IEC 62304 – Consulting for Medical Device Software (SaMD/MDSW)
Making IEC 62304 and Design Controls Work for You
“We help you turn complex regulations into a clear, working system — not into bureaucracy.”
We support you in implementing IEC 62304 for medical device software (SaMD/MDSW) in line with FDA 21 CFR 820, MDSAP, and EU MDR expectations.
Our goal is not to make you bend your processes around the standard, but to help you understand it and implement it in a way that fits your organization — logically, efficiently, and purposefully.
We help you:
- Understand the requirements of IEC 62304 and Design Controls, and how they fit into your development reality.
- Analyze your current processes and technical documentation to identify gaps and inefficiencies.
- Implement missing elements with practical, hands-on support — not just advice.
- Connect all relevant standards: from risk management (ISO 14971) to cybersecurity (IEC 81001-5-1), usability (IEC 62366), and software product safety (IEC 82304-1).
We bring these frameworks together into one coherent, functional system. Our approach ensures that your design control, development, verification, and release activities are efficient, traceable, and audit-ready.
“Compliance should not slow you down; It should structure your innovation.”
IEC 62304 Practical Implementation, Not Just Interpretation
At QMLogic, we know that implementing IEC 62304 can feel overwhelming when the focus shifts from engineering to paperwork. That’s why we go beyond interpretation; we help you integrate the standard into your day-to-day development.
Together, we align your:
- Requirements management tools and workflows
- Software architecture and design documentation
- Verification and validation processes, including test automation
- CI/CD pipelines and version control systems
Our team connects the regulatory narrative with your real tools and infrastructure, so that compliance becomes a natural outcome of your development process, not an afterthought.
Proven Expertise in IEC 62304 and Design Control Consulting
We have guided startups, scale-ups, and global medical device manufacturers through the complete journey, from first implementation to successful audits and product launches.
Our experience includes:
- Full IEC 62304 implementations from the ground up
- Establishing Design Control processes aligned with FDA 21 CFR 820 Subpart C
- Supporting CE marking and FDA submissions with compliant documentation
- Leading design control transformation programs for multinational organizations
- Digitalizing and adapting processes for agile development environments
We believe that regulatory compliance and modern software engineering are not opposites, and they can work together.
Practical IEC 62304 Technical Documentation
“Good documentation doesn’t slow development — it proves that your process works.”
Creating compliant technical documentation is often seen as one of the hardest parts of IEC 62304 or FDA 21 CFR 820. We make it practical. We help you design your processes and the resulting documentation, known under FDA regulations as Design Controls, in a way that is logical, efficient, and fully traceable.
Our approach combines clear process design with ready-to-use templates, adapted to your specific product and development setup. Together, we build a complete documentation set that fits your organization and satisfies auditors and regulators.
We help you create the full documentation chain, including:
- Software Development Plan with all accompanying artefacts
- Software Requirements Specifications, taking into consideration various types of requirements and broader system requirements
- Software Architecture and Detailed Design
- Integration and System Testing Records
- Software Release Reports and supporting verification evidence
All these elements are based on our proven templates and structured for easy maintenance and review.
Covering the Entire Software Lifecycle
Our support continues after release. We help you establish post-market and maintenance processes that meet IEC 62304 and FDA expectations:
- Software Maintenance Process and Maintenance Plan
- Problem Resolution and Change Management
- Post-market records ensuring ongoing compliance
Traceability that Holds TechDoc Together
We ensure that all parallel processes and accompanying documentation stay connected, ensuring clear traceability through linking:
- Preliminary Hazard Analysis activities with Software Safety Classification
- Requirements with Risk Control Measures
- Risk Controls Implementation with System Testing Activities
This integrated structure makes audits easier, updates faster, and compliance naturally embedded in your daily work.
“When your documentation tells a clear story, compliance becomes easier.”
Connecting Quality and Security with the Software Lifecycle
Your software lifecycle will not stand alone. We will help you connect that with other quality management activities defined in ISO 13485 and the FDA Quality System Regulation (21 CFR 820). We help you bring these elements together so your compliance works as a single, integrated framework.
