Development Quality in MedTech: Faster Approval - Without Costly Iterations

Anyone who develops medical devices is familiar with the tension: design freeze deadlines are set, standards change, test environments become more complex—and a single requirement gap identified too late can set approval back by months. Modifications made after the design freeze cost many times more than corrections made in the early planning phase.

The regulatory environment has defined clear process and documentation requirements with MDR/IVDR—making the regulatory framework transparent. The challenge lies in consistently implementing these requirements in day-to-day development. On the other side of the Atlantic, the FDA is continuously refining its software and cybersecurity requirements.

Starting May 28, 2026, four modules of EUDAMED—the European database for medical devices—will become mandatory: economic operator registration, UDI/device registration, certificates, and market surveillance. Two additional modules (vigilance and clinical investigations) will follow at a later date. For manufacturers who are not yet registered, the time pressure is now very real.

This article demonstrates how a structured development approach—from early, verifiable requirements through integration and validation to test bench validation with FAT/SAT—specifically reduces time, costs, and regulatory risks. Always compliant with MDR/IVDR, ISO 13485 (Quality Management for Medical Devices), EN ISO 14971 (Risk Management), IEC 62304 (Software Lifecycle), and IEC 60601-1 (Safety of Medical Electrical Equipment).

Why early quality accelerates approval

The most common cause of costly rework in medtech development is unclear or inconsistent requirements at the outset. Anything that isn’t clearly specified early on comes back after the design freeze—as a costly modification, an additional testing cycle, or a gap in the regulatory documentation.

At the same time, the scope of regulatory requirements is expanding: IEC 81001-5-1, the cybersecurity standard for health software and networked medical devices, is gaining prominence. It is supplemented by IEC TR 60601-4-5, a technical report with specific safety requirements for networked devices. Notified bodies already recognize IEC 81001-5-1 as the state of the art, even before formal harmonization under the MDR has been completed.

The practical benefits of establishing development quality early on:

• Requirements that are formulated in a verifiable and traceable manner from the outset significantly reduce the effort required for corrections—especially when each requirement is clearly assigned to a test case and a test report. This continuous chain of documentation (known in technical terms as “traceability”) provides the framework of evidence required during audits by Notified Bodies.
• Automated tests that run after every software change deliver consistent test results and make preparing for audits much more predictable than manual test runs would allow.
• Real test benches compliant with IEC 60601-1 ensure that safety and performance characteristics are verified not only on the model but on the actual device.
• Complete documentation, including EUDAMED registration, reduces the need for follow-up inquiries with Notified Bodies and speeds up the approval process.

Phase 1  Clarify requirements before decisions become costly

The first step is translating clinical, regulatory, and technical expectations into requirements that are truly verifiable. This sounds obvious, but in practice it often isn’t: Every requirement needs clear acceptance criteria, a responsible person, and a direct link to the subsequent test case. Any vagueness here will return after the design freeze as a costly modification—at which point even minor corrections will affect the entire downstream testing and documentation framework.

• Requirements emerge through dialogue: R&D, QA/RA, clinical users, and production must jointly define and take responsibility for what needs to be demonstrated later.
• The derivation follows a clear path: user needs → system requirements → subsystem and software requirements, with measurable acceptance criteria at every level.
• ISO 13485 (Quality Management for Medical Devices) provides the organizational framework within which requirements are documented, approved, and controlled in the event of modifications—a prerequisite for CE marking and FDA approval.
• IEC 62304 specifies how the software lifecycle—from planning and architecture through verification, validation, and maintenance—is mapped in accordance with standards.
• EN ISO 14971 establishes risk management early on: hazards are identified, assessed, and addressed through concrete measures at the requirements level.

Phase 2 System Design – Design for Verifiability

A design that cannot be tested efficiently later on results in significant additional effort during the validation phase. Architecture, interfaces, and data flows must therefore be defined in such a way that tests are realistic, reproducible, and automatable.

• Measurement points, diagnostic interfaces, and logging structures are integrated into the architecture early on—rather than being added later, which significantly complicates subsequent testing.
• Preparation for simulation-based testing methods (Model-in-the-Loop, Software-in-the-Loop, Hardware-in-the-Loop) enables validation steps to be performed much earlier in the development process.
• Communication protocols—CAN, FlexRay, Ethernet, Profinet—are specified deterministically so that later integration tests run under reproducible conditions.
• Acceptance criteria and thresholds for Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) are defined as early as the design phase, not just shortly before acceptance.
• For networked devices, security requirements in accordance with IEC TR 60601-4-5 must be incorporated into the system design. Incorporating cybersecurity requirements at a later stage is significantly more time-consuming and prone to errors.

Phase 3: Integration and Validation – with Documented Test Evidence

Once requirements are clear and the design is structured to be testable, the actual validation process begins. The goal: traceable, documented evidence of function, performance, and safety—as the basis for regulatory audits and approval applications.

• Modular test setups (test benches) for subsystems up to the entire system are designed to be operated in a standardized and repeatable manner.
• Network and bus simulation for CAN, FlexRay, Ethernet, or Profinet allows communication events to be controlled deterministically and error scenarios to be generated reproducibly—even without complete hardware.
• Automated endurance tests conducted over long cycles with monitoring identify endurance issues and failure modes before they occur in mass production.
• Cybersecurity validation: IEC 81001-5-1 defines the process framework for cybersecurity throughout the software lifecycle; IEC TR 60601-4-5 supplements specific safety requirements for the device. Notified bodies already recognize IEC 81001-5-1 as the state of the art and are increasingly requiring independent security tests as part of the certification process.
• Automated regression tests following every software change prevent new versions from inadvertently affecting existing functions.
• All test results are documented in standardized, versioned test reports—directly usable as evidence for MDR/IVDR and FDA authorities.

