Medical software development is often a long, tedious process—but it doesn’t have to be that way. Regulatory requirements often take the blame for slowdowns in the medical sector, but the truth is that inefficient workflows are usually the real problem.
This blog is part of a series looking at ways to optimize medical device development. In this blog, we examine the standards that define the space developers must work within. We then explore ways to optimize efficiency within these boundaries to accelerate timelines.
Moving fast in a highly regulated environment
To get a sense of the regulatory burden, consider life-supporting devices like implanted pacemakers and heart valves. These devices require extensive testing, documentation, and regulatory review. As a result, the initial development phase (i.e.,design, prototyping, and initial testing) can take well over a year. And that’s just to get the device ready for regulatory approval!
In contrast, Dojo Five has completed the development phase of such a device in just five months. We were able to achieve this aggressive timeline with efficiency-focused changes to our culture, processes, and development tools. We hope that sharing our experience will help your teams build innovative products faster and more effectively.
To start, let’s take a look at some of the key standards developers must consider.
| Standard | Description |
|---|---|
| ISO 13485 | Defines quality management system requirements for medical device organizations, ensuring safe and consistent design, development, and production processes. |
| ISO 14971 | Establishes a framework for risk management in medical devices, including hazard identification, risk assessment, control measures, and ongoing monitoring. |
| IEC 62304 | Specifies software lifecycle requirements for medical device software, with processes defined by three safety classes (A, B, C) based on potential risk. |
These standards are developed and maintained by two major international standards organizations: the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). These are independent, non-governmental organizations that develop international standards through a consensus process involving experts from around the world.
It’s important to understand that while ISO and IEC create these standards, they don’t enforce them. The actual regulatory enforcement comes from national regulatory bodies like the Food Food and Drug Administration (FDA) in the US. These regulatory bodies typically incorporate these standards into a larger approval process that may include additional requirements or interpretations on top of the base standards.
For example, while ISO 13485 defines quality management system requirements, the FDA requires compliance with both ISO 13485 and their own Quality System Regulation (QSR) for medical devices sold in the US market. Similarly, the EU requires compliance with these standards under their Medical Device Regulation (MDR) framework.
ISO 13485: Medical devices — Quality management systems
The ISO 13485 standard underpins the quality framework for such devices through a Quality Management System (QMS), which is essential for tracking and validating every step of the device’s lifecycle. It mandates practices like risk management and design controls, ensuring that from the earliest stages, the device is designed and assessed with patient safety in mind.
For Class III devices, maintaining traceability is critical; it’s a safeguard to track each component and design decision, preserving accountability and quality control across the entire production process. ISO 13485 also requires precise documentation and validation of production steps, ensuring the device’s performance remains reliable from prototype to final product.
ISO 14971: Medical devices — Application of risk management to medical devices
ISO 14971 is a standard designed to reduce potential harm by encouraging inherently safe design choices. For example, features prone to selection errors must be removed or guarded. This attention to detail extends to user-facing elements, where enhanced readability and visibility of labels and displays reduce the likelihood of operational errors. Functions vulnerable to manual errors must be automated, reinforcing both reliability and safety.
Physical and software safeguards, such as interlocks and warning screens, act as another layer of protection, alerting users to crucial conditions before proceeding. Additionally, using technology that requires minimal maintenance, alongside thorough user training, further reduces the risk of device misuse.
IEC 62304: Medical device software — Software life cycle processes
The IEC 62304 standard focuses on structuring the software development lifecycle (SDLC) for medical devices. From initial planning to detailed risk analysis, each phase builds on the last to ensure quality and safety. It requires defining software architecture and classifying software risks early in the process, enabling teams to approach development with a clear understanding of the device’s safety needs. As development progresses, each phase is tailored to manage risks specific to the device’s classification, reinforcing compliance and reliability throughout the project.
Regulatory compliance starts with teamwork
Meeting regulatory standards is more than a technical challenge. Achieving compliance relies on the harmonious blend of tools, processes, and company culture.
Bringing a medical device to market can be compared to building a championship sports team. Success isn’t about having the best equipment. Instead, winning teams combine rigorous training, strategic processes, and a committed team culture.
Similarly, in medical device development, tools, and processes are valuable, but they’re only as effective as the culture supporting them. A thriving development culture enables teams to meet regulatory demands while innovating safely and efficiently.
