Articles Questions

Updated January 27, 2023

Can We Use GitHub and Other SaaS For Our Software as a Medical Device?

Dr. Oliver Eidel


We’re currently using SaaS tools like GitHub to host our code. Our consultant told us that that’s not okay and we need to self-host everything. His reason was that we’re only allowed to use tools which we can “validate” ourselves. That would mean that any third-party-hosted software like GitHub would be prohibited. Help!

Short Answer

Your consultant is wrong. You can use GitHub. And look for another consultant.

Long Answer

The ISO 13485 requires you to “validate” all quality-relevant software prior to use. That applies to GitHub, too. The fact that GitHub is hosted somewhere else and you don’t have full control over it is not a problem per se. You should just write down some sort of explanation why you’re okay with that.

The most obvious line of reasoning would be this: The availability of third-party-hosted software like GitHub is much higher if they take care of the hosting. So, it’s a good thing. On the other hand, what would the risks be? Data gets leaked or you lose access to the service, e.g. because you live in a country which is affected by U.S. export bans.

Include those points in your software validation and you’re good to go. See this answer to a similar question for a more in-depth explanation of what to.

On a slighty different note: You want to get your medical software certified under MDR but don't know where to start? No worries! That's why we built the Wizard. It's a self-guided software which helps you create your documentation yourself, for only 149€ / month. No prior knowledge required. You should check it out.

Or, if you're looking for some human help, did you know that we also provide consulting, often guiding startups from start to finish in their medical device compliance?

And there's so much more: If you're looking for the best QMS software ever, look no further. We've built Formwork, and it's free!

Congratulations! You read this far.

Get notified when we post something new.

Sign up for our free newsletter.

Dr. Oliver Eidel

I'm a medical doctor, software engineer and regulatory dude. I've helped 50+ companies with their medical device compliance. I mainly work as a regulatory consultant, but my goal is to make consulting unnecessary by publishing all of our articles and templates for free :)

If you're still lost and have further questions, just send me an email. Read more about me here.

Digital Health Jobs No Cookie For You Privacy Policy Imprint
No QMS on this planet will save you from creating crappy software.