Verification and Validation of Medical Software and AI Applications
We handle the complete verification and validation (V&V) of your medical device software or Software as a Medical Device (SaMD): from software verification through clinical validation to security and AI validation in accordance with the MDR, IEC 62304, and ISO 13485. As a software service provider certified to ISO 13485 and ISO 27001, we combine deep engineering expertise with regulatory expertise.
When are our V&V Services a good fit for you?
As your external V&V partner, we support you during the critical phases of your software lifecycle.
Typical reasons why customers come to us:
Prior to the MDR or FDA Submission
You have developed your software and need complete verification and validation documentation for your technical documentation, the Notified Body audit, or your 510(k) submission.
Before the Notified Body Audit
You want to improve audit compliance and proactively identify and address weaknesses in test protocols, traceability matrices, or clinical evaluations.
Prior to DiGA Listing
You are preparing the application for inclusion in the BfArM registry pursuant to Section 139e of SGB V and require clinical validation, a security assessment compliant with BSI TR-03161, and test documentation compliant with IEC 62304.
In Software Acquisitions and Due Diligence
You are acquiring a software asset or medical device software and need an independent assessment of the depth of testing, the quality of documentation, and the compliance status.
For Major Releases
You are planning a major software update and need comprehensive regression testing, an updated risk analysis, and verification of the new functionality.
AI Model Validation
You are developing or updating an AI or ML model and want to validate its performance, robustness, fairness, and compliance with the MDR, FDA requirements, or the EU AI Act.
An Overview of our V&V Services
We cover all areas of medical software verification and validation, from the unit-test level to clinical trials, and from penetration testing to AI performance validation. You receive all services from a single source, complete with consistent documentation.
Software Verification according to IEC 62304
We verify your software against its requirements and specifications, from unit and integration tests to comprehensive system tests. We take into account the software safety classification (Class A, B, or C), ensure requirements traceability through a comprehensive test matrix, and provide you with test plans, test logs, and test reports in the format required for certification.
Usability Validation
We conduct formative and summative usability studies in accordance with IEC 62366 and identify usage errors before they become risks.
Security Validation
In the area of cybersecurity, we offer penetration testing, vulnerability scans, threat modeling, SBOM creation, and compliance assessments against IEC 81001-5-1, FDA Cybersecurity Guidance, and BSI TR-03161 for DiGA.
AI Validation
We validate machine learning and AI models for clinical performance, robustness, fairness, and reproducibility. This includes subgroup analyses, distribution shift tests, bias and calibration checks, and the implementation of post-market drift monitoring.
Our Process: From a V&V Engagement to Audit Assurance
1. Gap Analysis and Scoping
Together with you, we review the current status of your software, documentation, and tests. We identify gaps relative to the applicable standards (IEC 62304, ISO 14971, IEC 62366, IEC 81001-5-1) and the target regulatory approval (MDR, FDA, DiGA), and prioritize verification and validation (V&V) activities based on risk class and audit relevance.
2. V&V Planning
We develop a comprehensive V&V plan that includes a test strategy, test environment, traceability matrix, acceptance criteria, and deliverables. For clinical validation, this includes the Clinical Evaluation Plan; for AI applications, it includes the model validation plan, which covers performance metrics and dataset requirements.
3. Implementation and Documentation
We conduct the planned tests—ranging from automated verification to clinical trials and penetration testing—and document all results in an audit-ready format. You will receive test reports, risk-benefit analyses, clinical reports, and security assessments as part of your technical documentation.
4. Audit Support and Post-Market
We’ll guide you through the Notified Body audit or the FDA submission, answer any technical or regulatory questions you may have, and, upon request, set up your post-market surveillance and drift monitoring programs.
Our Acquisition Process
1. Gap Analysis and Scoping
Together with you, we review the current status of your software, documentation, and tests. We identify gaps relative to the applicable standards (IEC 62304, ISO 14971, IEC 62366, IEC 81001-5-1) and the target regulatory approval (MDR, FDA, DiGA), and prioritize verification and validation (V&V) activities based on risk class and audit relevance.
2. V&V Planning
We develop a comprehensive V&V plan that includes a test strategy, test environment, traceability matrix, acceptance criteria, and deliverables. For clinical validation, this includes the Clinical Evaluation Plan; for AI applications, it includes the model validation plan, which covers performance metrics and dataset requirements.
3. Implementation and Documentation
We conduct the planned tests—ranging from automated verification to clinical trials and penetration testing—and document all results in an audit-ready format. You will receive test reports, risk-benefit analyses, clinical reports, and security assessments as part of your technical documentation.
4. Audit Support and Post-Market
We’ll guide you through the Notified Body audit or the FDA submission, answer any technical or regulatory questions you may have, and, upon request, set up your post-market surveillance and drift monitoring programs.
What really sets us apart
ISO 13485 certified
Our quality management system is certified in accordance with ISO 13485. This ensures that we conduct compliant verification and validation of software as a medical device and meet the requirements of the MDR and the FDA (21 CFR, QMSR) for quality management systems.
ISO 27001 certified
QuickBird Medical is ISO 27001 certified for information security. We are experts in cybersecurity and in handling sensitive health data in compliance with data protection regulations, whether through penetration tests, security audits, or the design of your security architecture.
External placing on the market
If required, we can serve as the legal manufacturer for your medical device software. We will therefore assume legal responsibility for compliance with all regulatory requirements of the MDR or the FDA. This allows you to focus on your core competencies, such as sales and marketing.
Do you need External Verification and Validation of your Medical Software?
Our team will assist you with the complete validation and verification of your medical software or medical device. You’ll benefit from our experience in implementing all regulatory requirements of the MDR, FDA, and DiGA. Contact us to schedule a no-obligation initial meeting. Let’s explore together how we can help you with your project.