Services
About Us

As a global safety science leader, UL Solutions helps companies to demonstrate safety, enhance sustainability, strengthen security, deliver quality, manage risk and achieve regulatory compliance. 

Overview
UL Solutions Consumer Information

See how we put safety science to work to help create a safer, more secure and sustainable world for you.

Learn more
Resources

Explore our business intelligence-building digital tools and databases, search for help, review our business information, or share your concerns and questions.

Overview
UL Solutions Market Access Portal

Accelerate your planning process and learn the requirements needed to take your products to market worldwide.

Visit
myUL® Client Portal

A secure, online source for increased visibility into your UL Solutions project files, product information, documents, samples and services.

Go to myUL
Certification Database — UL Product iQ®

Access UL certification data on products, components and systems, identify alternatives and view guide information with Product iQ.

Visit
Industries
View All
  • Software and Products
Switch Language
  • Service

Medical Cybersecurity Assurance Program (CAP)

Medical CAP offers a comprehensive suite of advisory, testing and certification services to help companies manage cybersecurity risks and demonstrate a strong security posture to the marketplace.

Contact us
Doctor checking a chart in a hospital
Patient undergoing a CT scan while a technician looks at real time results on a tablet

Managing and validating capabilities through cyber security assurance

The Medical Cybersecurity Assurance Program (CAP) establishes standardized, testable criteria to assess software vulnerabilities and weaknesses in connected products and systems. These assessments help reduce the likelihood of exploitation, address known malware, enhance security controls and increase security awareness.  

Medical CAP provides trusted third-party expertise to evaluate the security of network-connectable products and systems developed in-house or by a vendor. The program enables manufacturers to stay ahead of emerging threats while continuing to innovate. 

Based on the UL 2900 series of standards, Medical CAP supports organizations in managing cybersecurity risks and demonstrating compliance to security standards. 

 

Medical CAP's cybersecurity services

Doctor using a laptop while in a lab

Certification

Medical CAP certifications are conducted through well-defined processes aligned with organizational quality standards such as ISO/IEC 17065:2012, Conformity assessment - Requirements for bodies verifying products, processes and services. The certifications demonstrate conformance to nationally and internationally recognized cybersecurity standards that are trusted by regulators, purchasers, customs officials and other key stakeholders involved in bringing healthcare technologies to market. 

  • IEC 81001-5-1, Health software and health IT systems safety, effectiveness and security, Part 5-1: Security – Activities in the product life cycle 
  • UL 2900-2-1, the Standard for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems 
  • IEC 62443-4-1, Security for industrial automation and control systems, Part 4-1: Secure product development lifecycle requirements 
Connect with our team
Child using a mobile device to check blood sugar levels

Verification

Your product requirement specifications define what your product is intended to do, including how it resists cybersecurity threats that could put systems like hospitals at risk. Verifying that these requirements align with industry standards and include appropriate security controls is essential to achieving cyber resiliency before, during and after a cyberattack. UL Solutions offers independent third-party reviews of product specifications and security architecture, an approach long trusted in safety-critical software domains to help you strengthen security and reduce risk.

Connect with our team
Group of IT colleagues collaborating in front of a tablet and a computer

Testing

UL Solutions provides cybersecurity testing services in line with globally recognized standards, including ISO/IEC 17025, Testing and calibration in laboratories. We support industry frameworks such as Federal Information Processing Standards (FIPS) and Common Criteria (CC). Whether you're seeking early-stage insights to support research and development or require formal testing for regulatory procurement needs, we offer flexible testing options tailored to your goals.

Our testing services include:
  • Static and dynamic application security testing (SAST/DAST) 
  • Penetration testing using realistic attack scenarios based on threat actor behavior 
  • Source code analysis, binary/bytecode review and software composition analysis 
  • Scanning for known vulnerabilities, open ports and services 
  • Malformed input testing and known malware detection 
Connect with our team
Technicians working on AI powered robotic arm

Auditing and inspection

Audits and inspections can help build more robust development and manufacturing processes to support the safety and security of new technologies. UL Solutions offers audit-based process certifications, third-party attestations and inspection services that align with industry-recognized frameworks. These services help organizations stay ahead of regulatory expectations and establish a strong foundation for cybersecurity risk management.    

Examples of some of the frameworks we work within: 
  • AAMI TIR57: 2016, Principles for medical device security - Risk management 
  • ANSI/AAMI/UL 2800-1:2019, the Standard for Medical Device Interoperability 
  • AAMI CR34971:2022, AAMI consensus report - Guidance on the application of ISO 14971 to artificial intelligence and machine learning
Connect with our team
Person testing their blood pressure with their mobile device

Software

Software plays a central role in today's medical technologies, including embedded firmware, software as a medical device (SaMD) and complex systems with software-defined functions. With supply chain attacks and zero-day vulnerabilities as leading threat vectors, proactive software security has never been more critical. UL Solutions helps you assess your product's software architecture, identify potential weaknesses and implement security best practices across the full development life cycle. 

