We value your privacy

This website uses cookies to ensure that we give you the best possible service. By clicking on “Allow all cookies,” you agree to the processing of your data as well as its transfer to third-party providers. The data will be used for analyses, to provide you with social media features, and personalized content on websites by third party providers. For more information read our  Data Protection

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CONTACT

Case Study Details

Cerebra logo
“The cybersecurity audit and subsequent activities, including penetration and vulnerability testing of the system, as well as the drafting of cybersecurity-related documentation, has enabled us to prioritize improvements to the cybersecurity aspects of our system and successfully prepare for the product’s US FDA 510(k) Premarket Submission.”
Icon quotation

Vice President, Development
Cerebra Medical

Quotation icon
Joel pouliot
Trevor Bodz

Cerebra Medical

Background of the Project

Cerebra Medical designs, develops, and manufactures Electroencephalogram sleep monitoring systems and medical device software for collection and analysis of physiological data recorded during sleep. At the time of this project, the Cerebra Prodigy 2 Sleep System was cleared for by Health Canada for Clinical use as a Class 2 medical device. This project will enable the entry of the Prodigy 2 Sleep System to into the US Market via the FDA approval process, opening a very broad market-space for Cerebra to compete in.

Why Aversan?

Cerebra Medical wanted to have external resources audit their Prodigy 2 Sleep System to ensure a successful 510k submission to the US Food and Drug Administration (FDA). Cerebra was particularly focused on engaging experts within the medical device industry that had extensive expertise in the areas of Software, Verification and Cybersecurity. Given Aversan’s successful history of working in the Medical Industry, Cerebra selected Aversan to audit their DHF and complete the gaps assessment.

Scope of the Project

This work was divided into 3 phases, to allow Cerebra to manage the project, and to define the scope of future phases: In Phase 1, Aversan conducted an audit on the Cerebra Prodigy 2 Sleep System DHF against IEC 62304: 20151 and the FDA’s guidance for Cybersecurity in Medical Devices2,3 documenting findings, observations and recommendations for remediation.
Based upon the Phase 1 findings, Aversan was awarded Phase 2 of this project, to provide assistance in remediating the findings from the audit. Cerebra chose to engage in several solutions to expedite their remediations. Leveraging Aversan’s resource talents, staff augmentation was utilized by Cerbra to address documentation gaps and internal improvements.
In addition, Cerebra engaged Aversan on an additional phase to expand their test evidence, specifically targeting Cybersecurity requirements such as threat modelling and penetration testing of the Cerebra Sleep System.

Challenges

The project schedule was aggressive with durations of 4 and 8 weeks for Phase 1 and Phase 2, respectively. Aversan staffed the team with the required technical resources to support the project schedule needs. The team worked independently on both phases of the project and solicited input from the Cerebra team when necessary. The Aversan team completed the project deliverables on-time as per the original plan although the customer extended the schedule to complete their Phase 2 activities. The customer accepted the audit and penetration test reports and the drafts of the supporting documents with minimal comments.

Results & Conclusion

To meet their business goals, Cerebra needed to kick off, conduct the audit, identify gaps, and remediate findings within an aggressive timeframe. The reports’ short/long term recommendations and categorized audit findings (Major, Minor, Opportunity for Improvement and Good Practice) facilitated prioritization of the work performed by the Cerebra’s team. Aversan was able to quickly setup infrastructure and scale the team based on the project needs to meet Cerebra’s target dates. The inclusion of the FDA 2018 draft guidance in the audit report provided Cerebra Medical with the option to demonstrate its product design considering future requirements for aspects of cybersecurity and the medical device standards . It also provides additional feedback and enables Cerebra to address any gaps in their product’s design history files before the audit