fda-medtech-compliance-auditor
Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.
About this skill
This skill transforms your AI agent into a specialized auditor for Medical Technology (MedTech) compliance. It meticulously reviews documentation for Software as a Medical Device (SaMD) and traditional medical devices, ensuring adherence to critical industry standards and regulations. Key areas of focus include the FDA's 21 CFR Part 820 (Quality System Regulation), IEC 62304 (Medical Device Software Lifecycle Processes), ISO 13485 (Medical Devices - Quality Management Systems), and ISO 14971 (Medical Devices - Application of Risk Management to Medical Devices). The agent can systematically review Design History Files (DHFs), technical documentation, and software validation protocols to identify potential compliance gaps, risks, and areas for improvement.
Best use case
Comprehensive compliance auditing for medical devices, specifically focusing on software validation, quality system adherence, and risk management documentation.
Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.
A detailed compliance report highlighting identified gaps, non-conformities, potential risks, and recommendations for corrective actions or improvements, cross-referenced to relevant regulations and standards.
Practical example
Example input
{"instruction": "Please audit the attached Design History File (DHF) and Software Validation Plan (SVP) for our new Class II diagnostic SaMD, 'MediScan Pro v2.0'. Focus on compliance with 21 CFR Part 820, IEC 62304, and ISO 14971. Specifically, check for traceability between design inputs/outputs, risk management activities, and comprehensive software testing.", "documents_to_review": ["DHF_MediScan_Pro_v2.0.pdf", "SVP_MediScan_Pro_v2.0.docx"]}Example output
{"audit_report": {"title": "Compliance Audit Report: MediScan Pro v2.0 DHF & SVP", "executive_summary": "The DHF and SVP for MediScan Pro v2.0 were reviewed against 21 CFR Part 820, IEC 62304, and ISO 14971. Overall, the documentation demonstrates a strong effort towards compliance. Several minor observations and one potential non-conformity were identified, primarily related to detailed risk mitigation traceability and specific software test case coverage.", "findings": [{"regulation": "21 CFR Part 820", "section": "820.30(f) - Design Verification", "type": "Observation", "description": "Traceability matrix for software design changes (DHF-SW-005) is missing links to specific verification activities for two minor bug fixes.", "recommendation": "Update DHF-SW-005 to include explicit links to verification test results for all software changes."}, {"regulation": "IEC 62304", "section": "5.6.3 - Software Test Documentation", "type": "Observation", "description": "Software Testing Report (STR-003) lacks specific unit test coverage metrics for the data processing module (Module A), which is class C software.", "recommendation": "Supplement STR-003 with detailed unit test coverage reports for Module A or provide justification for current coverage levels."}, {"regulation": "ISO 14971", "section": "4.4 & 4.6 - Risk Control Measures & Overall Residual Risk", "type": "Potential Non-Conformity", "description": "The mitigation effectiveness for risk 'R007: Data Integrity Loss during Transmission' is only qualitatively assessed; quantitative data or rigorous validation of the encryption protocol's effectiveness is not clearly documented.", "recommendation": "Conduct and document a quantitative assessment of the encryption protocol's effectiveness in mitigating data integrity loss, and update RMF-002 accordingly."}]}}When to use this skill
- When reviewing Software Validation Protocols for Medical Devices.
- When auditing a Design History File (DHF) for a software-based diagnostic tool.
- When ensuring compliance with IEC 62304 during software development lifecycle reviews.
- When performing internal audits against 21 CFR Part 820 for quality system procedures.
When not to use this skill
- As a substitute for human expert judgment in final regulatory submissions or critical decision-making.
- When the primary goal is legal counsel or official certification.
- For real-time operational auditing that requires physical presence or direct system interaction.
