Contact Us | | English
Johner Institut logo
Academy
Consulting
Product Testing
Outsourcing
RegTech
The Institute
Articles
Academy
First-hand, tried-and-tested, and cutting-edge knowledge for all players in the medical device industry

about the educational programme >
Seminars, Courses, and Workshops
E-Learning
Podcast Books (German)
Johner Academy
Education and training reinvented: Become a qualified point of contact for regulatory issues

go to e-learning >
level back Seminars, Courses, and Workshops

level back E-Learning

level back Podcast

level back Books (German)

Consulting Services
We offer support services for all product types, management systems and markets.

about our consulting services >
Market Access & Regulatory Affairs
Management Systems
Technical Documentation
Change Management
Assisted Self-Service
Micro-Consulting
Fast, free, and competent support from our expert team for your specific regulatory questions.

ask a question >
level back Market Access & Regulatory Affairs

level back Management Systems

QMS
level back Technical Documentation

level back Change Management

level back Assisted Self-Service

Product Testing
We offer support services for all product types.

more about product testing >
IVD Performance Studies Clinical Investigations & Studies Biocompatibility Testing Electrical Safety & EMC Testing IT Security Testing
Usability Evaluations
Penetration Testing
We are your reliable partner for pentesting your software products and infrastructures.

request security assessment >
level back IVD Performance Studies

level back Clinical Investigations & Studies

level back Biocompatibility Testing

level back Electrical Safety & EMC Testing

level back IT Security Testing

level back Usability Evaluations

Outsourcing
Focus on your core business – we will take care of your regulatory and administrative tasks efficiently, compliantly and cost-effectively.

more about outsourcing >
Authorized Representative Services & Regulatory Roles
Legal Manufacturer
US Agent
We are your competent and reliable partner for successful market entry in the USA and, as your US agent, we handle all FDA communications in accordance with the law.

request support >
level back Authorized Representative Services & Regulatory Roles

level back Legal Manufacturer

RegTech & Software
Software solutions specifically for medical device and IVD manufacturers

more about RegTech >
Regulatory Intelligence Regulatory Radar Post-Market Radar
Post-Market Radar Free
Well-informed and always compliant with the Post-Market Radar – for maximum safety in your post-market surveillance

request free personal access >
level back Regulatory Intelligence

level back Regulatory Radar

level back Post-Market Radar

About us
We support manufacturers in developing safe medical devices and bringing them to market despite complex regulatory requirements to provide optimal patient care.

about the Johner Institut >
Mission and Values Company History
Team
Locations Customers and Partners
Working at the Johner Institute
Events of the Johner Institute
Medical Device Briefings
The newsletter that keeps manufacturers, authorities, and notified bodies informed every week.

register now >
level back Mission and Values

level back Company History

level back Team

level back Locations

level back Customers and Partners

level back Working at the Johner Institute

level back Events of the Johner Institute



open navigation menu
close navigation menu
Academy
Consulting
Product Testing
Outsourcing
RegTech
The Institute
Articles
Contact Us Login Elearning Radars English - English
level back Back
Academy
Seminars, Courses, and Workshops
E-Learning
Podcast
Books (German)
level back Back
Seminars, Courses, and Workshops
Overview of Topics
Seminar Dates
level back Back
E-Learning
Johner Academy
level back Back
Podcast
level back Back
Books (German)
Consulting
Market Access & Regulatory Affairs
Management Systems
Technical Documentation
Change Management
Assisted Self-Service
level back Back
Market Access & Regulatory Affairs
In-house Production of IVD Medical Devices
US Market Access
International Approval
Clinical Strategy for the Clinical Evaluation
Performance Evaluation Strategy for IVD Medical Devices
MDR & IVDR Approval
Import & Trade of Medical Devices in the EU
Regulatory Due Diligence
Regulatory Strategy
level back Back
Management Systems
QMS
ISMS
Integrated Management Systems
Auditing
level back Back
Technical Documentation
Biological Safety
Electrical Safety & EMC
Shelf Life and Transportation Validation
IT Security
Clinical Evaluation
IVD Performance Evaluation
PMS, PMCF, PMPF
Risk Management
Software & (IVD) Medical Devices with AI
Usability
level back Back
Change Management
Change & Transformation Projects
level back Back
Assisted Self-Service
Auditgarant
Product Testing
IVD Performance Studies
Clinical Investigations & Studies
Biocompatibility Testing
Electrical Safety & EMC Testing
IT Security Testing
Usability Evaluations
level back Back
IVD Performance Studies
level back Back
Clinical Investigations & Studies
level back Back
Biocompatibility Testing
level back Back
Electrical Safety & EMC Testing
level back Back
IT Security Testing
level back Back
Usability Evaluations
Formative Evaluation
Marketing Claim Study
Subject Recruitment
Summative Evaluation
Usability Lab Rental
Outsourcing
Authorized Representative Services & Regulatory Roles
Legal Manufacturer
level back Back
Authorized Representative Services & Regulatory Roles
In-country Representation
PRRC
Quality Management Representative
level back Back
Legal Manufacturer
RegTech
Regulatory Intelligence
Regulatory Radar
Post-Market Radar
level back Back
Regulatory Intelligence
level back Back
Regulatory Radar
level back Back
Post-Market Radar
The Institute
Mission and Values
Company History
Team
Locations
Customers and Partners
Working at the Johner Institute
Events of the Johner Institute
level back Back
Mission and Values
level back Back
Company History
level back Back
Team
Board
level back Back
Locations
level back Back
Customers and Partners
level back Back
Working at the Johner Institute
Application Process
level back Back
Events of the Johner Institute
Medical Device Days
Startup Day
World Medical Device Summit
Articles
Home > Product Testing > IT Security Testing
show phone number write email open contact form

