The Security-by-Design Framework (SbDF) is a methodological solution, proposed by RINA, to help overcome design limitations of medical devices, which often do not specifically include security-engineering aspects regarding cyber risks.

SbDF takes into account a typical assessment and system monitoring audit workflow and it is supported by specific technical solutions addressing conformity assessment (through by compliance schemes) and risk assessment (addressing cybersecurity and engineering aspects). 

SbDF supports  manufacturers and health application providers in decision-making of possible security controls to be implemented during software and system engineering early phases.


The Secure Design Support Platform and the Compliance Support Tool support the Security-by-Design Framework.

  • The Secure Design Support Platform (SDSP), developed by RHEA, is a risk assessment platform designed for use in healthcare environments. The purpose of this tool is to cover the operational context in which health systems and medical devices are used. In doing so, it guides the architectural and development choices through detected critical risk level scenarios and the security controls needed to decrease their risk level.  While the tool is perfectly usable also as a single application, its main purpose is to follow the first phases of system and software engineering life-cycle, including requirements, design and implementation.
  • The Compliance Support Tool (CST), developed by RINA, provides a standardised programme for assessing the conformance of the target object (i.e. medical device, information system, management systems) with a series of standards relevant for the user and application context (i.e. GDPR, ISO 27001, EN ISO 13485, ISO IEC 80001). The Compliance Support Tool (CST) supports the user in assessing the medical system development process during all the phases of its lifecycle. This ensures an effective internal control system focused on managing significant risks while verifying the compliance of the entire process to relevant standards and taking actions to increase the conformity level.



The tools are designed for:

  • Medical Device Manufacturers and Developers
  • Information systems Providers and Developers
  • Clinical Engineering Officers
  • Information Technology Managers
  • Information Security Officers
  • Risk Managers






Watch the video and learn more about the Security Design and Compliance Support Tools!


Security by Design

Compliance Support Tool