Skip to content
CROSSWALK

Requirements by Discipline

Requirements from all standards, grouped by subject discipline — quality management, risk, software lifecycle, cybersecurity, and usability engineering.

184 requirements across all standards. Browse by standard →

Quality Management

66 requirements across all standards

StandardClauseRequirementCommon GapsDetails
IEC 81001-5-1§4.1.1, 4.1.2QMS and Security Responsibilities1View →
IEC 81001-5-1§4.1.3Identification of Applicability1View →
IEC 81001-5-1§4.1.4Security Expertise and Training1View →
IEC 81001-5-1§4.1.6, 4.1.8Continuous Improvement and Periodic Review1View →
21 CFR Postmarket§803.10MDR Reporting Requirements — General Obligations
21 CFR Postmarket§803.17Written MDR Procedures
21 CFR Postmarket§803.18MDR Event Files and Records Retention
21 CFR Postmarket§803.50Manufacturer MDR Reporting — Adverse Event Investigation and Submission
21 CFR Postmarket§803.535-Day Expedited MDR Reports
21 CFR Postmarket§806.10Reports of Corrections and Removals
21 CFR Postmarket§806.20Records of Corrections and Removals Not Required to Be Reported
21 CFR Postmarket§806.30FDA Access to Corrections and Removals Records
21 CFR Postmarket§810.10, 810.15Cease Distribution and Notification Order — Compliance Obligations
21 CFR Postmarket§810.13, 810.14Mandatory Recall Order — Strategy and Status Reporting
21 CFR Postmarket§822.1, 822.4, 822.5, 822.8, 822.24Postmarket Surveillance Order — Applicability and Plan Submission
21 CFR Postmarket§822.10, 822.11, 822.15Postmarket Surveillance Plan Content Requirements
21 CFR Postmarket§822.31, 822.33, 822.35, 822.36, 822.38Postmarket Surveillance Records and Reporting Obligations
21 CFR Postmarket§822.26Postmarket Surveillance — Change of Ownership Notification
21 CFR Postmarket§822.27Postmarket Surveillance — Business Closure Notification
21 CFR Postmarket§822.28Postmarket Surveillance — Obligation Continues After Ceasing to Market
21 CFR Postmarket§822.34Postmarket Surveillance — Sponsor or Investigator Change Records Transfer
21 CFR Postmarket§803.56Manufacturer Supplemental and Followup MDR Reports
QMSR / ISO 13485§7.3.2Design and Development Planning5View →
QMSR / ISO 13485§7.3.3Design and Development Inputs5View →
QMSR / ISO 13485§7.3.5Design and Development Review5View →
QMSR / ISO 13485§5.6Management Review5View →
QMSR / ISO 13485§8.5.2, 8.5.3Corrective and Preventive Action (CAPA)5View →
QMSR / ISO 13485§8.2.2Complaint Handling5View →
QMSR / ISO 13485§4.2.4Document Control5View →
QMSR / ISO 13485§4.2.3Medical Device File4View →
QMSR / ISO 13485§7.4, 4.1.5Supplier Management5View →
QMSR / ISO 13485§7.3.4Design Outputs5View →
QMSR / ISO 13485§7.3.6Design Verification5View →
QMSR / ISO 13485§7.3.7Design Validation5View →
QMSR / ISO 13485§7.3.9Design Changes5View →
QMSR / ISO 13485§7.3.8Design Transfer4View →
QMSR / ISO 13485§7.5.6Process Validation5View →
QMSR / ISO 13485§8.2.4Internal Audit5View →
QMSR / ISO 13485§8.3Nonconforming Product5View →
QMSR / ISO 13485§6.2Human Resources / Training5View →
QMSR / ISO 13485§4.2.5Records Control5View →
QMSR / ISO 13485§7.5.1Labeling Controls5View →
QMSR / ISO 13485§4.2.5Control of Records5View →
QMSR / ISO 13485§8.2.1Feedback / Post-Market Surveillance3View →
QMSR / ISO 13485§8.2.3Regulatory Reporting5View →
QMSR / ISO 13485§8.4Analysis of Data5View →
QMSR / ISO 13485§5.3Quality Policy5View →
QMSR / ISO 13485§4.2.1, 4.2.2Quality Manual5View →
QMSR / ISO 13485§6.3Infrastructure and Equipment Maintenance5View →
QMSR / ISO 13485§6.4Work Environment and Contamination Control5View →
QMSR / ISO 13485§7.1Product Realization Planning and Quality Plan5View →
QMSR / ISO 13485§7.2Customer Requirements and Communication5View →
QMSR / ISO 13485§7.5.1Production Process Controls and Work Instructions5View →
QMSR / ISO 13485§7.5.8, 7.5.9Product Identification and Traceability5View →
QMSR / ISO 13485§7.5.11Product Preservation — Handling, Packaging, and Storage5View →
QMSR / ISO 13485§7.6Calibration — Control of Monitoring and Measuring Equipment5View →
QMSR / ISO 13485§7.3Design History File (DHF)5View →
QMSR / ISO 13485§4.2.3Device Master Record (DMR) and Device History Record (DHR)5View →
QMSR / ISO 13485§8.2.6, 7.4.3Acceptance Activities — Receiving, In-Process, and Finished Device Release5View →
QMSR / ISO 13485§5.4.1, 5.4.2Quality Objectives and QMS Planning5View →
QMSR / ISO 13485§5.5.1, 5.5.2, 5.5.3Responsibility, Authority, and Communication5View →
QMSR / ISO 13485§7.5.2Cleanliness of Product3View →
QMSR / ISO 13485§7.5.3Installation Activities3View →
QMSR / ISO 13485§7.5.4Servicing Activities3View →
QMSR / ISO 13485§7.5.10Customer Property3View →
QMSR / ISO 13485§4.1.4Control of Changes to QMS Processes4View →

