-life threats

Vulnerabilities exist in almost all solutions, and it is far better to find them before someone hostile does. Our penetration testing service helps you to:
- Find and report vulnerabilities in the target solution
- Black box testing against visible surfaces
- Whitebox testing with access to code, config and documentation
Our penetration testing does not just find the vulnerabilities, but provides clear, actionable recommendations for fixing the issues, down to suggested code changes.
Cloud security
Ensure the quality of your cloud security

While the basic principles of cyber security are valid regardless of where you run your services, the cloud presents its own challenges in designing, building and operating secure services.
- Design secure cloud architecture
- Review cloud security practices
- Train operative teams
Whether it is hardening your cloud infrastructure, designing operating practices or building devops pipelines, our cloud security experts are up to the challenge and available to help you plan, implement and operate your cloud services.

Medical device security

Medical device security compliance requirements and training

With the tightening security requirements of the two new regulations – one on medical devices (MDR) and the other on in vitro diagnostic medical devices (IVDR) – cybersecurity compliance has become an essential issue in medical device development. To demonstrate regulatory compliance, the manufacturer is required to present cybersecurity-related data from both pre- and post-market lifecycle phases. Also, the new version of the medical device software lifecycle standard IEC 62304 will include specific cybersecurity risk management requirements. It is essential to understand these requirements thoroughly and, most importantly, to know how to implement them in practice.

Secure product development under ISO 13485 -certified Quality Management System (RegOps)

Solita Health is an ISO 13485 -certified developer of medical devices. The ISO 13485 certificate solidifies the role of Solita Health as an international product development partner and in the medical device industry. Operations controlled by the certified quality management system incorporate our core competences, such as software development, user insight, service design, and strategic, data, and analytics expertise. Built on the success of Oravizio, the AI-powered risk assessment tool for surgeons, we have an exceptional ability to help you design and implement secure medical device software.

Security requirements and threat analysis in medical device risk management

Medical device manufacturers are required to have a general risk management process to manage the safety risks related to their products. The risk management process must be compliant with the standard ISO 14971. Even if the security risk management has a broader perspective on risks, the process can be implemented similarly, and it can be aligned with the manufacturer’s current general safety risk management process. We can help you set up and document a security process that meets the regulatory requirements, is effective, and is based on your current workflow. We have specialised expertise in threat and security analysis and are able to help you identify the risks that are significant in the medical domain.

Data protection and other related legislation

Health and well-being services are becoming increasingly digital. Artificial intelligence, analytics, cloud services, and open interfaces offer almost limitless opportunities for improving services and operations. When working in health and well-being, it is inherent to the domain that sensitive data is required to deliver the services the end-users need. The sensitive nature of the data calls for both regulatory compliance and an inherent focus on data protection. We understand and know the requirements, processes and technologies required and are ready to help you with securing your sensitive data from technical measures to governance processes.