MDCG Guidance on Standardization for Medical Devices

The Medical Device Coordination Group (MDCG) published the ‘Guidance on Standardization for Medical Devices’ (MDCG 2021-5) on April 16, 2021. Though none of the information presented is new material, it does provide a consolidated reference point perhaps most useful to those new to the industry. It is comprised of four sections and intended to explain the varying aspects and framework of the existing EU directives and regulations.

Sections 1 and 2 of the MDCG guidance covers much of the history and background details, as well as emphasizing that adherence to these standards is voluntary. They simply serve as a useful framework for achieving compliance with the actual legal requirements.  Section 2 also covers how the standards use Annex Z  to identify the contents that need to be covered, while pointing out the absence of MDR due to it not having been harmonized.

In Section 3 of the MDCG guidance, it covers the processes used to achieve harmonization from both a broad level as well as the medical device perspective. Here, it also speaks to one of the common issues facing manufacturers in deciding which standards should be applied:

  • those that address “state of the art” or
  • those that have been harmonized.

Though the latest version of standards may better reflect “state of the art”, they may not be the harmonized version that implies compliance with legal requirements. Until the latest versions become harmonized, manufacturers are encouraged to perform gap assessments using both.

For those interested, the MDCG guidance can be found MDCG_2021-5.pdf.

See our post regarding the 2019 update to ISO 14971: ISO 14971 Updated in 2019 Release

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 5-7, 2024
Boston, MA

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

Register Now


Risk Management (Public or Private)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective training course is now open for scheduling!

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Next public offering:  TBD


Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering:  TBD


Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.