Medical Device Safety Engineering
Risk Management Through Certification
The medical devices industry is evolving rapidly, with new technologies and applications emerging alongside a growing focus on automation from established manufacturers. Risk identification and management are essential for successful certification by the FDA, Health Canada, and other bodies.
ISO 14971
IEC 62304
IEC 62366
ISO 14971 provides a framework for the risk management of medical devices, including active, non-active, implantable, non-implantable, software as a medical device, and in-vitro diagnostic devices.
This framework integrates experience, insight, and judgment to manage device risks and outlines procedures to review and monitor the effectiveness of risk control measures during production and post-production.
Guided by Tailored Application of
What we offer?
Tailored Use of Standards
ARP 4761
ARP 4754
DO-178, DO-254,
DO-326 and DO-356
Compliance with: 25.1309 & 23.2510
Safety Assessment
Tools
Conventional Tools such as: FTAs, DD, MA, and FMEAs
State-of-the-art tools such as: MBSA, CEA, COFFE, etc.
Safety Assessment Softwares: Windchill (WQS), Isograph, and Polarion
System
Expertise
Conventional Aircraft Systems, Advanced Air Mobility (AAM) Rotorcraft, RPAS
S1000D modules
such as: Mechanical, Propulsion, Avionics and Flight Controls
What We Deliver
End-to-end medical device risk management from concept through regulatory submission
Risk Management Planning
Identification of risk management activities for the medical device's use. Establish risk acceptability criteria and outline verification methods for risk control measures.
Risk Assessment
Identification of hazards using tools like PHA and FMEA. Assess risk by calculating the probability and severity of harm, evaluating the overall residual risk against the device's benefits.
Risk Control Measures (RCM)
Define and implement RCMs to lower inherent risks to acceptable levels. Verification activities of RCMs.
Characteristics Related to Safety
Assist manufacturers in identifying qualitative and quantitative characteristics of medical devices that affect their safety and define their limits.
Supporting Activities
Establish a monitoring system for the medical device during production and post-production to collect information that may affect the benefit-risk analysis.
Audit Support
Prepare a comprehensive Risk Management file, including a Risk Management Plan and ISO 14971 Compliance Matrix, for certification by authorities like the Food and Drugs Administration (FDA).
Software Certification (IEC 62304)
Support IEC 62304 software lifecycle process implementation. Assessment of SOUP (Software of Unknown Provenance).
Usability Analysis (IEC 62366)
Support usability analysis following IEC 62366 to ensure medical devices meet usability requirements for safe and effective use.
Projects We've Supported
ISO 14971
Risk Management file
Application of ISO 14971 in FDA certification
FMEA
Risk Reduction
Identification and evaluation of RCM
IEC 62366
Usability Analysis
Supporting usability analysis following IEC 62366
SOUP
Software Assessment
Assessment of SOUP (Software of Unknown Provenance)
Case Study: RPAS Certification Support
Challenge: A Canadian RPAS manufacturer developing a complex rotary-wing drone required a full safety program to support their Transport Canada type certificate application. The program involved novel propulsion architecture with no historical failure rate data.
What QTSI delivered: Safety Program Plan, AFHA and SFHA, PSSA and SSA for the flight control and propulsion systems. FTA and FMEA for all DAL A and B functions. Failure rate substantiation using FMEDA methodology. Liaison support with Transport Canada reviewers throughout the process.
Outcome: Certification package accepted by Transport Canada. Safety assessment delivered within program schedule. Client team upskilled on ARP4761A methods during the engagement.
The Standards We Work In
Deep technical expertise in the standards relevant to your medical device program risk management
ISO 14971— Application of Risk Management to Medical Devices
What it is: ISO 14971 provides a framework for the risk management of medical devices, including active, non-active, implantable, non-implantable, software as a medical device, and in-vitro diagnostic devices. This framework integrates experience, insight, and judgment to manage device risks and outlines procedures to review and monitor the effectiveness of risk control measures during production and post-production.
What QTSI delivers: QTSI delivers the full ISO 14971 risk management process: risk management planning, hazard identification (PHA, FMEA), risk assessment, risk control measure definition and verification, benefit-risk analysis, and preparation of the comprehensive Risk Management file including Risk Management Plan and ISO 14971 Compliance Matrix for FDA, Health Canada, and other certification bodies.
IEC 62304 — Medical Device Software: Software Life Cycle Processes
What it is: IEC 62304 defines the lifecycle requirements for software in medical devices. It establishes a framework for the development and maintenance of medical device software and applies to software that is itself a medical device or is an integral part of a medical device.
What QTSI delivers: QTSI supports IEC 62304 software lifecycle process implementation and provides assessment of SOUP (Software of Unknown Provenance) — including identification, characterisation, and documentation of open-source and third-party software components used in medical device software.
IEC 62366 — Medical Devices: Application of Usability Engineering
What it is: IEC 62366 specifies a process for a manufacturer to analyse, specify, develop, and evaluate the usability of a medical device. Usability engineering is essential for ensuring that medical devices are safe and effective in their intended use environment.
What QTSI delivers: QTSI supports usability analysis following IEC 62366, ensuring medical device designs address use-related risks and that usability study documentation meets the requirements of regulatory submissions to the FDA, Health Canada, and other authorities.
Tools & Platforms
We deliver in the same toolchains your team already uses — no re-training required.
Jira
Risk and subsequent action management
IBM DOORS
Requirements management and safety traceability across the V-model
Siemens Polarion
Full lifecycle management, requirements, and V&V traceability
Isograph
FTA, RBD, and reliability analysis for quantitative safety assessment
Jama
Requirements management and safety traceability across the V-model
CAFTA
Failure Tree Analysis (FTA) tool.
What sets us apart?
We have extensive experience and a thorough understanding of ISO 14971, particularly in the definitive risk identification and risk assessment procedures for medical devices. Some key contributions include:
Our experience in:
-
Applying ISO 14971 process in certification of radiotherapy machines for Oncology Treatment
-
Using FMEA for risk reduction & identification of risk control measures (RCM)
-
Support usability analysis following IEC 62366
-
Support IEC 62304 software lifecycle process implementation
-
Assessment of SOUP (Software of Unknown Provenance)
Working on a medical device certification program?
Whether you're preparing your first ISO 14971 Risk Management file or supporting an FDA, Health Canada, or CE mark submission, QTSI steps in at any point in your device lifecycle
From the Safety Gazette
Practical insights on medical device risk management and safety engineering written by our engineers.
