Threeqa / Resources / Guides

Guides for teams who have to ship.

Hands-on walkthroughs of the regulatory work that gates a launch — the technical file, the GSPR matrix, the standards behind them — written by people who've actually been on the receiving end of a notified-body finding. Each guide names the clauses it touches and tells you what reviewers look for.

All guides

Start here.

EU MDR · Technical file

The EU MDR technical file: what actually goes in it

Annex II's six sections, one by one, with what reviewers look for in each. The software V&V and clinical evaluation evidence that catches small teams out, the Annex III post-market documents by device class, and the five deficiencies that stall conformity assessments.

EU MDR · ANNEX II & III · 10 min readRead →

EU MDR · GSPR

The GSPR checklist: your Annex I matrix, done properly

The 23 General Safety and Performance Requirements, the five columns every matrix row needs, how harmonised standards and state of the art fit together, and the findings notified bodies raise most often — with a worked example row for a software device.

EU MDR · ANNEX I · 9 min readRead →

EU MDR · Getting started

Your first technical file, step by step

How a startup builds its first EU MDR technical file: the order to do the work in, what has to start on day one, what can safely wait, and the mistakes that cost first-time manufacturers months.

EU MDR · STARTUPS · 10 min readRead →

EU & US · Documentation

Technical file vs. DHF vs. DMR, untangled

EU MDR technical file, FDA Design History File, Device Master Record, Device History Record — what each one answers, what the QMSR renamed, and how to keep one body of records that serves both markets.

EU MDR · FDA QMSR · 9 min readRead →

Requirements

Requirement levels: user needs to software requirements

How to structure requirements in levels — user needs, system, software and hardware — why the standards expect it, how verification and validation map to each level, and how to keep the traceability honest.

IEC 62304 · ISO 13485 · 9 min readRead →

Traceability

A traceability matrix that survives an audit

What must trace to what, the standards that demand it (ISO 13485, IEC 62304, ISO 14971, EU MDR), the orphan checks that keep it honest, and why most matrices quietly die between audits.

ISO 13485 · IEC 62304 · 9 min readRead →

ISO 14971 · Risk

The risk file: hazard → hazardous situation → harm

How to build an ISO 14971 risk management file reviewers accept: the hazard → hazardous situation → harm chain with worked examples, the P1/P2 probability split, the risk control hierarchy, and why FMEA alone isn't enough.

ISO 14971 · 10 min readRead →

IEC 62304 · Software

IEC 62304 in plain English

What the standard covers, how software safety classes A, B and C are assigned and what each demands, the five core processes, SOUP, and how it fits alongside the EU MDR and FDA QMSR.

IEC 62304 · 10 min readRead →

FDA QMSR

FDA QMSR explained: the new 21 CFR Part 820

The Quality Management System Regulation, in force since 2 February 2026, rebuilds 21 CFR Part 820 around ISO 13485:2016. What changed, what FDA added, what disappeared, and what device teams should do about it.

FDA · 21 CFR 820 · 9 min readRead →

Get started

Want a guide on a topic you don't see here?

Tell us. New guides land here regularly — and most of them started as questions teams asked in their first demo call.

Request a guide Book a demo