Risk Management

43 requirements across all standards

StandardClauseRequirementCommon GapsDetails
FDA Cybersecurity§V.A.1, V.B.2Threat Model Documentation1View →
FDA Cybersecurity§V.A.2Cybersecurity Risk Assessment1View →
FDA Cybersecurity§V.A.6, VI.B, VII.C.2Vulnerability Assessment and Management1View →
FDA Cybersecurity§V.A.6, VI.B, VII.EEnd-of-Life Cybersecurity Plan1View →
FDA Cybersecurity§5.3.3SOUP Risk Assessment1View →
FDA Cybersecurity§V.A.5Security Assessment of Unresolved Software Anomalies1View →
IEC 62304§4.3Software Safety Classification3View →
IEC 62304§5.2Software Requirements Analysis2View →
IEC 62304§5.7Software System Testing3View →
IEC 62304§7Software Risk Management1View →
IEC 62304§4.4.2Legacy Software Risk Management Activities2View →
IEC 62304§5.6.4Software Integration Testing Content2View →
IEC 62366§4.1.1Usability Engineering Process2View →
IEC 62366§5.3Identify known or foreseeable Hazards and Hazardous Situations2View →
IEC 62366§5.9Perform Summative Evaluation of the Usability of the User Interface4View →
IEC 62366§5.10User Interface of Unknown Provenance (UOUP)View →
IEC 62366§4.1.2RISK CONTROL as it relates to USER INTERFACE design2View →
IEC 62366§4.1.3Information for SAFETY as it relates to USABILITY2View →
IEC 62366§5.2Identify USER INTERFACE characteristics related to SAFETY and potential USE ERRORS2View →
IEC 62366§5.4Identify and describe HAZARD-RELATED USE SCENARIOS2View →
IEC 62366§5.5Select the HAZARD-RELATED USE SCENARIOS for SUMMATIVE EVALUATION2View →
IEC 81001-5-1§4.2Security Risk Management1View →
IEC 81001-5-1§4.3Software Item Classification for Risk Transfer1View →
IEC 81001-5-1§5.2.1Health Software Security Requirements1View →
IEC 81001-5-1§5.2.3Security Risks for Required Software1View →
IEC 81001-5-1§5.7.2Threat Mitigation Testing1View →
IEC 81001-5-1§7.1.1, 7.1.2Risk Management Context and Product Security Context1View →
IEC 81001-5-1§7.2Threat and Vulnerability Identification1View →
IEC 81001-5-1§7.3Security Risk Estimation and Evaluation1View →
IEC 81001-5-1§7.4Controlling Security Risks1View →
IEC 81001-5-1§7.5Monitoring Risk Control Effectiveness1View →
IEC 81001-5-1§9.4Analysing Vulnerabilities1View →
IEC 81001-5-1§9.5Addressing Security-Related Issues1View →
ISO 14971§4.1Risk Management Process3View →
ISO 14971§4.4Risk Management Plan2View →
ISO 14971§5.2Intended Use and Reasonably Foreseeable Misuse1View →
ISO 14971§5.4Hazard Identification and Risk Estimation2View →
ISO 14971§6Risk Evaluation Against Acceptability Criteria1View →
ISO 14971§7.1Risk Control Option Analysis2View →
ISO 14971§7.3Residual Risk Evaluation and Benefit-Risk Analysis2View →
ISO 14971§8Overall Residual Risk Evaluation and Risk Management Review1View →
ISO 14971§10Production and Post-Production Information Review2View →
QMSR / ISO 13485§7.1Risk Management5View →

