Articles Questions

Updated May 31, 2023

Can We Use GitHub and Other SaaS For Our Software as a Medical Device?

Dr. Oliver Eidel


We’re currently using SaaS tools like GitHub to host our code. Our consultant told us that that’s not okay and we need to self-host everything. His reason was that we’re only allowed to use tools which we can “validate” ourselves. That would mean that any third-party-hosted software like GitHub would be prohibited. Help!

Short Answer

Your consultant is wrong. You can use GitHub. And look for another consultant.

Long Answer

The ISO 13485 requires you to “validate” all quality-relevant software prior to use. That applies to GitHub, too. The fact that GitHub is hosted somewhere else and you don’t have full control over it is not a problem per se. You should just write down some sort of explanation why you’re okay with that.

The most obvious line of reasoning would be this: The availability of third-party-hosted software like GitHub is much higher if they take care of the hosting. So, it’s a good thing. On the other hand, what would the risks be? Data gets leaked or you lose access to the service, e.g. because you live in a country which is affected by U.S. export bans.

Include those points in your software validation and you’re good to go. See this answer to a similar question for a more in-depth explanation of what to.

On a slighty different note: You want to get your medical software certified under MDR but don't know where to start? No worries! That's why we built the Wizard. It's a self-guided video course which helps you create your documentation yourself. No prior knowledge required. You should check it out.

Or, if you're looking for the most awesome (in our opinion) eQMS software to manage your documentation, look no further. We've built Formwork, and it even has a free version!

If you're looking for human help, did you know that we also provide some limited consulting? It's limited because we are not many people. We guide startups from start to finish in their medical device compliance.

Congratulations! You read this far.

Get notified when we post something new.

Sign up for our free newsletter.

Dr. Oliver Eidel

I'm a medical doctor, software engineer and regulatory dude. I'm also the founder of OpenRegulatory.

Through OpenRegulatory, I've helped 100+ companies with their medical device compliance. While it's also my job that we stay profitable, I try to dedicate a lot of my time towards writing free content like our articles and templates. Maybe that will make consulting unnecessary some day? :)

If you're still lost and have further questions, just send me an email.

Read more about me here.

Digital Health Jobs No Cookie For You Privacy Policy Imprint
No QMS on this planet will save you from creating crappy software.