TrueMedDeviceTrueMedDevice
Insights/How-To/Your DHF Is Not a Jira Board: Design Controls That Survive FDA Inspection
How-To

Your DHF Is Not a Jira Board: Design Controls That Survive FDA Inspection

By TrueMedDevice Regulatory IntelligenceMarch 6, 202616 min read
design controlsDHFdesign history fileFDA21 CFR 820.30QMSRISO 13485design reviewdesign verificationdesign validationSaMD

Executive Takeaway

  • What changed: The QMSR (effective February 2, 2026) replaced 21 CFR 820.30 with ISO 13485:2016 Clause 7.3 by reference. Design control requirements are now tied to an international standard, but the substance is largely the same — inputs, outputs, reviews, verification, validation, transfer, and changes.
  • Why it matters: Design control deficiencies are consistently among the top 5 FDA 483 observations. A Jira board is not a DHF. Email threads are not design reviews. Agile development is not exempt from design controls.
  • What to do next: Map your existing development artifacts to design control phases. Identify gaps in design review documentation, V&V traceability, and design transfer records. Build a DHF index that an auditor can follow.

The Scenario Every Software Device Team Recognizes

A software medical device team has been shipping iterative releases for 18 months. Their clinical decision support tool processes patient data, generates risk scores, and integrates with hospital EHR systems. Development follows two-week sprints with daily standups, PR reviews, and quarterly roadmap planning. The design history file is a collection of Jira tickets organized by epic, Confluence pages documenting architecture decisions, and email threads capturing stakeholder feedback.

During a routine FDA inspection, the investigator opens the DHF and finds no controlled index, no formal design review records, and no traceability between design inputs and verification test cases. The 483 observation reads: "failure to maintain a complete design history file" and "design reviews not conducted or documented per established procedures." The VP of Engineering asks: "we have thousands of Jira tickets, 200 Confluence pages, and test coverage above 90% — what exactly do we need to fix?"

The quality team realizes the artifacts exist. The requirements are in Jira epics. The architecture is documented in Confluence. Test results live in the CI/CD pipeline. But the traceability is missing. Design reviews happened in standup meetings and PR approvals, but were never formally documented with attendees, agenda, decisions, and action items. The gap is not in the work — it is in the evidence trail.

What the Regulation Requires

Design controls are not optional for any class of medical device that requires design controls under FDA regulations (Class II and III devices, and Class I devices subject to design controls). The regulatory framework spans multiple standards and guidance documents.

21 CFR 820.30 (now [Reserved] under QMSR)

The former Quality System Regulation (QSR) Section 820.30 defined design control requirements for medical devices in the United States. As of February 2, 2026, the QMSR replaced the QSR and Section 820.30 is now [Reserved]. Design control requirements are incorporated by reference to ISO 13485:2016 Clause 7.3.

ISO 13485:2016 Clause 7.3 (Design and Development)

Clause 7.3 covers the full design lifecycle in ten sub-clauses: 7.3.1 (General), 7.3.2 (Design and development planning), 7.3.3 (Design and development inputs), 7.3.4 (Design and development outputs), 7.3.5 (Design and development review), 7.3.6 (Design and development verification), 7.3.7 (Design and development validation), 7.3.8 (Design and development transfer), 7.3.9 (Control of design and development changes), and 7.3.10 (Design and development files).

IEC 62304 — Software Lifecycle Processes

For software medical devices and software components of medical devices, IEC 62304:2006+A1:2015 defines software development lifecycle requirements. Software safety classification (Class A, B, or C) determines the rigor of documentation, verification, and testing requirements. IEC 62304 integrates with ISO 14971 for risk management throughout the software lifecycle.

Additional Guidance

FDA's 1997 guidance document "Design Controls" remains a foundational reference for understanding design control intent and practical implementation. The EU MDR 2017/745 Annex II defines technical documentation requirements for design and manufacturing information. Health Canada's CMDR (Canadian Medical Devices Regulations) also requires design controls aligned with ISO 13485.

