'/%3e%3cpath%20d='M16%2019h9.5L32%2041.8%2038.5%2019H48L35.4%2048h-6.8z'%20fill='%23f8fafc'/%3e%3ccircle%20cx='48'%20cy='16'%20r='4.5'%20fill='url(%23accent)'/%3e%3c/svg%3e)
Glossary
Medical device evidence glossary
Short definitions for common regulatory evidence, traceability, software lifecycle, cybersecurity, privacy, and usability terms used by medical device teams.
Core definitions
- SaMD: software intended to be used for one or more medical purposes without being part of a hardware medical device.
- DHF: design history file evidence showing design was developed according to approved plans and controls.
- Technical file: structured evidence package used for CE/UKCA conformity assessment.
- GSPR: general safety and performance requirements under EU MDR/IVDR concepts.
- SBOM: software bill of materials describing software components.
- VEX: vulnerability exploitability information used to explain vulnerability status and impact.
- Risk control: measure used to reduce risk or maintain risk acceptability.
- Verification: confirmation that specified requirements were met.
- Validation: confirmation that the device meets intended use and user needs.
- Usability engineering file: evidence that use-related risks were identified, evaluated, and controlled.
- Threat model: structured analysis of security threats, controls, and impacts.
- Traceability matrix: mapping between requirements, risks, controls, tests, and evidence.
- PMS: post-market surveillance activities after market release.
- Clinical evaluation: evidence process assessing clinical safety, performance, and benefit.
How to use the glossary
Use these definitions to align product, engineering, regulatory, quality, cybersecurity, privacy, and usability stakeholders around the same evidence language.
request a demo to turn this topic into a practical evidence-gap view for your device context.