IT Security Testing – Penetration Testing

Hands on a Laptop with Development Code

We are your reliable partner for penetration testing of your software devices and infra­structures

Top Expertise in IT Security

Our team consists of certified IT security spe­cia­lists and experienced software engineers – so they know how to comply with all legal and normative requirements for IT security. ​​​​​​​​​​​​​
​​​​​​​

Certainty for Audits and Approvals

There is no need to sweat when audits and re­views are pending – with us, you get the highest standards for all the necessary security tests and re­ports, and you can be sure that you will meet the expectations of the relevant authorities and notified bodies.

Secure Software Devices and Positive Image

Our experts ensure that you develop IT-secure devices. That means less stress and fewer prob­lems with critical data loss, reportable incidents, and damage to your company's image.  

Reliable and Quick Project Management

You can sit back and relax: Our team takes over the entire project manage­ment and guarantees fast response times and implementation. You will receive a final report to add to your cyber­security file.

Man Showing two Colleagues Something on a Laptop

Let us detect and fix security vulnerabilities early on so you can launch your devices quickly and safely

Manufacturers of medical devices that include software and any data inter­face are required by law to comply with the requirements of IEC 81001-5-1 and MDCG 2019-16 for the cyber­security lifecycle process. These include conducting targeted security tests – usually penetration tests. 

Our experts simulate cyberattacks on your software-based devices and infrastructures during a pen test. This helps us uncover security vulne­ra­bilities that real attackers could exploit. 

Man Presenting Something to Colleagues on a Whiteboard

Protect company and patient data effectively: Play it safe with our penetration testing

Our team regularly conducts pen tests for the following components, among others:

  • Cloud and Network Infrastructures
  • Web Applications
  • APIs
  • Mobile Apps
  • Operating Systems
  • Hardware (USB, Bluetooth, WiFi, etc.) 

Our expert team will guide you through the four phases of the IT security assessment

01

Scope of the Project

We collect the neces­sary infor­ma­tion about the system under test (SUT) and select the appropriate test cases for your device.
02

Conducting a Pen Test and Presen­ting the Results

We test your device according to the applicable require­ments of the autho­rities, such as the BSI or FDA, and follow established guides and frameworks for maximum confor­mity. You will receive a detailed report, which we will use to discuss the identified vulne­rabilities and how to fix them.
03

Fixing Vulnerabilities and Conducting Re-Pentest

We work with you to define mea­sures to close the identified security gaps and improve your devices. We retest after device improvement to verify that the security vulnera­bilities have been closed.
04

Final Report for your Cybersecurity File

You will receive a final report descri­bing the test procedure in accor­dance with internationally recog­nized standards and confirming that there are no longer any vulne­rabilities.

Get in touch so we can start planning your pen test as soon as possible.  

 

Contact us, we're happy to help!
write email
Phone Icon

Phone

+49 7531 94500 20

Contact Form Icon

Contact Form

Feedback of our Customers

Trustpilot

slide left
The Johner Institute supported us along our successful FDA 510(k) application with threat modeling and technical pen­tests. They showed great exper­tise and provided very useful answers to our questions and best practices. The cooperation and communi­cation were smooth throughout the process.
Manuel Eckarth, Roclub GmbH
The Johner Institute is the per­fect partner for IT security. With their expert support, latest testing methods, and efficient solution approa­ches, we were able to improve the IT security of our medical software by performing penetration tests. The team has a high level of expertise, covering a wide range of software solutions and spe­cial requirements for artificial intelligence. We are completely satisfied and can recommend this service of the Johner Institute.
Susanne Rumreich, Fotofinder GmbH
I want to express my warmest appreciation for the exceptional work of Giancarlo Florit as a security engineer. I had a chance to work with him twice during the security testing activities for our customer. Giancarlo demonstrated excep­tional knowledge in the medical device security testing following international standards and best security practices. We were faced with the situation to test the SaMD in accordance with secu­rity applicable standards and additionally comply with local Malaysian regulations and requirements. Giancarlo was willing to assist with the tests as well as the documentation required. Giancarlo was faced with testing the medical software taking into account GDPR/HIPAA and spe­ci­fic Malaysian PDP act as well as integrating the security risk-based approach into his prac­tice. Giancarlo was always in touch with the development team requests and was able to react really quickly to the changes. He was very proactive, well organized, and willing to assist even if it required more than it was expected at the beginning. He showed excep­tional communication skills that let us build strong and friendly relationships between Andersen, the Johner Institute, and other stake­holders. I recommend working with the Johner Institute as this is a really professional company with an appropriate well-educated staff. I surely hope to work with Giancarlo as well as with other team members from the Johner Institute on any future projects.
Lizaveta Hrabtsevich, Andersen Lab
slide right

Everything from a single source: Compre­hensive support for your software devices

Cybersecurity File

Our experts help you pass the approval, audits, and reviews quickly and safely with a legally compliant cybersecurity file.     

 

Learn more

Software Development/Approval

We support you in optimizing your deve­lop­ment process, classifying your soft­ware, and creating all the necessary approval documents. 

 

Learn more
X

Privacy settings

We use cookies on our websites. Some of them are essential, while others help us to improve this website and your experience.

Accept all

Individual Cookie Settings

Privacy Notes | Imprint

X

Privacy settings

Here you will find an overview of all cookies used. You can give your consent to entire categories or have further information displayed and thus select only certain cookies.

Required Cookies

These cookies are needed to let the basic page functionality work correctly.

Show Cookie Information

Hide Cookie Information

Google Tag Manager

Cookie from Google for controlling advanced script and event handling.

Provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Cookiename:_ga,_gat,_gid
Runtime:2 Jahre
Privacy source url:https://policies.google.com/privacy?hl=de

Cookies for Statistics

Statistic cookies anonymize your data and use it. These information will help us to learn, how the users are using our website.

Show Cookie Information

Hide Cookie Information

Google Analytics

Tracking and analysis of traffic on our websites.

Provider:Google Inc.
Cookiename:ga_*, gi_*, gat_gtag_*
Runtime:365
Privacy source url:https://policies.google.com/privacy
Host:google.com

Matomo

Tracking and analysis of traffic on our websites.

Provider:Matomo
Cookiename:pk_ses*, pk_id*
Privacy source url:https://matomo.org/privacy-policy/

Hotjar

Tracking visitor behaviour on our websites.

Provider:Hotjar
Cookiename:_hjAbsoluteSessionInProgress, _hjSession_1170855, _hjSessionUser_1170855, _hjid, _hjIncludedInSessionSample
Runtime:1
Privacy source url:https://www.hotjar.com/legal/policies/privacy/
Host:hotjar.com

Cookies for Marketing

Marketing cookies from thrid parties will be used to show personal advertisment. They use them to track users outside of their own web page.

Show Cookie Information

Hide Cookie Information

Hubspot

Tracking the identity of a visitor. It is passed on to HubSpot when a form is submitted and is used to deduplicate contacts.

It contains an opaque GUID that represents the current visitor.

In addition, cookies from LinkedIn are introduced for marketing purposes.

Provider:Hubspot
Cookiename:hubspotutk, __hssrc, test_cookie, lidc, li_gc, lang, lang, bscookie, bcookie, _gcl_au, __hstc, __hssrc, __hssc ,__cf_bm, UserMatchHistory, AnalyticsSyncHistory
Runtime:730
Privacy source url:https://legal.hubspot.com/privacy-policy
Host:.hubspot.com

LinkedIn

Conversion tracking from LinkedIn.

Provider:LinkedIn
Cookiename:li_fat_id, li_giant, VID
Runtime:365
Privacy source url:https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy
Host:.linkedin.com

Meta

Conversion Tracking from Meta.

Provider:Meta
Cookiename:_fbp, _fbc, _fbq
Runtime:365
Privacy source url:https://www.facebook.com/privacy/policies/cookies/
Host:facebook.com

Cookies for external Content

Content for Videoplatforms und Social Media Platforms will be disabled automaticly. To see content from external sources, you need to enable it in the cookie settings.

Show Cookie Information

Hide Cookie Information

Google Maps

Required to display maps. Google uses cookies here to identify and track users.

Provider:google
Cookiename:NID
Runtime:183
Privacy source url:https://policies.google.com/privacy?hl=de
Host:google.com

Hubspot Forms

Google Recaptcha for Hubspot forms.

Provider:Hubspot
Cookiename:_GRECAPTCHA
Runtime:180
Privacy source url:https://policies.google.com/privacy?hl=de&fg=1
Host:js.hsforms.net

Save

Back

Privacy Notes | Imprint