About This Project

A growing medical technology organisation with innovative lung imaging capability delivering reporting via a Software as a Service solution, needs to maintain compliance with NIST, ISO27001 and HIPAA.

Imaging the lung in motion (animated)


The Situation

4DMedical is a global medical technology company aiming to change the outcome for patients with lung disease by revolutionising respiratory imaging and ventilation analysis. Their SaaS based solution allows for medical imaging data to be transferred to 4DMedical for processing and reporting.

While navigating Food and Drug Administration (FDA) approval processes in the United States, 4DMedical needed to consider the cybersecurity requirements of their product in order to satisfy the FDA, ensure appropriate risk and reputation management and to inform the market as they seek a technology platform provider.


The Approach

Information Professionals Group developed a Cybersecurity Reference Architecture, product security requirements, and cyber solutions architecture in addition to providing inputs into the successful FDA submission around cybersecurity.

Specifically, the Cybersecurity Architecture needed to consider:

  • A solution that wasn’t overly prescriptive to lock in suppliers
  • The right blend of business risk, balancing both commercial requirements and FDA standards

We’ve continued to work with 4DMedical by performing Threat and Risk assessments on their service delivery solution, solution development and corporate functions.

Our most recent project has been working with the 4DMedical team to establish ISO27000 Cyber Governance via an Information Security Management System (ISMS), which is being integrated with the organisations QMS.


The Impact

The developed solution was compliant with both the needs of the client and the regulator, with a full FDA approval being achieved. This approval allowed for the launch of the first element of 4DMedical’s technology, which will revolutionise the diagnosis and treatment of lung disease across the globe.

Thanks to the collaborative approach between Information Professionals Group and 4DMedical’s internal team, the client has been able to realise a significant uplift in their technical and business capability.




Medical Technology

Capabilities Delivered
  • Enterprise Cyber Strategy
  • Threat and Risk Assessment
  • Vulnerabilities Assessment
  • ISACA Certified Information Security Credentials
  • NIST, ISO27001/2, HIPAA and the ability to digest and understand FDA requirements
Client Wins
  • Successful FDA approval
  • Implementation of key technology components including IAM, Data Loss Prevention, Privileged Access Management and Cloud Access Service Broker
  • ISO27001 Information Security Management System
Growing Companies, Health & Community Services, RISK & CYBERSECURITY