FREQUENTLY Asked Questions
What should be included in system diagrams, in regards to cybersecurity risks?
View All FAQs
About the Author
Proxima CRO Team
Isabella Schmitt, RAC
Director of Regulatory Affairs

Prior to joining Proxima, Isabella served as the Senior Regulatory & Quality Manager at a medical device company, where she outlined the regulatory strategy & put together design controls & design history documentation. She was the Dir. of CMC & Quality at a biopharmaceutical company, where she oversaw all manufacturing and analytical processes and timelines and ensured CMC regulatory strategy was sufficient for filings in Europe and the US.

System Diagrams should be sufficiently detailed to permit an understanding of how the specific device design elements are incorporated into a system-level and holistic picture. Analysis of the entire system is necessary to understand the manufacturer’s threat model and the device within the larger ecosystem.

Systems diagrams should include:

  • Network, architecture, flow, and state diagrams.
  • The interfaces, components, assets, communication pathways, protocols, and network ports.
  • Authentication mechanisms and controls for each communicating asset or component of the system including web sites, servers, interoperable systems, cloud stores, etc.
  • Users’ roles and level of responsibility if they interact with these assets or communication channels.
  • Use of cryptographic methods should include descriptions of the method used and the type and level of cryptographic key usage and their style of use throughout your system (one-time use, key length, the standard employed, symmetric or otherwise, etc.). Descriptions should also include details of cryptographic protection for firmware and software updates.

Related Terms:
No items found.
Related FAQs:
More Questions? We're here to help!