← All engineering posts

11-Part Series

SaMD Engineering

What Is SaMD? Software as a Medical Device Explained
Part 1

What Is SaMD? Software as a Medical Device Explained

Software as a medical device (SaMD) means full regulatory burden with no hardware to hide behind. How we built and FDA-cleared an AI radiotherapy SaMD on AWS.

FDA Pathways for SaMD: 510(k) vs De Novo vs PMA
Part 2

FDA Pathways for SaMD: 510(k) vs De Novo vs PMA

How to choose between 510(k), De Novo, and PMA for your SaMD. Real costs, timelines, and the pathway decision we made for an AI radiotherapy tool.

IEC 62304 in Practice: Medical Device Software Without the Waterfall
Part 3

IEC 62304 in Practice: Medical Device Software Without the Waterfall

IEC 62304 doesn't mandate waterfall. How we ran agile sprints for a Class C SaMD and satisfied every lifecycle requirement with less documentation, not more.

ISO 14971 Risk Management for SaMD: What FDA Reviewers Read
Part 4

ISO 14971 Risk Management for SaMD: What FDA Reviewers Read

ISO 14971 requires a risk management file for every medical device. How we structured one for a Class C AI SaMD with dozens of hazards and full traceability.

HIPAA Compliant AWS Architecture for Medical Device Software
Part 5

HIPAA Compliant AWS Architecture for Medical Device Software

HIPAA compliant AWS architecture for SaMD requires more than signing a BAA. How we built ContourCompanion on ECS with GPU instances, PHI controls, and audit trails.

Infrastructure as Code for Medical Devices: IQ OQ PQ with AWS CDK
Part 6

Infrastructure as Code for Medical Devices: IQ OQ PQ with AWS CDK

Infrastructure as code replaces manual IQ OQ PQ for medical devices. How we used AWS CDK and cdk-nag to automate GxP qualification for ContourCompanion.

Medical Device Cybersecurity: FDA Guidance, SBOMs, and Threat Modeling
Part 7

Medical Device Cybersecurity: FDA Guidance, SBOMs, and Threat Modeling

FDA cybersecurity guidance requires SBOMs, threat models, and security testing for medical devices. How we implemented IEC 81001-5-1 for a Class II AI SaMD on AWS.

Design Controls for Medical Devices: 21 CFR 820.30 in Practice
Part 8

Design Controls for Medical Devices: 21 CFR 820.30 in Practice

Design controls under 21 CFR 820.30 require a design history file with full traceability. How we ran design controls for a Class II AI SaMD using agile sprints.

AI/ML SaMD: FDA Artificial Intelligence Guidance in Practice
Part 9

AI/ML SaMD: FDA Artificial Intelligence Guidance in Practice

FDA artificial intelligence guidance requires GMLP, algorithm validation, and bias assessment for AI/ML SaMD. How we validated a Class II AI autocontouring system.

PCCP for AI SaMD: FDA Predetermined Change Control Plans
Part 10

PCCP for AI SaMD: FDA Predetermined Change Control Plans

FDA PCCP guidance lets AI SaMD manufacturers pre-authorize model updates without new 510(k) submissions. Three required components and how to scope them.

SaMD Engineering Toolchain: How Small Teams Ship FDA-Cleared Software
Part 11

SaMD Engineering Toolchain: How Small Teams Ship FDA-Cleared Software

The engineering toolchain behind an FDA-cleared AI SaMD: IaC with CDK, automated traceability, container deployment, compliance-as-code, and the practices that replace headcount.