Home » Courses » Systems Engineering Training » FMEA » FDA Secure Product Development Framework (SPDF) Workshop

FDA Secure Product Development Framework (SPDF) Workshop

Length: 2 Days
Print Friendly, PDF & Email

FDA Secure Product Development Framework (SPDF) Workshop by Tonex

Cybersecurity and Software Integrity In Medical Applications Training

Confident teams design safer, more trustworthy health technologies when security and quality are embedded from the first requirement. This intensive workshop builds practical mastery of FDA’s Secure Product Development Framework so medical device and digital health teams can operationalize security-by-design across the lifecycle. You will translate guidance into workflows, artifacts, and decisions that withstand regulatory scrutiny while accelerating releases.

Strong SPDF adoption reduces post-market vulnerabilities, protects patient safety, and streamlines audits. From threat modeling to coordinated disclosure, you will learn how to connect engineering controls with risk evidence that matters. Cybersecurity is addressed as a clinical safety concern, not an afterthought, aligning development with FDA expectations and industry best practice.

Learning Objectives

  • Apply SPDF principles across planning, design, verification, and release
  • Build risk-based security requirements and trace them to evidence
  • Execute efficient threat modeling and security architecture decisions
  • Generate verifiable artifacts for submissions and internal audits
  • Strengthen post-market monitoring and coordinated vulnerability disclosure
  • Write one concise objective on cybersecurity demonstrating impact on patient safety and regulatory readiness using the word cybersecurity

Audience

  • Product Managers
  • Systems and Software Engineers
  • Quality and Regulatory Affairs Professionals
  • Clinical Safety and Risk Managers
  • Security Architects and Compliance Leads
  • Cybersecurity Professionals

Module 1 – SPDF Foundations

  • FDA vision and scope
  • Key SPDF principles
  • Roles and governance
  • Lifecycle integration plan
  • Documentation expectations
  • Readiness self-assessment

Module 2 – Risk Requirements

  • Hazard analysis basics
  • Security use cases
  • Risk classification rules
  • Security requirement writing
  • Traceability to controls
  • Acceptance criteria drafting

Module 3 – Threat Modeling

  • Asset and boundary mapping
  • STRIDE for devices
  • Abuse and misuse cases
  • Attack surface reduction
  • Security architecture patterns
  • Mitigation prioritization

Module 4 – Secure Design

  • Cryptography selections
  • Identity and access controls
  • Secure update mechanisms
  • Data integrity safeguards
  • Safety and security co-design
  • Design review checklists

Module 5 – Build and Verify

  • Secure coding standards
  • SBOM creation and use
  • Static and dynamic testing
  • Fuzz and robustness tests
  • Pen test planning scope
  • Evidence packaging methods

Module 6 – Release and Monitor

  • Secure release decision
  • Coordinated disclosure playbook
  • Vulnerability triage workflow
  • Patching and field updates
  • Post-market surveillance KPIs
  • Continuous improvement loop

Ready to embed FDA-aligned security into every release and reduce approval friction? Contact Tonex to schedule this workshop for your team and start operationalizing SPDF with confidence.

Request More Information