Our services in Detail

Quality Management and Regulatory Affairs Services

  • EU, USA, ROW (e.g. Canada, Australia)
  • Medical Devices according to MDD/MDR
  • Active Implantable Devices according to AIMDD/MDR
  • In Vitro Diagnostic Devices according to IVDD/IVDR
  • Combination Products according to MDR (article 117) and FDA 21 CFR Part 4 (CPGMP)
  • Quality Management according to ISO 13485 and FDA 21 CFR Part 820
  • Auditing (Mock Audits, MDSAP, QSIT)
  • Due Diligence (e.g. company take-overs, investments)


  • Good Manufacturing Practice (GMP)
  • Good Automated Manufacturing Practice (GAMP)
  • Good Engineering Practice (GEP)
  • Good Documentation Practice (GDP)
  • Good Laboratory Practice (GLP)

Project Management Services

  • Safety and (Cyber) Security Risk Management according to ISO 14971, AAMI TIR57 and Safety Assurance Cases according to AAMI TIR38
  • Usability Engineering and Management according to IEC 62366-1
  • Interdisciplinary Project Management
  • Remediation Project Management
  • Product Lifecycle Management
  • Software, Electronics and Mechanics Lifecycle Management
  • Requirements Engineering and Management
  • Configuration and Change Management
  • CAPA Management
  • Manufacturing Process (Production) Management
  • Platform Engineering and Management
  • Waste Management

Medical Device Software with all of its Facets

Software Safety and Cybersecurity, Artificial Intelligence – Preparation for Submission / Certification, Data Protection, Software Lifecycle Process, Software Risk Management, Documentation and Submission of Medical Device Software according to IEC 62304, ISO 14971, IEC 80001-X, IEC 80002-X, IEC 82304-X, AAMI TIR32, AAMI TIR57, GPSV, FDA Software and Cybersecurity Guidelines and General Data Protection Regulation (GDPR) for:

  • Software in a Medical Device
  • Software as a Medical Device (SaMD)
  • Software in a Combination Product
  • Mobile Medical Applications
  • (Medical) Clouds
  • Software used for In Vitro Diagnostics
  • Production Equipment
  • Hospital Information Systems

Computer System Validation (CSV)

Support Lifecycle Process and Documentation for Process Validation/Equipment Qualification and especially Computer System Validations according to ISO 13485 Sections 4.1.6, 7.5.6 and 7.6 and 21 CFR Part 820.70 and 820.75, 21 CFR Part 11, GAMP4, GAMP5, PIC/S, AAMI TIR36, Cybersecurity and General Data Protection Regulation (GDPR)



  • We can help you to design a secure system from the beginning (secure design principles, first time right).
  • We can analyse your system for vulnerabilities (reverse engineering, code reviews, penetration testing, brute force, fuzz testing, DOS attacs, man in the middle, spoofing, eavesdropping, SQL injection, buffer overflow, etc.)
  • We can provide you a detailed test report, identifying vulnerabilities and proposing mitigation actions or demonstrating cybersecurity. This report fulfils medical device regulations and can be used for submission.


Quality by Design / Process Controls / Design Controls

  • Cybersecurity Planning
  • Cybersecurity Analysis (Vulnerability Analysis, Thread Modeling, I/O Analysis, etc.)
  • Cybersecurity Architectural and Detailed Design (secure design principles)
  • Cybersecurity Implementation (secure coding standards)
  • Cybersecurity Unit/Item/System Testing
  • Cybersecurity Release (Checklists)


Risk Management and Usability Engineering

  • Cybersecurity Risk Management according to ISO 14971, AAMI TIR57, Guidelines Worldwide and Usability Engineering according to IEC 62366-1
  • Identification of assets, attack vectors, threats and vulnerabilities and define mitigation actions to demonstrate cybersecurity
  • Assessment of the impact of threats and vulnerabilities on safety, device functionality, usability and end user/patients
  • Define security risk assessment criteria
  • Determination of risk levels and suitable mitigation strategies
  • Assessment of residual risk and risk acceptance criteria
  • 5 Functions Principle: Identify, Detect, Protect, Respond, Recover
  • Cybersecurity must not compromise the safety, the essential functioning and usability of the medical device (trade-off)



  • We analyze the market for new assets, threats, vulnerabilities and trends and can help you to establish periodic security update reports for your device.
  • We can help you to receive, review, assess, address and disclose security issues post market.

In conclusion: We provide the entire range of cybersecurity services to make your device secure, be compliant with medical device regulations worldwide and therefore ready to submit and launch your product. We can help you with establishing a cybersecurity concept, designing, usability, risk assessing, implementing, testing, documenting/reporting and submitting your device according to medical device regulations worldwide.