Phase 4 Test Bench Technology – Hardware Validation with FAT/SAT

Many medical technology systems require physical test benches for mechanical stress, electrical safety, image quality, or radiation-related testing. The key standard is IEC 60601-1, which defines general safety and performance requirements for medical electrical equipment. Specific aspects such as electromagnetic compatibility (IEC 60601-1-2) or radiation protection for X-ray systems (IEC 60601-1-3) are covered by related standards. Test bench design is consistently based on these specifications.

• Reliable, configurable test sequences with comprehensive logging form the foundation of all verifiable test bench operations—not optional convenience features.
• Clear, fault-tolerant user interfaces ensure that test procedures remain consistent and reproducible even with changing personnel.
• Special requirements such as radiation protection (lead chamber, radiation-related acceptance testing under the supervision of the customer’s radiation protection officer at the final installation site), climatic conditions, and EMC are integrated into the test bench design from the outset.
• FAT and SAT structure the handover process: The Factory Acceptance Test takes place at the manufacturer’s facility, while the Site Acceptance Test is conducted after commissioning at the destination site. Both establish clearly documented, verifiable milestones.

Three practical examples:

• X-ray test bench with lead chamber: FAT at the manufacturer’s facility; radiation-related tests in accordance with IEC 60601-1-3 under the supervision of the customer’s radiation safety officer at the destination site (SAT).
• Endurance test bench for pump systems: Cyclic loading under varying media conditions, automated monitoring and the analysis of wear and failure patterns.
• Wearable functional validation: Sensors, user interfaces, connectivity, and power management as an automated test bench setup.

Phase 5 Image Processing in Quality Control – Consistency Through Automation

Anywhere visual inspections are currently performed manually—whether in imaging systems, during component inspections, or during the analysis of test images—automated image processing offers an alternative with measurable benefits. Manual visual inspections are subject to human fatigue and subjective judgment, which limits consistency and traceability.

Automated optical inspection (AOI) and AI-based evaluation methods solve this problem: They deliver consistent quality over inspection runs of any length, can be trained to recognize known defect patterns, and provide numerically evaluable results. When integrated into automated test benches, image processing steps become an integral part of the test procedure—ensuring that image quality verification is both reproducible and documented.

Phase 6 Documentation – Building Approval-Ready Documentation from the Start

Regulatory-compliant documentation is not created at the end of the project—it is developed in parallel with the development process. Those who wait until shortly before submission to begin structuring the documentation lose time and, based on experience, face more inquiries from Notified Bodies to address.

• An MDR/IVDR-compliant document structure with a clear mapping of requirements, tests, and evidence forms the foundation.
• ISO 13485 (Quality Management for Medical Devices) structures all documentation and approval processes—and is a prerequisite for both CE marking and FDA approval.
• Risk management according to EN ISO 14971 and the software lifecycle according to IEC 62304 together form the chains of evidence for safety and software quality.
• For networked devices and medical software: Security process documentation in accordance with IEC 81001-5-1, as well as evidence of independent security testing, are now mandatory components of the approval documentation.
• EUDAMED (mandatory as of May 28, 2026): Stakeholder and UDI/device registration, certificates, and market surveillance reporting must be included in the first four mandatory modules. Those who begin operations after the deadline risk delays in their EU market launch.
• Audit-compliant versioning provides the foundation for documenting change histories in a traceable manner and answering audit questions accurately.

Phase 7: Everything from a single source: an integrated development approach

When requirements analysis, test setup, test bench development, and documentation are handled by different partners, information is lost at every interface—creating potential sources of errors and delays.

EDAG Industry Solutions brings all these competencies together: From the initial requirements through test bench setup and integration to audit-ready documentation, EDAG Industry Solutions manages the project without external hand-offs. This offers concrete advantages in practice:

• Modifications in requirements are consistently reflected across all supporting documents—because requirements, tests, and documentation are not handled by different partners.
• ISO 13485, EN ISO 14971, IEC 62304, IEC 60601-1, and IEC 81001-5-1 are integrated into the project framework from the outset, rather than being treated as an after-the-fact compliance task.
• Documentation for EUDAMED is developed in parallel with the product, ensuring that the modules required starting in May 2026 can be populated without additional effort.
• Structured quality records and complete test reports make audits by Notified Bodies more predictable and reduce the need for follow-up inquiries.

What this means in concrete terms

Companies that prioritize integrated development quality from the outset consistently report the same results. Approval is achieved more quickly because requirements are clearly documented from the start and test records are complete. Costly rework is less common because errors are detected early in automated testing—rather than only upon submission to regulatory authorities. Regulatory risk decreases because ISO 13485, EN ISO 14971, IEC 62304, IEC 60601-1, and IEC 81001-5-1 are not mere appendices to the development process, but rather its structuring framework. And overall costs decrease because manual testing efforts and audit rework are significantly reduced.

Conclusion

Medical devices are not developed solely for their functionality—they must demonstrably ensure patient safety and meet the requirements of regulatory authorities. Both of these goals are easier to achieve when quality is not merely verified at the end of the project, but is built into the development process from the very beginning.

If you, as a manufacturer or supplier, want to set the course for a shorter approval time today, start with the requirements—and build a continuous audit trail from there all the way to acceptance.

As a medtech manufacturer or supplier, are you facing the challenge of implementing MDR/IVDR requirements in a structured manner?

Talk to  Michael Kelnberger, Sales Manager Technical Sales, EDAG Engineering GmbH.

► Request a consultation: From initial requirements to acceptance 

► Download the white paper now: Development Quality in MedTech – Building the Traceability Path from the Start