High Impact Services

We provide full-service regulatory compliance and premarket submissions support for Medical Device Manufacturers including IEC 62304 SDLC assessments (SiMD, SaMD, and HealthIT), ISO 14971 risk management process assessments, IEC 82304 SaMD assessments, general quality systems development, risk management, as well as hands-on quality system automation and medical device validation services for Pharmaceutical and Medical Device companies. We also have extensive experience related to FDA enforcement action representation and negotiation.

We offer expert Lean Product Development  and Business Agility  coaching transformation services.

FDA Interaction
Tool Validation
Unit Verification
Blood Banking

We have helped clients with recovery from import detentions, injunctions, consent decree, Form 483 observations, and other FDA situations.  Our staff can provide a broad spectrum of support to quickly create short term and long term prioritized plans, immediate response remediation actions, and education and training.

We have helped clients with recovery from import detentions, injunctions, consent decree, Form 483 observations, and other FDA situations.  Our staff can provide a broad spectrum of support to quickly create short term and long term prioritized plans, immediate response remediation actions, and education and training.

We can help prepare the software documents for 510(k), PMA, and IDE Submissions including the related Procedures, Plans, Requirements and Design Specifications, Risk Analysis, Test Plans, Test Cases, Test Summaries, and Trace/coverage maps as well as all other required elements. We can also provide support for your entire submission – not only the software section.

SoftwareCPR – Submissions Services

Our partners have many years experience in the medical device industry (most have over 30 years!) directly with software that allows us to very quickly identify gaps and then more importantly to provide solid recommendations for closure.  We consider the product, the applicable quality management system, our clients’ current field history, the development team, and other factors that go into a recommendation that is both effective and efficient.  We can also just do an audit, but most of our clients appreciate our depth of input and the broad experience we bring.

We will work with you to plan the type of audit or assessment that will fit your needs and budget.  Our audits help improve your staff’s ability to articulate and defend existing approaches and documentation as well as identify issues and areas to consider for improvement. Our clients range from large corporations to small start-ups.  Our assessors avoid nitpicking and are flexible in terms of acceptable approaches.  Our reports are designed to clearly distinguish objective findings from subjective concerns and recommendations.  Objective evidence of effectiveness of procedures is a key factor in determining their adequacy, rather than using a “one size fits all” criteria. Executive summaries differentiate findings of different significance and communicate overall status and regulatory risk.

Our staff has years of experience including certified auditors and instructors for public training courses on Quality Systems, Design Control and Software Validation with FDA co-instructors. Our staff has been involved in routine internal auditing as well as in response to significant FDA enforcement actions and some have come from FDA. Our staff has performed internal training at FDA and Health Canada and has authored related standards.

Types of Assessments

Quality System and Regulatory

Assessments of pre-sub meeting agendas, premarket submission readiness, consent decree audits, and full quality systems for compliance and adequacy.

FDA Inspection Preparation

Gap analysis and staff training to prepare for FDA inspections including short-term strategies to reduce risk in inspections.

Standards Conformance

Assessments for conformance to IEC 62304 and other software related standards (e.g., IEC 60601-1 PEMS, ISO 14971, IEC 62366, and IEC 80001-1, 80002-1) by some of the authors of these standards. These focus on the intent of the standards and allow for the flexibility of approaches inherent in each.

Design Control and Software Validation

Assessments to identify compliance issues as well as opportunities for process improvement. These assessments range from in depth on-site best practice assessments to off-site document reviews.

Computer System Validation

and Part 11 audits of computer systems used in production or the quality system for Medical Devices and Pharmaceuticals.

Agile process Gap Assessment

focused on areas that tend to be “tricky” spots with Agile. We help identify the gaps, but we also help our clients comply in a manner best suited to the process they want to use. So our assessment is oriented to … “here’s the gap” and “here’s a suggestion for closing that gap in an agile way.” We believe this capability is our distinction … We embrace agile methods and believe they can be more effective, when implemented properly, at achieving true compliance.

Vendor, OEM, M&A

Assessments of outside companies for vendor capabilities and compliance and due diligence to identify gaps and regulatory risks in acquisitions or OEM arrangements.

HIPAA/Cybersecurity Coverage for Business Associates

Our staff examine both procedures and project / product records related to current customer data to verify conformance with the clients’ written procedures that govern privacy and protection of data, and adherence to procedures. Our approach would be to first develop an audit checklist from your procedures and then examine records.

System Risk Analysis and Software Risk Analysis Review

Both FDA and ISO medical device standards expect and promote a risk based approach to assuring safety and effectiveness.  A well thought out risk analysis methodology and process is key to construction of a sound and defendable case for acceptable risk.  Our staff can provide expert review, evaluation of risk controls for many devices, and IEC 80002-1 review of software risk analyses.

60601-1 Pre-Check Assessments

Our staff will review and perform informal checks to help reduce possibility of 60601-1 failures at test labs.

SoftwareCPR – Assessment Services

Validating the tools we use for quality system and production processes is important – both to us as medical device manufacturers and to regulators.  We want to know that we can trust the software to automate the processes consistently and repeatably.  However, the methods and process we use for tool validations should be commensurate with the risk associated with any tool software failures.  Many manufacturers can drift toward wasteful and non-value added activity in this area.  Let us review your approach for compliance and adequacy to FDA expectations, but also assess effectiveness: are you doing too much?  does validation add value?  How does one determine if it is enough?  We can review the intended use, overall process, and related processed to recommend a “right sized” approach.  For tools that are updated frequently (e.g., cloud based tools), we help you develop strategies and methods to “keep” your tools in validation.

We can also perform turn-key tool validation for groups that are resource limited or prefer to keep dev teams focused on product software.  We can perform the planning, review of intended use and any risk analysis work, create requirements and test protocols (if necessary), and execute testing – or any combination of those.  We can support development tools, testing tools, quality process tools (e.g., JIRA, Bug tracking systems, complaint handling systems, ERP systems, version control systems etc.), and manufacturing software.  We can also create quality plans and pilot programs as needed.  Our experience extends to helping strategize and create a plan for keeping tools validated, even when the tools are cloud-based. Many of our tool validations can be done on a fixed price basis.


Our staff has many years of experience dealing with medical device and software risk and hazard management for FDA compliance, submissions, and safety purposes, and thus are well suited to advise on unit verification approaches and methods.  Our experience ranges from low to high risk devices as well as risk-based approaches to validating Production and Quality Systems software and Part 11 compliance.  We can provide hands-on, turn-key code inspections, static analysis, and manual and automated unit verification assets.

SoftwareCPR – Design and Code Inspection Services

We have expert and specialized support with expectations from FDA’s Center for Biologics Evaluation and Research (CBER).  Our partners have worked with instrumentation and Blood Establishment Computer Systems (BECS) from the early days of compliance in this area.  We can help with regulatory planning, strategy, premarket submissions, compliance, and remediation activities.

Download our SoftwareCPR CBER Services Sheet

Our team of former medical device practitioners can effectively and efficiently assist with remediation activities for legacy products or acquired products that may have missing or poor software documentation.  We can help with quality planning, retrospective risk based approaches, and full hands-on creation of draft documentation for embedded software, SaMD including mobile apps, HealthIT, and digital health.  Key activities and deliverables we can help with:

  • System and software level risk analysis
  • System and software requirements and design specifications
  • Unit and integration level verification
  • Configuration Management
  • Defect Handling and Change Control
  • Cybersecurity analysis
  • Usability deficiencies


SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.