In a time where cybersecurity and regulatory compliance are paramount, medical device manufacturers must adopt forward-thinking strategies to ensure the security and transparency of their software supply chains. Ascensia Diabetes Care, a global leader in diabetes management solutions, recognized the critical role of Software Bill of Materials (SBOMs) in achieving these goals.
As regulatory bodies like the FDA and global agencies began emphasizing SBOM transparency, Ascensia took proactive steps to strengthen its SBOM processes. The company needed a solution that would:
- Achieve regulatory excellence by supporting SBOM compliance with FDA guidelines, NTIA minimum standards, and international regulatory requirements, driving accuracy, completeness, and transparency across global markets.
- Provide a comprehensive view of software components, including open source, commercial off-the-shelf (COTS), and proprietary software.
- Automate workflows to efficiently manage growing volumes of software vulnerabilities.
- Maintain its reputation as a technology leader by delivering secure products with the transparency essential to earning the trust of key stakeholders.
Ascensia’s forward-thinking approach to SBOM management focused on leveraging advanced tools to simplify complexity, reduce manual effort, and ensure compliance across product lifecycle stages.
The Solution: Vigilant Ops’ SBOM Lifecycle Management Platform
Ascensia turned to Vigilant Ops to meet their SBOM management needs.
- Holistic SBOM Management: Integration of data from development and runtime environments to create complete, actionable SBOMs.
- Automation and Scalability: Streamlined workflows, reducing manual efforts and enabling more efficient regulatory submissions.
- Compliance-Ready Capabilities: Alignment with FDA and global regulatory requirements, including defect density metrics and flexible export formats (e.g., CycloneDX, SPDX, PDF, VEX, etc.).
- Risk Management: Continuous risk scoring and dispositioning to assess and monitor vulnerabilities’ impact on specific products.
The Results: Transforming SBOM Management at Ascensia Comprehensive, Quality SBOMs
Ascensia has significantly enhanced the quality of its SBOMs by generating actionable insights from all stages of the product lifecycle. This comprehensive approach supports compliance and enables strategic decision making. By standardizing SBOM generation to include open source, commercial off-the-shelf (COTS), and proprietary software, Ascensia has achieved a complete and accurate view of its product composition. Product-level SBOMs now allow the company to efficiently manage software components for devices which consist of multiple SBOMs.
“The Vigilant Ops platform stands out because it delivers a truly comprehensive SBOM by combining insights from both source code and runtime environments. Other tools often focus on one or the other, but Vigilant Ops ensures a complete view of the true product. This approach has transformed how we create and manage SBOMs across our products, giving us confidence in our disclosures and compliance efforts.” — Starke Moore, Application Security Manager at Ascensia Diabetes Care
Enhanced Compliance
Ascensia has achieved streamlined compliance and reduced the risk of non-compliance by aligning SBOMs with FDA submission requirements, simplifying audits, and minimizing RTAs (Refuse to Accept). By reducing manual efforts, automated tracking of key metrics—such as defect density—now provides clear, actionable insights for regulatory bodies and customers. (Defect Density, a metric required by FDA, is the percentage of identified vulnerabilities that are updated or patched.)
“The Vigilant Ops platform provides an unparalleled enterprise view, allowing us to continuously evaluate risk and assess the potential impact of new vulnerabilities. Its streamlined approach makes managing SBOMs easier than ever while offering a single pane of glass to view and act on critical data. This has been transformative for our risk management efforts.” — Sr. Application Security Manager at Ascensia Diabetes Care
Scalable and Secure Solution
The Vigilant Ops platform offers unmatched scalability, adapting seamlessly to Ascensia’s evolving needs. Its automation capabilities have replaced time-intensive manual processes, enhancing efficiency—allowing increased focus on innovation and strategic initiatives.
Seamless SBOM Management
The Vigilant Ops platform empowers Ascensia with a truly comprehensive approach to SBOM management. By integrating data from all stages of the product lifecycle, the platform provides an enterprise-wide view that enables precise management of software components across devices and product lines. A key feature is its disposition and risk-scoring capabilities, allowing Ascensia to continuously reassess vulnerabilities based on their actual impact on products. This approach allows risks to be accurately scored, prioritized, and documented, giving Ascensia the agility to address emerging threats effectively while maintaining detailed compliance records.
Setting a New Standard in SBOM Management
By adopting Vigilant Ops, Ascensia has set a new standard in SBOM management, positioning themselves as a leader in the healthcare technology space while ensuring the security and transparency of their products.
Interested in transforming your SBOM management? Learn how Vigilant Ops can help you achieve regulatory excellence, automate workflows, and enhance security.