EU MDR · ISO 13485 · FDA QMSR

MDR compliance,
without the audit marathon

CertMD is an AI-native pre-audit platform that helps medical device companies prepare for EU MDR certification. Faster, with fewer consultants, and without the guesswork.

Get 2 free pre-audit reports — Technical Documentation + ISO 13485 QMS — to see your gaps before you commit.
NB
RA
QA

Validated by EU Notified Body auditors

MDR Pre-Audit Review: Class IIa

Annex IX: Technical Documentation

Risk management file (ISO 14971)

Compliant

MDR Article 61: Clinical Evaluation

Post-market clinical follow-up plan

Gap found

ISO 13485:2016: QMS Clause 7.3

Design & development controls

In review

3–

faster time-to-technical documentation vs. traditional consultancy

40%

of NB audit findings are avoidable with proper pre-audit preparation

76%

of manufacturers report significant documentation bottlenecks before submission

Built for the people who own compliance

CertMD is designed around the real workflows of RA and QA professionals. Not generic document tools.

RA Manager · SME Medtech

Preparing a first NB submission

You're 6–12 months from your first MDR submission and need to close Technical Documentation gaps without hiring another consultant.

Freelance Regulatory Consultant

Managing multiple device clients

You run parallel MDR projects across several manufacturers. CertMD acts as your always-on RA assistant: clause lookups, gap reports, and documentation in minutes.

QA Lead · Class I–IIb Device

Running an ISO 13485 QMS audit

Your QMS needs to be audit-ready for ISO 13485. CertMD maps your existing procedures against every relevant clause and surfaces gaps before your auditor does.

From documents to audit readiness in three steps

No setup, no integrations required. Upload what you have and CertMD does the work.

1

Securely upload or link your files

Upload your documents directly or connect files from your QMS system. Technical files, QMS procedures, risk management reports — any format, any state of completeness.

2

AI audit runs

CertMD maps your content against MDR Annexes, ISO 13485 clauses, and relevant ISO standards. Every finding is cited to the source regulation.

3

Get your gap report

Receive a structured, prioritised gap report with remediation guidance. Export NB-ready documentation packages directly from the platform.

EU MDR is expensive, opaque, and slow

The regulation came into full effect in 2024 and most SMEs are still not ready. Legacy consultancy models were not built for it.

01

Knowledge is siloed and inaccessible

MDR and ISO 13485 requirements span hundreds of clauses with shifting NB interpretations. No single source of truth exists.

02

Consultants are expensive and hard to scale

RA consultants bill €200 to €400/hr. A full MDR tech file review takes months and costs six figures for a single device.

03

Gaps surface at the worst possible moment

Compliance gaps are discovered during NB audits, not before. Rectification under scrutiny multiplies cost and delay significantly.

CertMD gives your team an always-on compliance co-pilot

Our AI is grounded in a continuously updated, auditor-annotated knowledge base covering EU MDR, ISO 13485, and all applicable ISO standards. It reasons over your documents, not generic prompts.

  • Clause-level gap analysis against MDR Annexes
  • ISO 13485 QMS pre-audit readiness check
  • Grounded answers with cited regulatory sources
  • Validated by EU Notified Body auditors

Choose your audit track

Three focused pre-audit tracks. Each one runs a full compliance pass on your documents and hands you a structured report your team can act on immediately.

Track A

Technical Documentation Audit

Your full technical file, reviewed against MDR Annex II/III, GSPR, and your Clinical Evaluation Report. ISO 14971, IEC 62304, and other applicable ISOs are covered within the TD review wherever they appear in your documentation.

MDR Annex II & III GSPR CER Applicable ISOs

What you get

  • Applicable clauses mapped to your content
  • Missing documentation identified and prioritised
  • Non-conformities flagged with regulatory citations
  • Remediation recommendations, ready to act on

Track B

ISO 13485 QMS Audit

Your quality management system, reviewed clause by clause against ISO 13485:2016. This covers your SOPs, processes, and quality procedures at the QMS level, including whether the right processes for risk management and design control are in place.

ISO 13485:2016 Full clause coverage SOP review Process audit

What you get

  • Applicable clauses mapped to your QMS
  • Missing procedures and process gaps identified
  • Non-conformities flagged with clause references
  • Remediation recommendations for each finding

Track C

FDA QMSR Transition

Your quality management system reviewed against FDA 21 CFR Part 820 (QMSR) requirements. Covers the transition from ISO 13485:2016 and identifies gaps in CAPA, design controls, supplier management, and complaint handling for US market access.

21 CFR Part 820 QMSR transition CAPA audit Design controls

What you get

  • QMSR clause-by-clause gap analysis
  • ISO 13485 to QMSR transition roadmap
  • CAPA and complaint handling readiness
  • Remediation plan for each finding

Supporting tools

Documentation Co-pilot

Generate compliant technical file sections, QMS procedures, and risk management content grounded in your device's specific classification and intended purpose.

In development Drafting · Templates

Regulatory Intelligence

Ask plain-language questions and get answers cited to the underlying regulation. Stay current with MDCG guidance updates and NB interpretation changes.

In development MDCG · EUDAMED

Evidence Export

Export NB-ready documentation packages with full traceability. Every output is cited to the underlying regulatory source for your RA team to verify before submission.

In development Traceable · Auditor-ready

Team Workspace

Centralise your RA, QA, and R&D teams around a single compliance workspace. Assign tasks, track document status, and maintain audit trails automatically.

In development Multi-user · Audit trail

Custom Workflow Integration

Don't want to use the web version? We integrate CertMD directly into your existing quality workflow — whether it’s your QMS platform, document management system, or a custom pipeline. Your process, our AI.

In development Custom · API · QMS integration

Your data is yours. Always.

Medical device documentation is some of the most sensitive IP your company holds. We treat it that way.

Never used to train AI models

Your documents are never used to train or fine-tune any AI model. What you upload stays yours, full stop.

Encrypted in transit and at rest

All data is encrypted with TLS 1.3 in transit and AES-256 at rest. Infrastructure runs on Google Cloud Platform (EU region).

ISO 27001 controls in place

We have implemented ISO 27001-aligned information security controls. Formal certification is in progress. Our security posture is available on request.

Ready for trial with your documents

Book a demo and run CertMD against a sample of your actual technical file. See exactly what a pre-audit looks like before committing to anything.

GDPR compliant

We comply with the EU General Data Protection Regulation. You have the right to access, correct, delete, or port your data at any time by contacting us.

EU-hosted infrastructure

All data is processed and stored exclusively in Google Cloud Platform's EU region (europe-west4). No data leaves the European Economic Area.

Common questions

Everything you need to know before booking a demo.

Is my document data safe? Will it be used to train AI?
Your documents are never used to train or fine-tune any AI model. All data is processed in isolated sessions, encrypted at rest (AES-256) and in transit (TLS 1.3), and hosted on Google Cloud Platform in the EU. We have implemented ISO 27001-aligned controls across our systems.
What document types does CertMD accept?
CertMD accepts documents in virtually any format — PDF, Word, Excel, PowerPoint, images, and more. If you have a specific file type or need to connect your QMS system, let us know — we add formats on request.
Which regulatory frameworks does CertMD cover?
CertMD currently covers EU MDR 2017/745 (all device classes), ISO 13485:2016, FDA 21 CFR Part 820 (QMSR), and all applicable ISO standards referenced within the Technical Documentation track, including ISO 14971:2019 and IEC 62304. Additional frameworks are in development.
How long does a pre-audit report take?
A typical Technical Documentation pre-audit report is generated within 15–30 minutes depending on document volume. ISO 13485 QMS pre-audits typically run 10–20 minutes. Results are reviewed and contextualised during your demo session.
Does CertMD replace a Notified Body or regulatory consultant?
No. CertMD is a pre-audit preparation tool, not a replacement for Notified Body assessment. Every AI-generated finding includes a human-in-the-loop review path. We also work with experienced regulatory consultants and auditors who can review your results and support your final submission — we can connect you with them if needed.

See CertMD on your documents

30 minutes. We'll run a live pre-audit on a sample of your technical file and show you exactly where the gaps are.

Book a demo

No commitment. Available in English and German.

Regulatory coverage EU MDR 2017/745 ISO 13485:2016 ISO 14971:2019 IEC 62304 FDA 21 CFR 820 MDCG Guidance

Privacy Policy

Last updated: June 2026

1. Who we are

CertMD is operated by Yeshwanth Seshadri, Berlin, Germany. Contact: info@certmd.com

2. What data we collect

When you use CertMD or book a demo, we may collect the following categories of data:

  • Account data: name, email address, company name, and job title when you register or book a demo
  • Document data: medical device technical documentation, QMS procedures, risk management files, clinical evaluations, and other compliance documents you upload for pre-audit analysis
  • Usage data: anonymised interaction data via Google Analytics, including page views, feature usage, and session duration
  • Communication data: emails and messages exchanged with our support team

3. How we use your data

We use your data solely for the following purposes:

  • Providing the CertMD pre-audit analysis service
  • Responding to demo requests and support inquiries
  • Improving and developing our platform based on anonymised usage patterns
  • Complying with legal obligations (e.g., tax records, data subject requests)

We do not sell your personal data to third parties. We do not use your document data for any purpose other than providing the service you requested.

Your documents are never used to train AI models. Documents uploaded for analysis are processed in isolated sessions and are not retained beyond the active session unless you explicitly save them to your account. They are never used to train, fine-tune, or improve any AI or machine learning model. Prompts and document content are not logged or stored for model improvement purposes.

4. Legal basis for processing (GDPR)

We process your personal data under the following GDPR legal bases:

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the CertMD service under our Terms of Use
  • Consent (Art. 6(1)(a)): for optional cookies and analytics tracking
  • Legitimate interests (Art. 6(1)(f)): for platform security, fraud prevention, and service improvement, where our interests do not override your data protection rights
  • Legal obligation (Art. 6(1)(c)): where we are required to retain data by applicable law (e.g., tax retention periods)

5. Data storage and security controls

We have implemented the following information security controls aligned with ISO 27001:2022:

  • Encryption in transit: all data transmitted via TLS 1.3 with strong cipher suites (AES-256-GCM, ECDHE key exchange)
  • Encryption at rest: all data stored using AES-256 encryption at the storage layer (Google Cloud Platform default encryption)
  • Access control (A.9): dedicated per-service service accounts with least-privilege IAM roles; no shared keys or static credentials
  • Network security (A.13): all services run in private VPC with ingress restricted to authenticated requests; no public SSH or RDP access
  • Logging and monitoring (A.12.4, A.8.15): all IAM policy changes and service account key operations are logged and monitored via Cloud Audit Logs with alerts
  • Data residency: all infrastructure is hosted in Google Cloud Platform's europe-west4 region (Netherlands). No data leaves the European Economic Area
  • Vendor security: Google Cloud Platform is certified under ISO 27001, SOC 1/2/3, FedRAMP, and PCI DSS. We maintain a subprocessor register as described below
  • Incident response: we maintain a documented security incident response process. Notifications to affected parties are made within 72 hours as required by GDPR Art. 33

6. Data retention and deletion

We retain your personal data only as long as necessary to provide the service or comply with legal obligations:

  • Account data: retained for the duration of your account plus 90 days after account deletion, after which it is permanently deleted
  • Document data: retained only during active sessions unless explicitly saved; saved documents are retained until you delete them or close your account
  • Usage analytics: retained in anonymised form for up to 26 months (Google Analytics retention)
  • Communication data: retained for the duration of the support inquiry plus 12 months

You may request early deletion of any or all of your data at any time (see Section 7).

7. Your rights (GDPR)

Under the EU General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15): request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing (Art. 18): request restriction of how we process your data
  • Right to data portability (Art. 20): request your data in a structured, machine-readable format
  • Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing
  • Right to lodge a complaint (Art. 77): file a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at info@certmd.com. We will respond within 30 days. If you are a registered user, you can also delete your data directly from within the platform.

8. Subprocessors

CertMD uses the following subprocessors to deliver the service. All subprocessors are contractually bound to process data only on our documented instructions and to maintain equivalent security standards:

  • Google Cloud Platform (Ireland/Netherlands): cloud infrastructure and AI services (Vertex AI). ISO 27001 certified. Compliance details
  • Google Firebase (Belgium/us-central1): authentication and database services. SOC 2 certified
  • Microsoft Bookings (EU): demo scheduling. Data retention per Microsoft's GDPR commitments
  • Google Analytics (US): anonymised usage analytics. Data is anonymised at collection; IP masking is enabled

9. Cookies

This website uses minimal cookies. We do not use advertising or tracking cookies beyond basic analytics:

  • Google Analytics (_ga, _gid): anonymised page view statistics. Retention: 26 months. You can opt out via the Google Analytics opt-out browser add-on
  • Session cookies: necessary for the operation of the portal.certmd.com application. These are strictly functional and expire when you close your browser

You can disable cookies in your browser settings at any time. Disabling functional cookies may affect the operation of the portal application.

10. Contact and Data Protection Officer

For privacy-related queries, data subject requests, or security concerns:

  • Email: info@certmd.com
  • Response time: within 30 days (typically within 7 days)

As a micro-enterprise, we are not required to appoint a formal Data Protection Officer under GDPR Art. 37. Privacy and data protection matters are handled directly by the data controller.

Terms of Use

Last updated: June 2026

1. Acceptance

By accessing CertMD (certmd.com or portal.certmd.com), you agree to these terms. If you do not agree, please do not use the service.

2. Description of service

CertMD provides AI-assisted pre-audit analysis tools for medical device regulatory compliance. The platform is intended to support — not replace — qualified regulatory professionals and Notified Body processes.

Important disclaimer: CertMD's outputs are informational and preparatory in nature. They do not constitute legal or regulatory advice and do not guarantee compliance with EU MDR, ISO 13485, or any other regulation. All outputs should be reviewed by a qualified Regulatory Affairs professional before use in a formal submission or audit.

3. Your responsibilities

  • You are responsible for the accuracy and completeness of documents you upload
  • You must not upload documents containing third-party confidential information without authorisation
  • You must not attempt to reverse-engineer, scrape, or misuse the platform

4. Intellectual property

CertMD and its underlying technology are the property of Yeshwanth Seshadri / CertMD. Documents you upload remain your intellectual property. You grant CertMD a limited licence to process your documents solely for the purpose of providing the service.

5. Limitation of liability

CertMD is provided "as is". To the maximum extent permitted by law, CertMD accepts no liability for direct, indirect, or consequential damages arising from use of the platform or reliance on its outputs.

6. Governing law

These terms are governed by the laws of the Federal Republic of Germany. Place of jurisdiction is Berlin.

7. Contact

info@certmd.com

Impressum

Angaben gemäß § 5 TMG

Verantwortlich

Yeshwanth Seshadri
[ADDRESS]
Berlin, Deutschland

Kontakt

E-Mail: info@certmd.com

Hinweis

CertMD ist kein eingetragenes Unternehmen. Alle Dienstleistungen werden von Yeshwanth Seshadri als Einzelperson erbracht.

Streitschlichtung

Die Europäische Kommission stellt eine Plattform zur Online-Streitbeilegung (OS) bereit: https://ec.europa.eu/consumers/odr.

Haftung für Inhalte

Als Diensteanbieter sind wir gemäß § 7 Abs.1 TMG für eigene Inhalte auf diesen Seiten nach den allgemeinen Gesetzen verantwortlich.