Evidence Sources

  • [SOURCE: 21 CFR 820.30 (now [Reserved], QMSR references ISO 13485)]
  • [SOURCE: ISO 13485:2016 Clause 7.3]
  • [SOURCE: IEC 62304:2006+A1:2015]
  • [SOURCE: FDA Guidance "Design Controls" (1997)]
  • [SOURCE: EU MDR 2017/745 Annex II — Technical Documentation]

Seven Common Failure Modes in Design Control Documentation

1. Treating Jira/Confluence as the DHF without a controlled index

Project management tools are artifacts, not the design history file. A DHF requires a controlled index that maps every design control phase to its corresponding document, revision, and approval status. A Jira board has no formal document control, no revision history with approval signatures, and no mechanism to demonstrate completeness to an auditor.

2. No documented design reviews

Standup meetings, Slack threads, and pull request approvals do not constitute design reviews under ISO 13485 Clause 7.3.5. A design review must be a formal, planned evaluation with documented attendees (including independent reviewers), a defined agenda covering design inputs and outputs, recorded decisions, identified problems, and tracked action items with responsible parties and completion dates.

3. Design inputs that are actually design outputs

A common confusion: mixing "the device shall monitor heart rate continuously" (design input — a requirement) with "the device uses a photoplethysmography sensor sampling at 100 Hz" (design output — a specification). Design inputs define what the device must do and under what conditions. Design outputs describe how the device achieves those requirements. Confusing the two creates circular traceability.

4. Verification without traceability to design inputs

Test cases exist, code coverage is high, but there is no documented mapping from individual design input requirements to specific verification test protocols and results. An auditor expects to pick any design input from the requirements specification and trace it forward to a verification test that confirms the output meets the input. Without a traceability matrix, this is impossible.

5. Validation performed only in-house

Design validation must confirm the device meets user needs and intended use under actual or simulated use conditions. Testing performed only by developers or internal QA staff in a lab environment does not satisfy this requirement. Validation must involve representative end-user populations (e.g., clinicians, nurses, patients) in environments that simulate real-world use conditions.

6. Design changes not routed through change control

Software teams deploy "hotfixes," "patches," and "minor updates" without formal design review or risk assessment. Every change to a released medical device — including software updates, UI modifications, algorithm adjustments, and configuration changes — must route through the design change control process per ISO 13485 Clause 7.3.9. Each change requires evaluation of its impact on existing risk controls and V&V results.

7. No design transfer documentation

Design transfer is the documented handoff of design outputs to production specifications. For software devices, this includes the CI/CD pipeline configuration, build environment specifications, release procedures, and deployment validation. Many software teams skip design transfer documentation entirely, assuming that "code in the repository" is sufficient. It is not.

Audit-Proof Design Control Checklist

Use this checklist to verify that your design history file contains the evidence artifacts that auditors expect to see.

Evidence Artifact Owner Where It Lives
Design and Development Plan Project Lead / RA DHF
Design Input Requirements (traced to user needs) Systems Engineer DHF / Requirements Tool
Design Output Specifications Design Engineer DHF
Design Review Records (attendees, decisions, actions) Quality / Project Lead DHF
Design Verification Protocols + Results V&V Engineer DHF / Test Reports
Design Validation Protocols + Results (user environment) V&V / Clinical DHF / Validation Reports
Traceability Matrix (input → output → V&V) Systems Engineer DHF
Design Transfer Records Manufacturing / Quality DHF / DMR
Design Change Records (with risk assessment) Change Control Board QMS / DHF
Design History File Index RA / Quality DHF (top-level)