Software Lifecycle

70 requirements across all standards

StandardClauseRequirementCommon GapsDetails
FDA Cybersecurity§V.A.4, VII.C.3, Appendix 4Software Bill of Materials1View →
FDA Cybersecurity§Appendix 1.H, VI.B, VII.DPatch and Update Management Plan1View →
FDA Cybersecurity§5.3.3, 5.3.4SOUP Identification and Management1View →
FDA Cybersecurity§5.3.3SOUP Risk Assessment1View →
FDA Cybersecurity§5.3.3SBOM Documentation and Maintenance1View →
FDA Cybersecurity§6.2Vulnerability Monitoring and Response1View →
FDA Cybersecurity§5.3.3Open Source License Compliance1View →
IEC 62304§4.3Software Safety Classification3View →
IEC 62304§5.1Software Development Planning2View →
IEC 62304§5.2Software Requirements Analysis2View →
IEC 62304§5.3Software Architectural Design3View →
IEC 62304§5.5Software unit implementation2View →
IEC 62304§5.7Software System Testing3View →
IEC 62304§5.8Software Release1View →
IEC 62304§6Software Maintenance2View →
IEC 62304§7Software Risk Management1View →
IEC 62304§8Software Configuration Management2View →
IEC 62304§9Software Problem Resolution1View →
IEC 62304§4.4.2Legacy Software Risk Management Activities2View →
IEC 62304§4.4.3Legacy Software Gap Analysis3View →
IEC 62304§4.4.4Legacy Software Gap Closure Activities2View →
IEC 62304§4.4.5Legacy Software Rationale for Continued Use2View →
IEC 62304§5.4.1Subdivide Software into Software Units2View →
IEC 62304§5.4.2Develop Detailed Design for Each Software Unit2View →
IEC 62304§5.4.3Develop Detailed Design for Software Unit Interfaces2View →
IEC 62304§5.4.4Verify Software Detailed Design2View →
IEC 62304§5.6.1Integrate Software Units2View →
IEC 62304§5.6.2Verify Software Integration2View →
IEC 62304§5.6.3Software Integration Testing2View →
IEC 62304§5.6.4Software Integration Testing Content2View →
IEC 62304§5.6.5Evaluate Software Integration Test Procedures2View →
IEC 62304§5.6.6Conduct Regression Tests During Integration2View →
IEC 62304§5.6.7Integration Test Record Contents3View →
IEC 81001-5-1§4.1.3Identification of Applicability1View →
IEC 81001-5-1§4.1.5Third-Party Supplier Security1View →
IEC 81001-5-1§4.1.9Accompanying Documentation Review1View →
IEC 81001-5-1§4.2Security Risk Management1View →
IEC 81001-5-1§4.3Software Item Classification for Risk Transfer1View →
IEC 81001-5-1§5.1.1Security Life Cycle Activities Planning1View →
IEC 81001-5-1§5.1.2Development Environment Security1View →
IEC 81001-5-1§5.1.3Secure Coding Standards Planning1View →
IEC 81001-5-1§5.2.1Health Software Security Requirements1View →
IEC 81001-5-1§5.2.2Security Requirements Review1View →
IEC 81001-5-1§5.2.3Security Risks for Required Software1View →
IEC 81001-5-1§5.3.1Defense-in-Depth Architecture1View →
IEC 81001-5-1§5.3.2Secure Design Best Practices1View →
IEC 81001-5-1§5.3.3Security Architectural Design Review1View →
IEC 81001-5-1§5.4.1Secure Software Design1View →
IEC 81001-5-1§5.4.3Secure Health Software Interfaces1View →
IEC 81001-5-1§5.4.4Detailed Design Verification for Security1View →
IEC 81001-5-1§5.5.1Secure Coding and Implementation Review1View →
IEC 81001-5-1§5.6Security in Integration Testing1View →
IEC 81001-5-1§5.7.1Security Requirements Testing1View →
IEC 81001-5-1§5.7.2Threat Mitigation Testing1View →
IEC 81001-5-1§5.7.3Vulnerability Testing1View →
IEC 81001-5-1§5.7.4Penetration Testing1View →
IEC 81001-5-1§5.7.5Tester Independence1View →
IEC 81001-5-1§5.8.1Pre-Release Security Verification1View →
IEC 81001-5-1§5.8.2Security Release Documentation1View →
IEC 81001-5-1§5.8.3File Integrity and Private Key Controls1View →
IEC 81001-5-1§5.8.7Secure Decommissioning Guidelines1View →
IEC 81001-5-1§6.1.1Timely Security Update Policy1View →
IEC 81001-5-1§6.2.1Monitoring Public Incident Reports1View →
IEC 81001-5-1§6.2.2Security Update Verification1View →
IEC 81001-5-1§6.3.1, 6.3.2, 6.3.3Security Update Documentation and Delivery1View →
IEC 81001-5-1§7.1.1, 7.1.2Risk Management Context and Product Security Context1View →
IEC 81001-5-1§7.2Threat and Vulnerability Identification1View →
IEC 81001-5-1§8Software Configuration Management1View →
IEC 81001-5-1§9.3Reviewing Vulnerabilities1View →
IEC 81001-5-1§9.5Addressing Security-Related Issues1View →

