Quality Assurance
Software Validation, SaMD & Computer System Validation
Software as a Medical Device, embedded software, and validated quality-system software.
What It Is
Software shows up in three regulated forms: Software as a Medical Device (SaMD) that is itself the device, software embedded in a device, and software used in your quality system or production that requires computer system validation (CSV). Each has its own expectations — IEC 62304 lifecycle processes, FDA software documentation levels, cybersecurity, risk management per ISO 14971, and validation evidence appropriate to the software’s role and risk.
When You Need It
You need software validation support when your device contains or is software, when you are preparing the software section of a 510(k), De Novo, or PMA, when you adopt an eQMS or production software that must be validated for intended use, or when an auditor has flagged your software or CSV documentation.
What We Do
We build the software documentation an FDA submission requires — software description, requirements and architecture, V&V, level of concern / documentation level, cybersecurity, and the IEC 62304 lifecycle artifacts — and we validate quality-system and production software (CSV) to a risk-based, intended-use standard that is appropriately lean. We connect software risk to your overall ISO 14971 risk management file rather than treating it as an island.
We Live It, Not Just Advise It
We build and operate software ourselves — including AuditIQ, our own AI compliance tool — under quality controls, and we validate the systems that run our operation. We approach your software validation as people who ship and validate software, with a practical view of how much rigor each system’s risk actually warrants.
How AuditIQ Helps
AuditIQ is itself a worked example of medical-device-adjacent software built under quality discipline. For your projects, it helps assess software-related documentation completeness against submission and CSV expectations.
Learn more about AuditIQ →Frequently Asked Questions
What is SaMD?
Software as a Medical Device is software intended for a medical purpose that performs that purpose without being part of a hardware device — for example, diagnostic or treatment-planning software. SaMD is regulated as a device and typically follows the De Novo or 510(k) pathway depending on novelty and risk.
What is IEC 62304?
IEC 62304 is the international standard for the medical device software lifecycle. It defines processes for development, maintenance, risk management, and configuration management, scaled by a software safety classification (A, B, or C). FDA recognizes it, and submissions are expected to align with it.
Do I have to validate my eQMS and production software?
Yes — software used in your quality system or production must be validated for its intended use under both ISO 13485 and FDA requirements. We take a risk-based CSV approach so a low-risk tool gets proportionate, not excessive, validation effort.
Ready to Talk Through Your Software Validation Project?
Tell us where you are in the process. We respond within one business day.
Request a ConsultThe Boulder BioMed Family
One campus, one quality system. We manufacture, sterilize, and test medical devices in-house — so our regulatory and quality work is grounded in operations, not theory.