The 10-Step Design Control Workflow

  1. Create a Design and Development Plan. Define project phases, milestone reviews, deliverables for each phase, team roles and responsibilities, and references to applicable standards (ISO 13485, IEC 62304, ISO 14971).
  2. Capture Design Inputs. Document user needs, intended use, applicable regulatory requirements, risk management inputs (from ISO 14971 hazard analysis), performance requirements, and compatibility requirements. Inputs must be verifiable.
  3. Document Design Outputs. Record specifications, software architecture documents, interface definitions, labeling content, and packaging specifications. Each output must be traceable to one or more design inputs.
  4. Build the Traceability Matrix. Every design input maps to at least one design output. Every design output maps to at least one verification test. Every verification test links to test results. This matrix is the backbone of your DHF.
  5. Conduct Design Reviews at phase transitions. Schedule formal reviews at defined milestones. Document attendees (including at least one independent reviewer not directly responsible for the design), agenda items, review of design inputs vs. outputs, decisions made, problems identified, and action items with owners and due dates.
  6. Execute Design Verification. Test design outputs against design input specifications. Verification answers the question: "Did we build it right?" Protocols, acceptance criteria, and results must be documented and traced to specific design inputs.
  7. Execute Design Validation. Test the finished device under actual or simulated use conditions with representative users. Validation answers the question: "Did we build the right thing?" Include usability studies, clinical evaluations, and user acceptance testing as appropriate.
  8. Perform risk management activities throughout. Integrate ISO 14971 risk management at each design phase. Risk management outputs (identified hazards, risk controls, residual risk evaluation) feed back into design inputs. Update the risk management file whenever design changes affect risk controls.
  9. Complete Design Transfer. Document the transfer of design outputs to production specifications. For software: release build procedures, deployment pipeline configuration, environment specifications, and production validation. Verify that production output matches design output.
  10. Maintain the DHF as a living document. All design changes after initial release must go through change control per ISO 13485 Clause 7.3.9. Each change requires impact assessment, risk evaluation, appropriate V&V, and updated traceability.

Do / Don't Quick Reference

DO DON'T
Create a DHF index document that maps to all artifacts (even if artifacts live in Jira/Confluence) Treat a Jira board as your DHF — it is a project management tool, not a controlled design record
Document design reviews formally — meeting minutes with attendees, decisions, and action items Skip design transfer documentation for software-only devices
Map every design input to a verification test in your traceability matrix Perform design validation only with internal users — use representative end-user populations
Include risk management outputs as design inputs (ISO 14971 Clause 5) Deploy "hotfixes" without routing through design change control

Practical Example: SaMD with OTA Updates

Consider a Software as a Medical Device (SaMD) clinical decision support tool that processes patient vitals data and generates risk stratification scores. The development team releases updates via over-the-air (OTA) deployment to hospital servers. Here is how design controls apply at each phase.

Design Inputs live in Jira epics, but each epic is formally signed off by the product owner and systems engineer. The sign-off is exported to PDF and stored in the DHF with a controlled document number. Requirements cover intended use, user needs from clinician interviews, regulatory requirements from IEC 62304 and applicable FDA guidance, and risk management inputs from the ISO 14971 hazard analysis.

Design Reviews are conducted as dedicated review meetings — separate from sprint retrospectives or PR approvals. The review meeting has a defined agenda, invitees include an independent reviewer from the quality team who was not involved in the design, and meeting minutes document decisions, open issues, and action items. PR approvals are supplementary evidence, not the design review itself.

Design Verification uses an automated test suite where each test case is mapped to a specific design input requirement in the traceability matrix. Test results from the CI/CD pipeline are captured as controlled test reports. Coverage is measured against design inputs, not just code lines.

Design Validation involves a usability study with board-certified clinicians at two hospital sites using the device in simulated clinical workflows. The validation protocol is approved before execution, and results are documented in a formal validation report.

Design Transfer treats the CI/CD pipeline as the controlled manufacturing process. Pipeline configuration, build environment specifications, deployment scripts, and release validation checklists are documented as design transfer records. The production build is verified to match the validated design output.

Design Changes for each OTA update route through the change control process. The change request includes a description of the change, impact assessment on existing design inputs and outputs, risk assessment per ISO 14971, determination of required V&V, and approval by the change control board before deployment.

