Home
Services 
Software Tools 
TrainingApproachCareersAbout
  • broken image

    Cybersecurity & Data Privacy

    Qity specializes in providing tailored cybersecurity services for the healthcare industry, with a focus on medical device development. Our expertise in Information Security and Healthcare allows us to support your journey towards ISO 27001 certification, while addressing industry-specific regulatory compliance, risk management, and privacy concerns. Our comprehensive service offerings, including process development for ISMS, risk-based assessments, penetration testing, and vulnerability management, are designed to secure your sensitive data and assets, ensuring the protection of patients and healthcare providers from potential cyber threats.

     

    Coming soon

    Qity ISMS, a complete Information Security Management System for Jira and Confluence

  • Governance, Risk, and Compliance

    Regulatory Submission for MDR/IVDR/FDA

    Full support for CyberSecurity sections in Regulatory Submissions, from initial classification to post-market surveillance. Includes Pre/Post CyberSecurity Documentation, Secure Product Development Frameworks, SBOM and Life Cycle Management, Incident and Breach Management, CSMP, post-market vulnerability response, etc.

    Information Security Management System (ISMS)

    Scoping, Implementation, Certification, and Maintenance of your ISO 27001 Information Security Management System, tailored for start-ups, SMEs, new ventures, and scale-ups. Includes process and documentation framework, certification roadmapping and support, internal audit and pre-certification, integration, authoring of policies, etc.

    CSF 2.0 / NIST

    For international-facing organisations or those targeting the US market, Qity offers a full alignment service with NIST CSF, including mapping of existing controls to CSF functions, risk profiling, gap analysis against organisational tiers, etc.

    NIS2 Directive

    Registration, Preparation, Roadmapping, and Implementation of processes, procedures, policies, and records to ensure compliance with the NIS2 Directive.

    Other Frameworks and Standards

    Such as Dora, FDA Guidelines, SOC 1 & 2, and others.

    Security Audit Management

    Independent and expert Audit Management against legal requirements, applicable standards, or regulatory environments.

  • Security Risk Management

    Threat Modelling

    Comprehensive Threat Modelling workshops and documentation services, tailored to healthcare and medical device industries, and including always up to date threat and attack vectors, using frameworks such as STRIDE and MITRE, and aligned with our Security Risk Management and Information Security Documentation (SOPs, Policies, and Work Instructions).

    CyberSecurity Risk Assessment

    Development, Integration, and Execution of product-centric and/or organisation-centric Security Risk Management, supporting either a product or device file, or a starting point for the implementation of risk based frameworks and standard compliance (such as 27k or 80001).

    Vulnerability Management

    By leveraging state-of-the-art processes, frameworks, and tools, scope and implement process and software solutions to vulnerability management, including monitoring, alarmistics, security incident, and breach management.

    Penetration Testing and Red Teaming

    Black/Grey/White box testing, focused API testing, network testing, product testing, social engineering, and organisational challenge testing (including phishing gamification).

  • Training, Awareness, and Advisory

    Security Awareness

    Individual or recurrent Information Security Awareness sessions, workshops, and/or events, focused on specific industries and current threats.

    These awareness activities can target specifically senior/executive management, development teams, or entire organisations, as required.

    Data Privacy and Protection Training

    Introductory training to GDPR and HIPAA, contextualising the intrinsic data privacy and protection requirements within Healthcare and Life Science.

    CISO as a service

    Part-time or fractional strategic security guidance and advisory, presential or virtual/remote, enabling timely and practical senior security and compliance expertise.

    DPO as a service

    Part-time or fractional Data Protection Officer, including the scoping, development, and maintenance of all processes, procedures, artefacts, and records associated with GDPR and/or HIPAA compliance, as well as maintenance of data-related processes.

    Cookie Use
    We use cookies to ensure a smooth browsing experience. By continuing we assume you accept the use of cookies.
    Learn More