Software Development for Medical Device Manufacturers
Software Development for Medical Device Manufacturers
A comprehensive online course – 180 days to access course
PREPARE FOR THE NEW FDA QMSR + ISO 13485 COMPLIANCE REQUIRED FEBRUARY 2026
ON-DEMAND VIDEO COURSE
OVERVIEW
The regulatory landscape for medical device software development is changing dramatically.
Beginning in February 2026, device manufacturers must comply with the new FDA Quality Management System Regulation (QMSR) which is based on the ISO 13485 Medical Device Quality Management System Standard. In addition, a recently adopted standard for security risk management (AAMI SW96) adds additional requirements for cybersecurity.
This course provides insight into these changes as well as requirements for safety risk
management as defined in ISO 14971 Medical Device Risk Management and IEC 62304 Medical Device Software – Software Life Cycle Process. Also discussed is IEC 62366-1 Medical Devices – Application of Usability Engineering.
This course reflects both current FDA regulations as well as the new FDA QMSR + ISO 13485.
WHO SHOULD ATTEND
Software engineers, project managers, quality managers, software quality professionals,
RA/QA staff, and anyone who is interested in learning about cost-effective processes and procedures that will enable their organizations to deliver high quality software-based medical devices that comply with FDA/EU regulations and international standards. This course is also appropriate for people who are new to the medical device industry. Extensive reference documents are available by requesting a DropBox link.
COURSE OUTLINE
Software Development for Medical Device Manufacturers
Estimated duration ~16 hours
Part 1 – Design and Development Processes
The course begins with the Regulatory Roadmap that device manufacturers are expected to navigate. The Design and Development process outlined in both the FDA QSR and in the new QMSR (ISO 13485 Section 7.3) are discussed in detail along with corresponding requirements from IEC 62304 Medical Device Software Lifecycle Processes. Woven into the discussion of Design and Development are numerous examples of Best Practices.
Topics covered include:
• Introduction
o FDA’s new Quality Management System Regulation (QMSR)
• Regulatory Roadmap
o FDA QSR, QMSR, Part 11 and EU MDR
o Process and Product Standards and Guidance Documents
o FDA and EU Medical Device Definitions
o FDA and EU Device Classification
o FDA and EU Regulatory Models
• Guidance Documents and International Standards:
o Medical Device Accessories
o Software-specific Guidance Documents including:
Premarket Submissions for Device Software Functions
Off the Shelf Software Use for Medical Devices
Device Software Functions and Mobile Medical Applications
Deciding When to Submit 510(k) for Software Changes
General Principles of Software Validation
o Human Factors Guidance
o ISO 13485:2016 Medical Devices – Quality Management Systems
o IEC 62304: 2015 Medical Device Software – Software Lifecycle Processes
o IEC 62366-1:2020 Medical Devices – Application of Usability Engineering
• Related Regulatory Topics
o Planning for Compliance with QMSR
o Types of Software Regulated by FDA – SaMD and SiMD
o FDA View of Research and Development
• Design and Development Planning
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Inputs
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Detour – Writing Software Requirements
o Requirements Family Tree
o Challenges Expressing Requirements
o Techniques to Improve Requirements
• Design and Development Outputs
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Reviews
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Verification
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Validation
o QSR Requirements
o ISO 13485 Requirements
• Detour – Software Tool Validation
o Validation of Software Development Tools
o Validation of Software used in Manufacturing
o Validation of Software used in QMS
• Design and Development Transfer
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Changes
o QSR Requirements
o ISO 13485 Requirements
o IEC 62304 Requirements
• Design and Development Files
o DHF, DHR, DMR, RMF, UEF
o New MDF
Part 2 – Safety and Security Risk Management
The similarities and differences between Safety Risk Management (ISO 14971) and Security
Risk Management (AAMI SW 96) are discussed. Security Risk Management is based on the Risk Management framework defined in ISO 14971 but is focused on establishing a Secure Product Development Framework to minimize the risk of cybersecurity events. FDA and EU Guidance documents are discussed along with AAMI Principles for Medical Device Security – Risk Management TIR 57. Extensive references and examples of Best Practices are included.
Topics covered include:
Safety Risk Management Process as defined by ISO 14971:2019
o Context for Safety Risk Management
o Recent Device Recalls
o Terms and Concepts
o Risk Analysis
o Risk Evaluation
o Risk Control
o Software-specific Issues
o Risk Management Tools and Techniques – Fault Tree Analysis
o Production and Post-production Activities
o Documentation Repositories
Security Risk Management Process as defined by ANSI/AAMI SW96:2023, TIR
57:2016 2023, FDA and EU Guidance documents
o Context for Security RM
o Recent Security Events
o Security Risk Analysis
o Security Risk Evaluation
o Security Risk Control
o Evaluation of Security Risk Acceptability
o Security Risk Management Review
o Production and Post-Product Activities
o Documentation Repositories
Additional Resources
The following additional resources are included in the course notes:
o Summary of Changes in new QMSR
o Quality Pyramid
o Good Documentation Practices
o AI and Machine Learning Overview
o Software as a Medical Device (SaMD)
o MITRE View of Threat Modeling
o EU View of Security
Reference Documents
An extensive set of reference documents are provided in a DropBox folder upon request.
These documents include:
o FDA and EU Regulations
o FDA and EU Guidance Documents
o NIST Cybersecurity Standards
o Published whitepapers on selected topics
About the instructor…
Steven R. Rakitin has over 45 years’ experience as a software engineer including 35 years of experience in the medical device industry. He has worked with over 130 medical device manufacturers worldwide, from startups to Fortune 100 corporations. He has published papers on medical device software risk management as well as a book titled: Software Verification & Validation for Practitioners and Managers.
He received a BSEE from Northeastern University and an MSCS from Rensselaer
Polytechnic Institute. He earned certifications from the American Society for Quality (ASQ) as a Software Quality Engineer (CSQE) and Quality Auditor (CQA). He is a Senior Life member of IEEE. He has been involved in IEEE Standards committees including IEEE-730 Software Quality Assurance Processes and IEEE 1012 Systems and Software Verification and Validation.
As President of Software Quality Consulting, he helps medical device companies comply with regulations, guidance documents, and international standards in an efficient and cost-effective manner.
Course Fee Schedule: Registration is On-Going
Cost: $300
Refund Policy: No refunds for online courses once the course is accessed by the attendee