SaMD Design Control Artifact Map

Design Phase Artifact Tool Controlled Record?
Input User needs / requirements Jira (epics) Yes — exported + signed
Output Software architecture spec Confluence Yes — version-controlled
Review Design review minutes SharePoint Yes — attendees + decisions
Verification Automated test results CI/CD + TestRail Yes — traced to inputs
Validation Usability study report Clinical Yes — IRB/ethics approved
Transfer Release pipeline config DevOps Yes — change-controlled

Ask Our Regulatory Intelligence Tool

Use the TrueMedDevice deep research tool to investigate design control requirements, enforcement patterns, and regulatory expectations for your device type.

Example queries:

  • "What FDA 483 observations cite design control deficiencies for software medical devices?"
  • "Compare ISO 13485 Clause 7.3 with former 21 CFR 820.30 design control requirements"
  • "Show me enforcement actions related to design history file gaps"

Ask a Design Controls Question →

Design Controls Don't End at Market Release

Post-market surveillance data feeds directly back into design controls. Complaint trends validate or challenge design verification assumptions. Competitor recalls reveal design pitfalls to avoid in your next-generation device. Field safety corrective actions from similar devices inform design input revisions.

TrueMedDevice monitors 618,000+ FDA and Health Canada records to help you close the loop between post-market data and design inputs.

  • Monitor competitor 510(k) clearances and recalls relevant to your device design — identify design approaches that succeeded and those that led to field problems.
  • Build traceability from field complaints back to design verification assumptions — when complaint trends emerge, trace them to the design inputs and verification tests that should have caught the issue.
  • Generate audit-ready evidence packs showing the post-market feedback loop to design — demonstrate to auditors that your design controls are informed by real-world performance data.

Search Regulatory Evidence →    Take the Free PMS Gap Assessment

Frequently Asked Questions

Does agile development conflict with design controls?

No. Agile development methodologies are compatible with design controls when properly mapped. The key is recognizing that agile ceremonies (sprint planning, retrospectives, PR reviews) are development activities, not design control activities. Design reviews, verification, and validation must still be formally planned and documented. Many organizations use a hybrid approach: agile sprints for development execution within a design control framework that defines phases, reviews, and deliverables. The FDA has acknowledged that iterative and incremental development can be used within a design control process.

What is the difference between a DHF and a DMR?

The Design History File (DHF) contains the records that describe the design history of a finished device — the decisions, reviews, tests, and changes that occurred during the design and development process. The Device Master Record (DMR) contains the procedures and specifications for a finished device — what is needed to manufacture, test, package, and label the device. Think of the DHF as the "how we got here" record and the DMR as the "how to make it" record. Design transfer is the bridge between the two: design outputs (in the DHF) are transferred to become manufacturing specifications (in the DMR).

How do I document design reviews when my team uses agile/scrum?

Establish formal design review meetings at defined milestones in your design and development plan — these are separate from sprint reviews or retrospectives. A design review must have a documented agenda, a list of attendees that includes an independent reviewer, a record of what was reviewed (design inputs, outputs, risk management activities), decisions made, problems identified, and action items with owners and due dates. Sprint review meetings can serve as inputs to design reviews, but the design review itself must be a controlled, documented event in the DHF.

What changed in design controls under the QMSR?

The QMSR (effective February 2, 2026) replaced the former 21 CFR Part 820 with a framework that incorporates ISO 13485:2016 by reference. Section 820.30 (Design Controls) is now [Reserved], and the design control requirements come from ISO 13485 Clause 7.3. The substance is largely the same — design planning, inputs, outputs, reviews, verification, validation, transfer, changes, and the design history file are all still required. The primary change is standardization: manufacturers who already comply with ISO 13485 will find their existing processes align with the QMSR requirements.

Is a traceability matrix mandatory?

While neither ISO 13485 nor the former 21 CFR 820.30 explicitly mandates a traceability matrix by name, the underlying requirement is clear: you must demonstrate that design outputs meet design inputs (Clause 7.3.4), that verification confirms design outputs meet design input requirements (Clause 7.3.6), and that the design history file provides evidence that the design was developed in accordance with the design plan (Clause 7.3.10). A traceability matrix is the most efficient and auditor-expected way to demonstrate these linkages. In practice, auditors will ask you to trace a design input to its verification evidence — without a matrix, this exercise becomes time-consuming and error-prone.