Cybersecurity

69 requirements across all standards

StandardClauseRequirementCommon GapsDetails
FDA Cybersecurity§V.A.1, V.B.2Threat Model Documentation1View →
FDA Cybersecurity§V.A.2Cybersecurity Risk Assessment1View →
FDA Cybersecurity§V.A.4, VII.C.3, Appendix 4Software Bill of Materials1View →
FDA Cybersecurity§V.A.6, VI.B, VII.C.2Vulnerability Assessment and Management1View →
FDA Cybersecurity§Appendix 1.H, VI.B, VII.DPatch and Update Management Plan1View →
FDA Cybersecurity§VI.B, VII.C.1Coordinated Vulnerability Disclosure1View →
FDA Cybersecurity§V.A.6, VI.B, VII.EEnd-of-Life Cybersecurity Plan1View →
FDA Cybersecurity§V.CPenetration Testing Evidence1View →
FDA Cybersecurity§5.3.3, 5.3.4SOUP Identification and Management1View →
FDA Cybersecurity§5.3.3SOUP Risk Assessment1View →
FDA Cybersecurity§5.3.3SBOM Documentation and Maintenance1View →
FDA Cybersecurity§6.2Vulnerability Monitoring and Response1View →
FDA Cybersecurity§5.3.3Open Source License Compliance1View →
FDA Cybersecurity§Appendix 1.AAuthentication Controls for Medical Devices1View →
FDA Cybersecurity§Appendix 1.BAuthorization Controls and Least Privilege1View →
FDA Cybersecurity§Appendix 1.CCryptography Selection and Implementation1View →
FDA Cybersecurity§Appendix 1.DCode, Data, and Execution Integrity1View →
FDA Cybersecurity§Appendix 1.EConfidentiality of Device Data and Credentials1View →
FDA Cybersecurity§Appendix 1.FSecurity Event Detection and Logging1View →
FDA Cybersecurity§Appendix 1.GCyber Resiliency and Recovery Design1View →
FDA Cybersecurity§V.A.3Interoperability Cybersecurity Considerations1View →
FDA Cybersecurity§V.A.5Security Assessment of Unresolved Software Anomalies1View →
FDA Cybersecurity§VI.ACybersecurity Labeling for Devices with Cybersecurity Risks1View →
IEC 81001-5-1§4.1.1, 4.1.2QMS and Security Responsibilities1View →
IEC 81001-5-1§4.1.3Identification of Applicability1View →
IEC 81001-5-1§4.1.4Security Expertise and Training1View →
IEC 81001-5-1§4.1.5Third-Party Supplier Security1View →
IEC 81001-5-1§4.1.6, 4.1.8Continuous Improvement and Periodic Review1View →
IEC 81001-5-1§4.1.7Disclosing Security-Related Issues1View →
IEC 81001-5-1§4.1.9Accompanying Documentation Review1View →
IEC 81001-5-1§4.2Security Risk Management1View →
IEC 81001-5-1§4.3Software Item Classification for Risk Transfer1View →
IEC 81001-5-1§5.1.1Security Life Cycle Activities Planning1View →
IEC 81001-5-1§5.1.2Development Environment Security1View →
IEC 81001-5-1§5.1.3Secure Coding Standards Planning1View →
IEC 81001-5-1§5.2.1Health Software Security Requirements1View →
IEC 81001-5-1§5.2.2Security Requirements Review1View →
IEC 81001-5-1§5.2.3Security Risks for Required Software1View →
IEC 81001-5-1§5.3.1Defense-in-Depth Architecture1View →
IEC 81001-5-1§5.3.2Secure Design Best Practices1View →
IEC 81001-5-1§5.3.3Security Architectural Design Review1View →
IEC 81001-5-1§5.4.1Secure Software Design1View →
IEC 81001-5-1§5.4.3Secure Health Software Interfaces1View →
IEC 81001-5-1§5.4.4Detailed Design Verification for Security1View →
IEC 81001-5-1§5.5.1Secure Coding and Implementation Review1View →
IEC 81001-5-1§5.6Security in Integration Testing1View →
IEC 81001-5-1§5.7.1Security Requirements Testing1View →
IEC 81001-5-1§5.7.2Threat Mitigation Testing1View →
IEC 81001-5-1§5.7.3Vulnerability Testing1View →
IEC 81001-5-1§5.7.4Penetration Testing1View →
IEC 81001-5-1§5.7.5Tester Independence1View →
IEC 81001-5-1§5.8.1Pre-Release Security Verification1View →
IEC 81001-5-1§5.8.2Security Release Documentation1View →
IEC 81001-5-1§5.8.3File Integrity and Private Key Controls1View →
IEC 81001-5-1§5.8.7Secure Decommissioning Guidelines1View →
IEC 81001-5-1§6.1.1Timely Security Update Policy1View →
IEC 81001-5-1§6.2.1Monitoring Public Incident Reports1View →
IEC 81001-5-1§6.2.2Security Update Verification1View →
IEC 81001-5-1§6.3.1, 6.3.2, 6.3.3Security Update Documentation and Delivery1View →
IEC 81001-5-1§7.1.1, 7.1.2Risk Management Context and Product Security Context1View →
IEC 81001-5-1§7.2Threat and Vulnerability Identification1View →
IEC 81001-5-1§7.3Security Risk Estimation and Evaluation1View →
IEC 81001-5-1§7.4Controlling Security Risks1View →
IEC 81001-5-1§7.5Monitoring Risk Control Effectiveness1View →
IEC 81001-5-1§8Software Configuration Management1View →
IEC 81001-5-1§9.2Receiving Vulnerability Notifications1View →
IEC 81001-5-1§9.3Reviewing Vulnerabilities1View →
IEC 81001-5-1§9.4Analysing Vulnerabilities1View →
IEC 81001-5-1§9.5Addressing Security-Related Issues1View →

