top of page


We aim to give Your Organisation the medical device, privacy and security knowledge it needs to create and manage medical device and healthcare software and services

We provide consulting and contracting services in regulatory compliance within the SaMD and healthcare software industry. Having created and managed software and systems within this field, we have the experience necessary to help understand and overcome the unique challenges faced by SaMD and healthcare software and service companies in the combination of medical device regulations, privacy and security regulations, and the overlap of quality, risk management, security, privacy and business continuity standards.

Dr Iain Charlton CEng

Director and Consultant

I have been working with medical device and healthcare software for most of my working life. Creating software that improves health outcomes for people, makes life better for healthcare professionals and innovates healthcare is what makes me passionate and committed to this industry.

Having been a part of a startup and early stage software medical device companies, I have had many roles, from building and managing engineering teams and technology foundations, general operations management, building products, demonstrating to customers and investors, recruitment, HR, medical device technical file management, quality and security system management, and leading regulatory and compliance.

My regulatory experience is underpinned by over a decade of technical experience developing SaMD and healthcare software, so I have a relatively unique comprehension of the design and production of software, as well as a broad and thorough understanding of the requirements of the standards and regulations.

Skills and Experience

Regulatory and Standards Compliance 
  • UK Medical Device regulation 2002, EU Medical Device Directive 93/42/EC and EU Medical Device Regulation 2017/745

  • U.S. Quality System Regulation  (21 CFR 820)

  • Creation and management of medical device technical documentation for CE marking and UKCA marking for SaMD

  • FDA De Novo application and 510k clearance of novel SaMD

  • Creation and management of ISO 13485 and 21 CFR 820 compliant quality management systems

  • Medical device clinical and cybersecurity risk management (ISO 14971, IEC 80001-1 and -2, ISO/TR 80002-1)

  • SaMD development (IEC 62304, IEC 62366-1)

  • Clinical evaluation (MEDDEV 2.7/1, ISO 14155, UK REC approval, basic knowledge of IRB approval)

  • Labelling and instructions for use (ISO 15223-1, ISO 20417) and eIFUs (EU regulations 207/2012 and 2021/2226)

  • Creation of ISO 27001 and ISO 27701 compliant information security and privacy information management systems

  • ISO 22301 based business continuity management systems

  • HIPAA and HITECH compliance of security and information management systems

  • UK DPA and UK/EU GDPR in a complex data controller and processor environment

  • EU and UK Network and Information Systems Regulations (the NIS Directive, DSP Directive and UK NIS Regulations) and compliance with the ENISA technical guidelines for DSPs

  • NHS standards compliance (NHS DCB0129 Clinical Risk Management, Data Security and Protection Toolkit, DTAC)

  • Web Content Accessibility Guidelines (WCAG) and the EU web accessibility directive

  • UK Cyber Essentials and Cyber Essentials Plus

Quality Management

  • ISO 13485 certification

  • Creating and maintaining policies, processes and procedures

  • Vigilance activities including MIR, FSCA, HHE and communicating with Competent Authorities

  • Management and registration of economic operators in the UK and EU

  • PMS report and PSUR writing

  • Creation and management of training and competence systems and resources

Security and Privacy Information Management

  • ISO 27001 and ISO 27701 certification

  • Creating and maintaining policies, processes and procedures

  • Creation and management of training and competence systems and resource


  • Establishing and growing engineering and quality assurance teams

  • Establishing best practices and standards for quality, security and data protection

  • Creating technical platforms and tools to support engineering teams

  • Leading CE marking of novel SaMD and healthcare software

  • Leading building quality, privacy and information security systems from the ground up

  • Onboarding and training quality and security management leads and staff

bottom of page