Can I use Jira as my Design History File?

Jira can be a source of DHF artifacts, but it is not a DHF by itself. A DHF requires document control (revision history, approval signatures, controlled distribution), completeness (every design control phase represented), and accessibility (an auditor can navigate from index to any artifact). Jira tickets change state, can be edited without formal change control, and do not have approval workflows that meet ISO 13485 document control requirements (Clause 4.2.4). The recommended approach: use Jira for development execution, but export relevant records (requirements, test results, review decisions) to controlled documents stored in a document management system, and maintain a DHF index that references all controlled records.

Conclusion

Design controls are not bureaucracy — they are the evidence trail that your device was designed systematically, verified against specifications, and validated for its intended use. The QMSR alignment with ISO 13485 does not change the substance of design control requirements — it standardizes the language and harmonizes the framework with international expectations.

Teams that map their existing development artifacts to design control phases close the gap between how they actually work and what auditors expect to see. The work is already happening. The artifacts often already exist. What is typically missing is the controlled index, the formal review documentation, and the traceability that connects inputs to outputs to verification evidence.

Start with the checklist above. Identify which artifacts you have today, where they live, and what gaps remain. Build your DHF index. Schedule your first formal design review. The cost of doing this proactively is a fraction of the cost of a 483 observation, a warning letter, or a product recall.

Use TrueMedDevice to search 618,000+ regulatory records for enforcement patterns, competitor design control findings, and post-market data relevant to your device type.

References and Further Reading

  1. 21 CFR 820.30 (now [Reserved] under QMSR) — Design Controls
  2. ISO 13485:2016 Clause 7.3 — Design and Development
  3. IEC 62304:2006+A1:2015 — Medical device software: Software life cycle processes
  4. FDA Guidance: "Design Controls" (1997)
  5. EU MDR 2017/745 Annex II — Technical Documentation
  6. ISO 14971:2019 — Application of risk management to medical devices
  7. Health Canada CMDR (SOR/98-282) — Canadian Medical Devices Regulations
  8. ISO 14971 vs FMEA RPN: Risk Prioritization Guide (TrueMedDevice)
  9. FDA Post-Market Surveillance Requirements (TrueMedDevice)
  10. FDA vs Health Canada PMS Comparison (TrueMedDevice)

Related Regulatory Signals

enforcementFDAApril 13, 2016

All instrumentation associated with the Prelude PF Resurfacing Knee System.

enforcementFDAAugust 15, 2012

TANGO3 Water Storage Tank with Ozone Disinfection System, Tango3, LLC, 132 Citizens Blvd., Simpsonville, KY 40067. Models are WOZ-250-PE, WOZ-240-SS, WOZ-180-SS. The TANGO3 Water Storage Tank with Ozone Disinfection System is intended to be used for disinfection of the water distribution system of a dialysis facility.

enforcementFDADecember 18, 2013

Opal Orthodontics by Ultradent. Avex CX2 Ceramic Orthodontic Brackets Avex CX2 ceramic brackets are intended for use in orthodontic treatment.

enforcementFDAMay 28, 2014

ECATS E 850 Bariatric Bed, True Air Technologies, Inc.

enforcementFDAApril 13, 2022

Brius Patient Specific Brackets (components in a set of custom metal orthodontic devices); BRIUS , RX Only, Non-Sterile, Custom Made Device, ID: 52345400UL

See how these signals relate to your device

Generate a free mini evidence pack in under 3 minutes. No account required.

Generate My Evidence Pack

Related Articles

How-To

Why Your CAPA System Fails Without Trending: How to Catch Systemic Problems Before Auditors Do

Three CAPAs. Same root cause. No trending analysis. Major nonconformity. Learn why CAPA trending is mandatory, what auditors look for, and the 10-step workflow that prevents repeat findings.

March 6, 2026

Back to Insights
Design Controls Medical Devices: DHF Guide (2026) | TrueMedDevice