Best practices for moving fast with high accountability
It is important to understand that teamwork does not mean “design by committee.” That approach can hinder speed and accountability, especially when stakeholders may not fully understand the technical or regulatory limitations behind their requests. Shifting to a model where a designated point person holds final responsibility—while still securing stakeholder buy-in—promotes trust and enables faster decision-making cycles with the development team.
In this high-stakes environment, requirements must be defined with strict precision, focusing on essential functions without mandating specific design or implementation details. Here, requirements become the non-negotiable criteria that steers designers toward clear, testable performance outcomes.
Achieving this balance varies based on organizational structure, project timelines, and specific pressures, whether for a flagship device with a critical release deadline or a smaller, lower-risk project to test new practices.
In the sections below, we’ll explore concrete examples to illustrate these principles in action.
Clearly define intended use, users, and user needs
Ensuring everyone on the development team clearly understands the Intended Use, user personas, and which user needs are in scope is often overlooked. This simple context drives all development and can be lost/forgotten after the kickoff session—write it down where people see it often and have people recite it back in their own words to ensure understanding.
Embrace changing requirements as part of the agile process
Most teams operate as though the code is agile yet requirements are fixed. We consider requirements part of the agile process which are reviewed after each mature release. This is a jolt for some teams, particularly management (depending on their level of trust and involvement). At best, it’s received as not following a plan. At worst, it comes off as the product straying from its initial purpose.
Building from fluid requirements requires cultural changes that imbue trust and high accountability between the management, product, and engineering teams. Consider getting air cover from your boss to work out the kinks on a pilot project that has a high chance of success.
Accept incremental defects during development
Medical software sometimes has long development cycles with unclear accountability for whose code broke what. This can create a murky, defensive culture, especially when timelines get tight. A CI pipeline with automated tests and monitoring creates visibility and accountability into each code commit, and regular demos to stakeholders highlighting defects prioritized by risk grounds backlog discussions.
Adopt a risk-based framework for requirements, testing, and issue prioritization
To extend the FDA’s risk-based framework, we prioritize incremental issues by the likelihood, frequency, and impact of their risk to the user. Tease out potential issues by reviewing requirements with the QA team ahead of time and highlight incremental issues during demos to ground the roadmap and backlog grooming discussions.
Integrate the system components as early as possible
Integrating the system early uncovers unforeseen scope and potential issues. Unforeseen scope causes delays, which reduces management’s trust and a cascade of events that result in undoing of cultural, process, and tool progress so far.
Implement incremental code and requirements reviews
Using junior/senior developer pairs, a CI pipeline for builds, and automated tests, we can typically identify trouble spots early. Our embedded code reviews look like this:
We also regularly reviewed requirements with each mature release because a simple design/tech stack/architecture is easier to iterate, test, and defend against security threats. Any software or requirement changes may need to be documented in the Quality Management System per regulatory standards.
Automate firmware builds and tests in a Continuous Integration (CI) pipeline
One of the first things we do for new customers is set up an automated build and test pipeline which usually takes less than a week. Web developers have been using these processes for years and although many embedded developers have heard of them, they likely haven’t seen or used them. Failing and passing commits look like this:
Unlock the benefits of accelerated medical device development
Accelerating medical device development is about more than just speeding up timelines; it’s about fostering a streamlined, collaborative environment where safety and innovation go hand in hand. By implementing integrated analytics and synchronized workflows, teams can achieve real-time visibility and accountability across the development process, ensuring that everyone stays aligned and informed.
One powerful advantage is the ability to perform thorough hardware simulations and peripheral tests early in development. This approach catches issues before they escalate, reducing reliance on physical hardware and allowing for consistent, accurate testing throughout. Cloud-based continuous deployment further enhances this process by moving builds seamlessly from simulation to quality assurance, ensuring that each stage meets rigorous standards before final testing on actual devices.
A well-structured CI pipeline with tools such as GitHub Actions, Jenkins, or GitLab supports automated firmware builds, efficient documentation, and consistent quality. This automated, repeatable workflow enables teams to manage risks proactively and bring products to market faster while upholding the highest safety standards.
With these strategies, rapid development cycles become achievable even for complex, regulated devices. Applying this approach enabled a 5-month timeline for developing a low-energy defibrillator, demonstrating the impact of accelerating medical device development.
By embracing similar techniques, your team can drive innovative, reliable products to market quickly and confidently.
Get started today
Ready to accelerate your medical device development? Dojo Five’s EmbedOps platform brings together our expertise in streamlined workflows, integrated testing, and automated pipelines–helping you bring products to market faster. Connect with the experts at Dojo Five today to unlock the full potential of efficient, high-quality medical device innovation.