- If the provided documentation is incomplete, severely unorganized, or in formats the AI cannot process.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/fda-medtech-compliance-auditor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How fda-medtech-compliance-auditor Compares
| Feature / Agent | fda-medtech-compliance-auditor | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Expert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and software validation.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
SKILL.md Source
# FDA MedTech Compliance Auditor ## Overview This skill transforms your AI assistant into a specialized MedTech Compliance Auditor. It focuses on Software as a Medical Device (SaMD) and traditional medical equipment regulations, including 21 CFR Part 820 (Quality System Regulation), IEC 62304 (Software Lifecycle), ISO 13485, and ISO 14971 (Risk Management). ## When to Use This Skill - Use when reviewing Software Validation Protocols for Medical Devices. - Use when auditing a Design History File (DHF) for a software-based diagnostic tool. - Use when ensuring IT infrastructure meets 21 CFR Part 11 requirements for electronic records. - Use when preparing a CAPA (Corrective and Preventive Action) for a software defect. ## How It Works 1. **Activate the Skill**: Mention `@fda-medtech-compliance-auditor` and provide the document you wish to review. 2. **Specify the Standard**: State whether the focus is on Part 820, Part 11, ISO 13485, ISO 14971, or IEC 62304. 3. **Receive Findings**: The AI outputs specific audit findings categorized by severity (Major, Minor, Opportunity for Improvement) with regulatory citations. 4. **Correction Guidance**: Get actionable steps to resolve each finding and strengthen your audit readiness. ## Examples ### Example 1: CAPA Root Cause Review **Scenario:** A CAPA was opened for a software defect in a Class II device. The documented root cause is “developer error — unclear requirements.” The corrective action is developer retraining. **Finding:** ```text FDA AUDIT FINDING Severity: Major Citation: 21 CFR 820.100(a)(2) / IEC 62304 Section 5.1 Analysis: "Developer error" is a symptom, not a root cause. Retraining alone is a known red flag for FDA inspectors and will not withstand scrutiny. The true root cause lies in the software requirements engineering process itself — not an individual. Required Actions: 1. Perform a 5-Whys or Fishbone analysis targeting the requirements gathering and review process. 2. Update the SRS (Software Requirements Specification) and the corresponding process SOP. 3. Document an effectiveness check with a measurable criterion (e.g., zero requirements-related defects in next 3 releases). 4. Do not close the CAPA on retraining alone. ``` ## Best Practices - ✅ **Do:** Provide exact wording from SOPs, risk tables, or validation plans for the most accurate review. - ✅ **Do:** Expect strict interpretations — the goal is to find weaknesses before a real inspector does. - ❌ **Don't:** Forget to link every software defect to a clinical risk item in your ISO 14971 risk file. - ❌ **Don't:** Assume "we tested it and it works" satisfies IEC 62304 software verification requirements.
Related Skills
fda-food-safety-auditor
Expert AI auditor for FDA Food Safety (FSMA), HACCP, and PCQI compliance. Reviews food facility records and preventive controls.
customs-trade-compliance
Codified expertise for customs documentation, tariff classification, duty optimisation, restricted party screening, and regulatory compliance across multiple jurisdictions.
nft-standards
Master ERC-721 and ERC-1155 NFT standards, metadata best practices, and advanced NFT features.
nextjs-app-router-patterns
Comprehensive patterns for Next.js 14+ App Router architecture, Server Components, and modern full-stack React development.
new-rails-project
Create a new Rails project
networkx
NetworkX is a Python package for creating, manipulating, and analyzing complex networks and graphs.
network-engineer
Expert network engineer specializing in modern cloud networking, security architectures, and performance optimization.
nestjs-expert
You are an expert in Nest.js with deep knowledge of enterprise-grade Node.js application architecture, dependency injection patterns, decorators, middleware, guards, interceptors, pipes, testing strategies, database integration, and authentication systems.
nerdzao-elite
Senior Elite Software Engineer (15+) and Senior Product Designer. Full workflow with planning, architecture, TDD, clean code, and pixel-perfect UX validation.
nerdzao-elite-gemini-high
Modo Elite Coder + UX Pixel-Perfect otimizado especificamente para Gemini 3.1 Pro High. Workflow completo com foco em qualidade máxima e eficiência de tokens.
native-data-fetching
Use when implementing or debugging ANY network request, API call, or data fetching. Covers fetch API, React Query, SWR, error handling, caching, offline support, and Expo Router data loaders (useLoaderData).
n8n-workflow-patterns
Proven architectural patterns for building n8n workflows.