TLT saw an opportunity when it realised that the current, cuff-based, blood pressure method is error-prone. Inflating a cuff can create alerting responses and false positives. It was clear doctors and patients are looking for more accuracy and ease of use in monitoring blood pressure.
Nita Shah, co-founder and CTO at TLT, continues the story: “Our biosensor is similar in design to a watch and can non-invasively acquire physiological data that is currently only available through intra-arterial blood monitoring. Having started a clinical study with Barts Hospital, we anticipate a positive outcome, and are in the process of commercialising our device. We have global patents in place, and are working with the regulatory authorities on CE mark and FDA approval.”
Delivering a high quality, safe, and fit for purpose device are top priorities for manufacturers. The TLT sensor contains software, embedded in the device, and as a user-friendly phone or tablet app. The challenge was in security verifying these software components, as Nita Shah explains: “Being a start-up, we are costconstrained, and the static software analysis tools on the market were completely beyond my budget. With the increased global importance placed on cybersecurity we needed a flexible security testing solution to satisfy our regulatory auditors.”
TLT turned to Micro Focus® Partner IntelliQA for advice. An experienced application delivery management consultancy, IntelliQA recommended Micro Focus Fortify on Demand. This is designed to launch an application security initiative within a day, without the need for infrastructure investments or security staff.
This was welcome news for Nita Shah: “Fortify on Demand could not be easier to use. IntelliQA uploaded the app code, Micro Focus security professionals performed an immediate assessment and, within just a couple of hours, we received a comprehensive report with relevant metrics, filtered by severity, showing any potential vulnerabilities. Thankfully, the issues highlighted were relatively minor and easily rectified by our development partners. However, had they been included in the version submitted to our regulatory auditors, it would have caused unnecessary delays to our certification process. As it was, the issues were quickly fixed, we requested a remediation scan through the Fortify on Demand portal, and our app was security-cleared; all in the space of a couple of days.”
TLT’s core competencies are in medical engineering and science and, although the core device technology is managed in-house, the app development is outsourced. With a medical device, there is always the danger of a software bug causing issues in a clinical study or regulatory audit, so risk management is top of mind and the software and associated processes have to be failsafe. Nita Shah knows this is just the beginning for TLT: “We intend to launch at least another five apps for different use cases of our biosensor device, so establishing the right software development and security testing process now is vitally important to us. Using Fortify on Demand gives us an easy way to ratify our developer’s code so that we can feel confident in its performance during clinical studies.”
Because Fortify on Demand is flexible, as the app develops and user feedback is collated, TLT can make code improvements that are simply put through the same assessment to ensure it is robust before progressing its journey towards a commercial device.