Executive Order 13691 – Promoting Private Sector Cybersecurity Information Sharing - encourages the development of Information Sharing Analysis Organizations (ISAOs), to serve as focal points for cybersecurity information sharing.
ISAO's are employed for the purpose of:
MedISAO understands the regulatory, safety, and business needs of the medical device industry. Our analysis, best-practices and information sharing is targeted directly to small-to-medium sized medical device manufacturers and service providers. Our community is dedicated to sharing relevant information on best practices, new threats and vulnerabilities.
Members of MedISAO get a head start in complying with cybersecurity guidances, real-time access to cybersecurity threats, tools and training from cybersecurity experts, and networking opportunities with other members.
MedISAO member organizations can avoid costly reporting procedures (21 CFR 806) when cyber vulnerabilities are discovered in the field, as long as certain conditions are met.
See our pricing page.
Companies can avoid costly corrective action reporting requirements (21 CFR 806) by reporting vulnerabilities directly to MedISAO. However, this may cause concern that MedISAO does not adequately protect confidentional information of its members.
Any member that shares information with MedISAO will specify the level of visibility of that information using a "Traffic Light Protocol", based on the familiar concepts of green/yellow/red:
All confidential information is submitted on our secure webform (using the same TLS encryption as bank websites) and is stored in encrypted storage on our servers.
Alternatively, members can submit information via email with PGP encryption. Click here for our PGP public key.
Payment information is securely stored offsite via Stripe.
MedISAO is organized by Promenade Software, a medical device software company.