Transition from Research

When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself – one is exploring a concept or design approach that may or may not pan out in the end.  The US FDA has traditionally applied low scrutiny of medical device research phase activities in an effort to minimize the regulatory burden on the research process.  However the manufacturer is obligated to clearly define when research activities have come to a close and design controls (21 CFR 820.30) would apply.  In some cases, a manufacturer may not even be aware that software “lifecycle” documentation is required to demonstrate software quality and formulate a software validation argument.

A common mistake in this area is to treat this transition from research to design controls as a “binary” – that is, attempting to declare “research is done – now start design controls.”  While this may seem to be a proper approach from a regulatory standpoint, this binary type approach can be counterproductive.  An alternative approach that is more efficient and sustainable would be to define “maturity” levels for the research activities – where these maturity levels would represent progress toward “design input.”  Design input, by definition, starts the Design Controls activities.  Research phase activities should have as a goal to clearly define Design Input and correspondingly define how Design Validation will be accomplished.  This will involve multiple disciplines including regulatory.

This approach might be illustrated as below:


While this illustration is SaMD focused, one could adapt to SiMD as well.

Final thoughts:

  1. Ensure that the research activities, if continued, will result in clear “design input” to the design process and clarity as to how “design validation” will be performed and executed.
  2. Design input cannot be complete without the device level risk analysis.
  3. Recognize when an activity will require documentation necessary to show software lifecycle quality assurance processes.  Likewise, don’t unnecessarily burden the research process when an activity is clearly research – and that later design control activities will “re-develop” the designs.
About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 5-7, 2024
Boston, MA

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

Register Now



Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: February 12-15, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.