medical device software development

Software Development for Medical Device Manufacturers

Developing software in compliance with FDA regulations, Guidance documents and international standards is challenging. This course helps medical device manufacturers develop software in a manner that is both compliant and practical.

Day 1 is focused on the recently announced FDA Quality Management System Regulation (QMSR). The existing Design Control Regulation (QSR) has been replaced with ISO 13485:2016. Differences and similarities between the existing QSR and the new QMSR regulations are discussed. In addition, the requirements of ISO-13485 section 7.3 are discussed from the perspective of software development. Corresponding requirements from IEC 62304 Medical Device Software Lifecycle Processes are included. Current FDA Guidance documents and international standards that pertain to software are reviewed as well as requirements for SaMD.

Day 2 is focused on Risk Management including Safety Risk Management, as defined by ISO 14971:2019, and Security Risk Management, as defined by ANSI/AAMI SW96:2023.

Day 2 also includes recommendations on Writing Requirements for Software and Software Tool Validation for software development tools and software used in Manufacturing and in QMS.

The training is presented in an interactive style with time allotted for discussions. Questions are encouraged!


Software engineers, project managers, quality managers, software quality professionals, RA/QA staff, and anyone who is interested in learning about cost-effective processes and procedures that will enable their organizations to deliver high quality software-based medical devices that comply with FDA regulations and international standards. This course is also appropriate for people who are new to the medical device industry. Course notes and access to an extensive collection of reference documents are provided.


The course content will be covered in 2 full-day sessions as outlined below. Sessions will be from          8am-5pm EST with two short breaks and a half-hour lunch break.

DAY 1 – Medical Device Software Design and Development

Duration ~8 hours

8am-5pm EST

This session will cover key regulatory requirements for medical device software in the US and EU as well as corresponding software development requirements from IEC 62304

  • Introduction
    • The new Quality Management System Regulation (QMSR)
  • Regulatory Roadmap
    • FDA QSR, QMSR, Part 11 and EU MDR
    • Medical Device Definitions – FDA and EU
  • Guidance Documents and International Standards:
    • Software-specific and Human Factors
    • ISO 13485:2016 Medical Devices – Quality Management Systems
    • IEC 62304: 2015 Medical Device Software – Software Lifecycle Processes
    • ISO 14971: 2019 Application of Risk Management to Medical Devices (Day 2)
    • IEC 62366-1:2020 Application of Usability Engineering to Medical Devices
    • ANSI/AAMI SW96:2023 Security Risk Management for Device Manufacturers (Day 2)
  • Related Regulatory Topics
    • Types of Software Regulated by FDA – SaMD and SiMD
    • FDA View of Research and Development
    • QMS Documentation Pyramid
    • ALL Software is Defective
  • Design and Development Planning (ISO-13485 7.3.2)
    • Software Development Procedure and Plan
    • Software Development Life Cycle Model
    • IEC 62304 Requirements
  • Design and Development Inputs (ISO-13485 7.3.3)
    • IEC 62304 Requirements
  • Design and Development Outputs (ISO-13485 7.3.4)
    • Architecture and Design
    • IEC 62304 Requirements
  • Design and Development Reviews (ISO-13485 7.3.5)
    • Planning and conducting Design Reviews
  • Design Controls – Verification Activities (ISO-13485 7.3.6)
    • Verification Planning
    • Technical Reviews
    • Unit, Integration and System Testing
    • Static Analysis
    • Requirements, Architecture, Design Verification
    • Unit, Integration and System Test Verification
  • Design Controls – Validation Activities (ISO-13485 7.3.7)
    • Design Validation and Software Validation
    • Comparison of Software Verification and Software Validation
    • Software Validation Planning
    • Software Testing Overview
  • Design Controls – Design Transfer (ISO-13485 7.3.8)
    • Releasing and Archiving Software
  • Control of Design and Development Changes (ISO-13485 7.3.9)
    • Engineering Change Procedure
  • Design and Development Files (ISO-13485 7.3.10)
  • Summary and Q&A
  • Appendix
    • FDA Quality Management System Regulation Changes
    • Good Documentation Practices
    • AI and Machine Learning Software as a Medical Device (SaMD)


Duration ~8 hours

8am–5pm EST

The morning session will cover key regulatory requirements for both Safety and Security Risk Management. Newly adopted requirements for Safety and Security Risk Management are discussed along with relevant international standards and guidance documents.

The afternoon session will cover the challenges of writing requirements for software and will discuss alternative methods for expressing requirements. The session will conclude with a discussion of Tool Validation including software development tools and software tools used in Manufacturing and QMS.


Safety Risk Management Process as defined by ISO 14971:2019

  • Context for Safety Risk Management
  • Recent Device Recalls
  • Terms and Concepts
  • Risk Analysis
  • Risk Evaluation
  • Risk Control
  • Software-specific Issues
  • Risk Management Tools and Techniques – Fault Tree Analysis
  • Production and Post-production Activities
  • Documentation Repositories

Summary and Q&A

Security Risk Management Process as defined by ANSI/AAMI SW96:2023, TIR 57:2016 2023, FDA and EU Guidance documents

  • Context for Security RM
  • Recent Security Events
  • Security Risk Analysis
  • Security Risk Evaluation
  • Security Risk Control
  • Evaluation of Security Risk Acceptability
  • Security Risk Management Review
  • Production and Post-Product Activities
  • Documentation Repositories

 Summary and Q&A


  • MITRE View of Threat Modeling
  • EU View of Security



  • Requirements – Hardest Part of Product Development
  • Requirements Family Tree
  • Types of Requirements 

Challenges Expressing Requirements

  • Ambiguity and Assumptions
  • Impact of Poor Requirements

Techniques to Reduce Ambiguity

  • Start with BIG PICTURE
  • Technical Writing Best Practices
  • Alternatives to English
  • Effective Document Reviews
  • Requirements Management

Summary and Q&A 

TOOL VALIDATION – Software Development Tools, Software used in Manufacturing and QMS

Regulatory Requirements

Validation Approach for Validation of:

  • Software Development Tools
  • Software used in Manufacturing
  • Software used in Quality Management Systems

Summary and Q&A


Event Details
16 hours
This course will be presented with a live instructor using interactive web-meeting software.

Course Materials

Course instructor: Steven Rakitin – Consultant, Software Engineering

8:00am – 5:00pm (EST) each day

Payment Type

Date Attending

Name of Attendee(s)

Name of Company

Follow QSG on LinkedIn!
Become a QSG Member today!

Always Keep Improving!