Our software-focused services include: 
  • Software Bill of Materials (SBOM) generation – Visibility into third-party components to reduce supply chain risk 
  • Weakness analysis – Identification of vulnerabilities early in development 
  • Secure life cycle support – Guidance on maintaining cybersecurity from design to decommission
Connect with our team
Two business colleagues collaborating over a laptop

Data insight

Understanding and responding to real-world cybersecurity incidents requires the ability to make sense of complex data, including event logs and test reports. Whether your product has been compromised in the field or you're seeking to prevent future breaches, UL Solutions helps organizations turn data into actionable insights. Our engineers work with your team to analyze vulnerabilities, identify attack vectors and develop meaningful security metrics to guide product improvement over time. 

Our data-driven services include: 
  • Vulnerability management – Identify, track and prioritize issues based on real-world impact 
  • Sensitive data management – Strengthen controls around high-risk data types 
  • Test result analysis – Interpret findings to refine controls and support incident response
Connect with our team
Two business colleagues discussing regulations while looking at documents

Advisory

Making a product secure by design starts long before development begins. UL Solutions offers advisory services that support you from the earliest stages of product ideation, helping you assess technologies, reduce attack surfaces and avoid regulatory pitfalls. Our team provides expert input on failure modes, architecture choices and threat modeling to support robust cybersecurity from concept to retirement.   

Our early-stage and life cycle advisory services include: 
  • Treat modeling – Identify potential threats and define mitigations early 
  • Secure by design – Embed security into your architecture from the ground up 
  • Cyber regulatory guidance – Navigate complex requirements with clarity and confidence
Connect with our team
Person taking an online LMS course

Learning and development

Keeping pace with evolving cybersecurity demands requires a workforce that's continually learning. UL Solutions can help your organization build internal cybersecurity competencies through tailored training programs and ongoing professional development. Whether you need to upskill current staff, onboard new team members or meet quality management system (QMS) requirements, we provide practical training grounded in real-world applications across the medical device industry and beyond. 

Our training and capability-building support includes: 
  • Custom training programs – Targeted content based on your products, team and goals 
  • Securing programmable electrical medical systems (PEMS) – Expert-led training specific to PEMS devices 
  • Cross-industry insights – Learn how others are successfully managing similar technology risks
Connect with our team
Two engineers inspecting machinery

Field evaluation

UL Solutions offers flexible field evaluation services to meet your logistical or operational needs, including on-site testing, remote observation or assistance setting up your own testing facility. We provide options that accommodate complex product portfolios and hard-to-move equipment. For organizations managing extensive in-house testing, we also offer participation in our Data Acceptance Test Laboratory (DATL) program.  

Flexible support where you need it: 
  • On-site evaluation – Testing conducted within your facility 
  • Tele-support – Remote witnessing or guidance during your in-house testing 
  • DATL program – Qualify your laboratories for internal cybersecurity testing
Connect with our team

 

Choosing UL Solutions for your cybersecurity services

Working with an independent, trusted third party can help you:

 

Icon of a shield with a checkmark
Increase confidence in product and system security
 
Icon of football play
Protect your brand and mitigate risk
 
icon medical heart rate on locked monitor
Validate cybersecurity to end customers
 
hand
Differentiate your products in the marketplace
 
Icon of a hand holding a locked padlock
Demonstrate commitment to cybersecurity safety
 

 

 

The benefits of working with UL Solutions for cybersecurity include:

 

Icon of a medical symbol on a shield with arrows circling it

Full life cycle support

Icon of a person with a secure lock in their head

Industry knowledge

Icon of a secure network

Cybersecurity assurance

Icon of a padlock in front of a browser window

Cybersecurity and safety

 

Connect with our team

Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.

Download resources
Testing

Testing medical connectable devices to cybersecurity standards

3.8 MB
Download
Cybersecurity

Cybersecurity of medical devices e-book

1.2 MB
Download
Related services and resources
Medical Devices and Products
  • Capability

Medical Device Performance and Safety Testing
Penetration Testing
  • Service

Medical Device Penetration Testing Services
Cybersecurity and secure network concept

Medical Device Cybersecurity
An image depicting a medical technology concept

Advancing Cybersecure Medical Devices - Part 1 of 2
X

Connect with our team

Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.