We connect IEC 62304 processes with:
- Cybersecurity requirements (IEC 81001-5-1) to ensure software resilience
- Complaint handling and non-conformity processes for post-market feedback
- Supplier management activities, as required by ISO 13485, to control external dependencies
These intersections create a unified structure where information flows naturally between processes, from development through maintenance and post-market phases.
Agile Development Under IEC 62304 and FDA Design Controls
“Agile and regulations do work together.”
Many believe that agile development is not compatible with the software lifecycle requirements of IEC 62304 or FDA Design Control expectations. We know that this is not true, and we’ve proved it many times in practice.
Our agile-based design control processes have been successfully audited by notified bodies and external auditors, demonstrating that modern development methods can fully meet regulatory requirements.
We have implemented AAMI TIR45 in multiple organizations, combining regulatory clarity with the speed and adaptability that agile offers.
Making Agile Work in a Regulated World
We show you how to:
- Structure your tools and workflows so iterative development stays fully traceable.
- Adapt your organization to respond quickly to changing requirements — while maintaining compliance.
- Automate your documentation so that frequent releases and updates remain compliant with IEC 62304 and Design Controls.
“The key is not to slow down for compliance — it’s to make compliance move with you.”
IEC 62304 Toolchain Setup and Compliance Automation
We are convinced that the proper setup of tools for development, documentation, and release is just as important as the process definition itself.
That’s why we don’t stop at designing your processes and templates — we help you build and configure the complete toolchain for software development, release, and maintenance that simplifies your compliance.
Whether you already have a working setup or are starting from scratch, we’ll help you:
- Validate and configure your existing tools for compliance
- Create a new, cost-effective, and connected tool environment tailored to your organization
- Automate documentation, testing, and traceability across your lifecycle
Supported Tools and Ecosystems
We work with the most common environments used in medical device software development, including:
- Atlassian tools – Confluence, Jira, Bitbucket, with add-ons like ScriptRunner, R4J, or Xray
- Microsoft 365 / SharePoint
- Polarion ALM
- IBM DOORS
We also help you establish or optimize CI/CD pipelines that support quality assurance and regulatory compliance, using:
- GitHub Actions
- Azure Pipelines / Azure DevOps
- GitLab CI/CD
- Bitbucket Pipelines
We connect your CI/CD pipelines with test procedures and automatically generated test evidence records, ensuring every release remains fully traceable and compliant.
Integrating Cybersecurity and Risk Tools
We also support the implementation of cybersecurity testing tools that align with regulatory expectations:
- SAST – Static Application Security Testing
- DAST – Dynamic Application Security Testing
- Tools providing CVSS v3.0-based risk scoring and vulnerability tracking
Medical Device Software (SaMD/MDSW) and Cloud Compliance
Modern Medical Device Software (SaMD/MDSW) solutions increasingly rely on cloud environments, which introduce new regulatory challenges. These include requirements for safety, reliability, cybersecurity, data protection, and business continuity.
Our approach ensures that cloud-based or hybrid architectures remain fully compliant, without limiting your flexibility or innovation.
“Cloud technology brings speed and scalability. We make sure it also brings compliance.”
CE Certification, FDA Inspections, or Process Optimization
Whether you are preparing for CE certification or an FDA inspection, dealing with audit findings, or simply feeling that your processes have become slow and unnecessarily complex, we are here to help.
We support you in:
- Preparing for CE certification audits by reviewing and refining your QMS and technical documentation.
- Ensuring readiness for FDA inspections under 21 CFR 820 and MDSAP expectations.
- Managing and closing non-conformities and audit findings as part of CAPA remediation projects.
- Optimizing design, development, and release processes to make them faster and leaner, without compromising quality, safety, or compliance.
Our approach combines regulatory expertise with hands-on implementation. We don’t just tell you what needs to change, we work with your team to make those changes real and sustainable.
Contact us today to discuss how we can help you streamline your compliance, strengthen your system, and move forward with confidence.