Usability Engineering

16 requirements across all standards

StandardClauseRequirementCommon GapsDetails
IEC 62366§4.1.1Usability Engineering Process2View →
IEC 62366§4.2Usability Engineering File1View →
IEC 62366§5.1Use Specification1View →
IEC 62366§5.3Identify known or foreseeable Hazards and Hazardous Situations2View →
IEC 62366§5.7Establish User Interface Evaluation plan1View →
IEC 62366§5.9Perform Summative Evaluation of the Usability of the User Interface4View →
IEC 62366§5.10User Interface of Unknown Provenance (UOUP)View →
IEC 62366§4.1.2RISK CONTROL as it relates to USER INTERFACE design2View →
IEC 62366§4.1.3Information for SAFETY as it relates to USABILITY2View →
IEC 62366§5.2Identify USER INTERFACE characteristics related to SAFETY and potential USE ERRORS2View →
IEC 62366§5.4Identify and describe HAZARD-RELATED USE SCENARIOS2View →
IEC 62366§5.5Select the HAZARD-RELATED USE SCENARIOS for SUMMATIVE EVALUATION2View →
IEC 62366§5.6Establish USER INTERFACE SPECIFICATION2View →
IEC 62366§5.8Perform USER INTERFACE design, implementation and FORMATIVE EVALUATION3View →
ISO 14971§5.2Intended Use and Reasonably Foreseeable Misuse1View →
QMSR / ISO 13485§7.3.3Design and Development Inputs5View →

Sterilization

2 requirements across all standards

StandardClauseRequirementCommon GapsDetails
QMSR / ISO 13485§7.5.5Particular Requirements for Sterile Medical Devices3View →
QMSR / ISO 13485§7.5.7Particular Requirements for Validation of Processes for Sterilization and Sterile Barrier Systems3View →

Computerized Systems Validation & Data Integrity

1 requirement across all standards

StandardClauseRequirementCommon GapsDetails
QMSR / ISO 13485§4.1.6Validation of Computer Software Used in the QMS5View →

A free compliance scan is coming.

No credit card. No sales call. No consultants required.

We'll notify you when the scanner launches. No spam.