Question: How many man-hours does it take to complete
Answer: About 1 to 1.5 hours depending on the expertise and skill of the Biomed running the assessments. Assessments will get quicker as your team gets more familiar with the platform.
Question: What does the Medical Device Risk Assessment cover?
Answer: The MDRAP questionnaire consists of about 135 questions that start with
Question: What’s the difference between MDRAP and MDS2?
Answer: MDRAP was commissioned by the US Department of Homeland Security to provide a platform that would go beyond MDS2, and allow healthcare and security professionals to make rational comparisons between and tradeoffs among the myriad security project choices they face. MDRAP was developed with input from over 20 different technology and healthcare organizations, along with leading medical device cybersecurity experts unaffiliated with
Question: I have a bunch of MDS2s already. Do I throw them out?
Answer: Absolutely not! MDRAP contains a built-in MDS2 “
Question: How do I get MDRAP?
That’s it, you’re up and running! At this
Finally, if you want, we can schedule a FREE hands-on training for the rest of your
Question: How much will MDRAP cost my institution?
Answer: As a project funded largely by the Department of Homeland Security, MDRAP is free to use, but you must join MDISS in order to get access to the platform and enjoy the benefits of our onboarding, continuous support and sharing functions.
Question: Do you have any list of medical devices on the market?
Answer: Yes, MDISS and MDRAP hosts a massive digital catalog of electronic medical devices that
Question: Do we need individuals across several departments to be involved for these assessments?
Answer: A trained
Question: When I’m BULK IMPORTING my catalog of devices into MDRAP, what are the fields I need to include in my spreadsheet?
Question: What kind of analysis and recommendations will I receive from MDRAP Analytics?
Answer: The MDRAP Analytics Scoring Framework includes the ability for sets of risk assessment questionnaires to be computed and visualized. This visualization of results includes multiple quantifiable analytical dimensions such as computed risk, computed likelihood of an event and level of effort to remediate this event. MDRAP visualization tools plot “Level of Effort to Remediate” against “Impact to Organization” and “Likelihood of Occurring” so that your teams can more rationally decide what to work on first. MDRAP provides additional hints and notes relevant to HDOs to help them select specific vulnerabilities for mitigation based on the assessment results.
Question: I know MDRAP allows me to plot out assessments of dozens of different devices together on the same screen…. But does MDRAP allow me to compare multiple different assessments of the same device?
Answer: Not yet. But soon!
Question: Is there an option to view other institutions’ assessments for the devices in my inventory?
Answer: YES, you can view “shared” assessments from the larger MDISS/MDRAP community via the ASSESSMENTS tab. Not all organizations share. But if you’re sucking down lots of assessments that other people did, karma would dictate that you might want to share your work with the community, in turn.
Question: What does sharing entail?
Answer: We know sharing is hard, especially in medical contexts. But crowdsourcing is key to making device assessments work for everyone. If every hospital has to do their own assessments of every device they own, then positive network-effects never come into play, and you might as well quit MDISS, NH-ISAC,
That being said, every hospital network uses devices slightly differently, so an assessment sourced from outside your organization will always need to be “asterisked”, so you can make sure to “handicap” those scores against your internal reality. By creating standardized “risk management portfolios”
Question: What are the benefits that come with using MDRAP?
Answer: MDRAP is particularly useful for: