Waterfall Methodology

Waterfall Methodology

Click now to watch Regulatory Compliance Associates® Dr. Stephen Coulter explain how design controls and risk management play an intricate role in the Waterfall methodology:



The Waterfall methodology incorporates the usage of FDA design controls into the medical device design process. It serves as the primary connection between quality system requirements (QSR) and current good manufacturing practices (CGMP).


Waterfall Method


Conceptually, the FDA Waterfall model is designed to provide engineers with the flexibility to mitigate product risk, meet regulatory compliance and satisfy customer needs. It is a sequential process based on the quality assurance and medical device engineering principles listed in 21 CFR 820. The methodology itself is conceptualized in the image below from the Medical Device Bureau of Health Canada. 


Waterfall Development


To increase risk mitigation during the Waterfall methodology, both risk management & design controls are considered. They often become integrated processes during Waterfall product development. Many unique tools that medical device engineers use to define requirements & meet user needs are shared across these processes, even though each is based on a separate standard.


While design controls for FDA approval are referred to in 21 CFR 820, medical device risk management is internationally associated with ISO 14971. Three critical elements of risk mitigation strategies clearly focus on avoiding risk during product development:


  • Evaluating an associated risk
  • Controlling an evaluated risk
  • Monitoring risk control effectiveness overall


Input Requirements


The success of the Waterfall development method depends on early research & assessments conducted about input requirements that include strategic risk. Further, spending time documenting the inputs of user interface, user stories and product epics can help increase positive outcomes and reduce requirement risk overall.  Finally, any inconsistencies during the waterfall methodology between the proposed design & input requirements can be corrected across stages. This aligns with one of the primary motivations behind FDA originally developing 21 CFR 820 (e.g. helping medical device manufacturers find design deficiencies earlier in the process).


Risk Management


By starting the Waterfall process with this end state in mind, design inputs are more likely to pass failure testing & become a manufacturing output. This risk management strategy during a Waterfall project can begin with identifying the publicly known risks of competitive products. Second, the team is challenged to investigate if similar hazards could be associated with your medical device. When working with a Regulatory Compliance Associates risk management consultant, our clients are reassured that Waterfall development should detail how hazards can impact user needs & potential customers.


For example, design inputs should consider current regulations and global standards early in the waterfall process. This helps incorporate a risk management perspective even before verification and validation testing begins. Intended uses should consider predicate devices and if any causes for recalls are related to design, materials, or software. 


Waterfall Approach


So, does this mean risk management & design controls are connected in the waterfall approach? And if they are, how important is one over the other when leading to marketing approval or regulatory compliance? This process is often measured against a combination of factors, including:


  • Regulations & standards for clinical approval
  • Risk class of medical device being manufactured
  • Regulatory body reviewing the marketing submission


Enterprise risk management would consider all three of these factors individually and in combination when considering how to eliminate systemic risk. The Waterfall project management team can also use various tools and techniques while developing the risk management plan. These risk identification tools include conducting a risk analysis, performing an FMEA, and charting risk tolerance. 


Risk Analysis


Existing regulations & standards offer various types of risk tools that can be incorporated into design controls. This can include identifying risk levels and creating severity charts during the user needs & design inputs stages. Additionally, each new product will have different hazards and risk tolerance levels associated with the target patient. Being able to analyze the problem, control the problem, and mitigate the risk is essential to define in your risk analysis. Challenge yourself to reduce and identify hazards by analyzing the known data as much as possible.




Failure Mode and Effects Analysis (FMEA) is a controlled technique to detect & concentrate on budding trouble. Each failure is commonly assigned a rating based on the negative effect it may cause. The Waterfall process would then take each rating and project how the marketplace, healthcare systems, or patients can be impacted. FMEAs are one of many risk mitigation tools that can help your team identify the hazards of your severity chart. Each charted hazard is established based on the severe nature of the hazard to the user and project requirements for design control.


Risk Tolerance


Further, after the severity is defined, all known or projected hazards can be developed into a risk tolerance chart. The risk tolerance chart can then be shared cross-functionally across the team to help everyone understand which design steps can increase user risk. One of the benefits of a risk tolerance chart is being able to show data visualization. The design team should consider how design controls and user needs can reduce the hazard’s impact. Finally, a waterfall chart could also project the negative consequences of adverse events and what the estimated cumulative impact might be during a product crisis scenario.


Risk Management Summary


Finally, once your team has evaluated the risks and decided on precautions, a risk management summary is developed. It may include involves multiple failure mode analysis types (e.g. product, process, etc.) and risk ratings. These initial ratings are typically based on the types of failures and the severity of the failure itself. Ranges can also be given to determine the risk management strategy and what is the acceptable level of product risk (e.g. high, medium, low).


About RCA’s Medical Device Consulting Services


The regulatory compliance process surrounding the medical device industry involves a strict adherence to pre/post market information throughout a device’s life-cycle. Even a single compliance issue you have can turn into a significant effect on your business. Regulatory Compliance Associates medical device consultants can help guide you through any stage of this strategic process, with capabilities during product development through the regulatory clearance/approval of your product.


Our team of over 500 medical device consulting Experts — including former FDA officials and regulatory compliance leaders in the field of medical device regulation — will work with your company to create a quality assurance and regulatory compliance approach tailored to your products and regulatory needs. Regulatory Compliance Associates works with international Fortune 100 companies, venture capital start ups, and companies of all sizes and shapes. our compliance enforcement solutions for law firms include remediation for warning letters, FDA 483’s, import bans or consent decrees. Very few regulatory compliance services have the same regulatory compliance expertise in a variety of medical fields.




For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if Regulatory Compliance Associates medtech consultants do not implement good IoT cybersecurity and FDA cybersecurity protocols.


At Regulatory Compliance Associates, we offer a wide variety of services for medical devices security to help ensure that your product is protected from cyber-attacks. With a well-planned design, along with full visibility of product development and the supply chain, Regulatory Compliance Associates medical device consultant Experts can help strengthen your device’s cybersecurity. We partner with medical device companies in each phase of the design cycle, including protecting inputs from threat exposure and hardening outputs for regulatory compliance & FDA submission approval of your medical technology.


Regulatory Affairs


Regulatory affairs is Regulatory Compliance Associates® backbone, and we handle more submissions in a month than many manufacturers do in a lifetime. Our regulatory compliance consulting Experts have experience working with the FDA, global regulatory bodies and / or agencies, and notified bodies worldwide. Therefore, you can count on us for in-depth and up-to-date insights which increase speed-to-market.


As a trusted regulatory affairs consultant, our FDA veterans and industry experts represent Regulatory Compliance Associates® as one of the top medical device consulting firms. We’re here to help you navigate the difficulties associated with new product submissions. Regulatory Compliance Associates® medical device consulting company has expertise in both the approval process and post-approval support. 


  • New Product Approval
  • Post-Approval Support
  • Outsourced Staffing
  • EU MDR
  • Combination Products


Compliance Assurance


Increasingly, life science companies are feeling the pressure of greater scrutiny by regulators, and responding by developing sustainable compliance strategies. Whether it’s preparing for an audit, developing a response to an FDA finding, or remediation to an adverse event, Regulatory Compliance Associates® can help.


Our network of over 500 medical device consultant & FDA, MHRA & EMA veterans are industry professionals offers a unique blend of expertise. This allows Regulatory Compliance Associates® to handle both simple and complex regulatory compliance challenges within medical device consulting companies.


  • Gap Assessments
  • Internal Audits
  • Employee Training
  • Notified Body Response
  • Data Integrity


Quality Assurance


Regulatory Compliance Associates® Quality Assurance consulting includes quality system assessments, strategy, implementations, and identification of quality metrics to ensure continuous improvement, aligning with your business needs and goals. Each Regulatory Compliance Associates® medical device consultant is a quality expert with experience spanning major corporations and start-ups. We know firsthand how to achieve, maintain, and improve quality, and we excel in transferring this knowledge to your organization.


In the medical devices field, quality assurance (QA) is more than merely ensuring the quality of a finished product. You need the tools to monitor and regulate every process from the design of a new product to continued quality compliance as the device is sent to market. At Regulatory Compliance Associates®, we offer you the quality assurance services you need to monitor these processes and ensure quality compliance every step of the way.


With more than 20 years experience working with medical device consulting companies, Regulatory Compliance Associates® trusted medical device quality assurance consultant team is fully equipped to handle your unique QA needs.


  • ISO13485 
  • 21 CFR 210
  • 21 CFR 211
  • Outsourced Staffing
  • Facility Validation
  • Equipment Validation
  • Quality Metrics


Remediation Services


Regulatory Compliance Associates® is widely recognized within medical device consulting companies & the life science industry for remediation services & support. Regulatory Compliance Associates® ability to help companies successfully resolve complex regulatory challenges have a proven track record of success. Our medical device consulting services include significant experience with the development of responses to 483 Observations, Warning Letters, Untitled Letters and Consent Decrees.


  • Regulatory Action
  • Regulatory Compliance
  • Regulatory Enforcement
  • Warning Letter
  • 483 Observation
  • Oversight Services


Our value goes beyond the initial response by helping companies successfully execute their action plans, develop an improved compliance culture tailored to the needs of their business, and ultimately move beyond the regulatory action to emerge as a stronger business. We negotiate difficult demands of remediation with insight and the clear advantage of our medical device consultant expertise and experience that makes partnering with Regulatory Compliance Associates®  a competitive differentiator in the remediation space.


  • Quality System
  • Technical File
  • Design History File
  • Data Integrity
  • cGMP


Strategic Consulting


Whether it’s a strategy, a technical plan, or project, Regulatory Compliance Associates® medical device consultancy can help ensure a successful project. Regulatory Compliance Associates® medical device strategy consulting can deliver your project on time, on budget, and you’re never embroiled in a costly mistake.


Our medical device consultant Experts are industry Experts are here to provide the unique insight you need before an M&A deal, through a staffing crisis and in every area of your product’s development and life cycle. As the trusted medical device manufacturing consultants of thousands of companies around the world, we have the knowledge and expertise needed to deliver exceptional results to your business — no matter your size or unique needs.


  • Manufacturing Optimization
  • Product Lifecycle Management
  • Mergers & Acquisitions (M&A)
  • Due Diligence
  • Device Vigilance
  • Risk Management Plan
  • Product Complaints
  • Medical Information


About Regulatory Compliance Associates


Regulatory Compliance Associates® (RCA) provides medical device consulting to the following industries for resolution of life science challenges:



We understand the complexities of running a life science business and possess areas of expertise that include every facet of R&D, operations, regulatory affairs, quality, and manufacturing. We are used to working on the front lines and thriving in the scrutiny of FDA, Health Canada, MHRA and globally-regulated companies.


As your partners, we can negotiate the potential minefield of regulatory compliance and regulatory due diligence with insight, hindsight, and the clear advantage of our unique expertise and experience.


  • Founded in 2000
  • Headquartered in Wisconsin (USA)
  • Expertise backed by over 500 industry subject matter experts
  • Acquired by Sotera Health in 2021


About Sotera Health


The name Sotera Health was inspired by Soteria, the Greek goddess of safety, and reflects the Company’s unwavering commitment to its mission, Safeguarding Global Health®.


Sotera Health Company, along with its three best-in-class businesses – Sterigenics®Nordion® and Nelson Labs®, is a leading global provider of mission-critical end-to-end sterilization solutions and lab testing and advisory services for the healthcare industry. With a combined tenure across our businesses of nearly 200 years and our industry-recognized scientific and technological expertise, we help to ensure the safety of over 190 million patients and healthcare practitioners around the world every year.


We are a trusted partner to more than 5,800 customers in over 50 countries, including 40 of the top 50 medical device companies and 8 of the top 10 pharmaceutical companies.


Commitment to Quality


Our Certificate of Registration demonstrates that our Quality Management System meets the requirements of ISO 9001:2015, an internationally recognized standard of quality.


To begin the Regulatory Compliance Associates® scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. 



Our website uses cookies to give you the best possible experience.

By continuing to use this site, you agree to the use of cookies.