The Leaders in Quality and
Regulatory Training & Consulting

Let's get started

Mar 06, 2023

Medical Device Software Terminology Demystified for RA/QA Professionals

software terms on chalkboard with man in suit looking at it

Software developers will show you more respect and be more likely to listen if you have taken the time to understand their world. We recommend familiarizing yourself with the following terms, which you invariably will hear tossed around in your conversations with developers.

Agile: A project management and software development methodology that focuses on delivering software in small, “bite-sized” stages through continuous iterations and improvements.

API: Stands for “application programming interface” and is a set of protocols and tools for building software applications. It acts as a communication bridge between two software systems, allowing them to exchange data and functionality. An API allows a software developer to access and interact with the functionality of another software program without having to understand the underlying code. This enables the developer to easily integrate their software with other software systems, enabling increased functionality and increased efficiency.

Back end: The server-side components of an application that are responsible for data storage, management, processing, and application logic. The back end is usually accessed through APIs and other intermediary systems. It provides the necessary services and functions required by the front-end components of the application, which are responsible for presenting data to users and receiving input from them.

Bug: A problem or error in the code or software that causes it to not work as intended or to produce unexpected results. This can range from small issues like incorrect calculations or formatting to major malfunctions that can prevent the software from operating properly.

CICD: Stands for “continuous integration / continuous delivery or continuous deployment” and is an approach to software development that emphasizes automation and collaboration between development, operations, and testing teams. It involves using tools and processes to automate the build, test, and deployment of software changes to production. This helps to reduce the time and effort required to release new software features while maintaining high levels of quality and reliability.

Cloud computing: The delivery of on-demand computing services over the internet. It provides a scalable and flexible way to store, process, and access data and applications without the need for on-premises infrastructure. The services offered through cloud computing include:

  • Infrastructure as a service (IaaS): A model by which users can rent IT infrastructure – such as virtual machines, storage, and networking resources – from a cloud provider on a pay-per-use basis. Examples of IaaS providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.
  • Platform as a service (PaaS): A model by which users can develop, run, and manage applications without also having to manage the underlying infrastructure. The cloud provider supplies the platform, operating system, programming language, and other tools necessary to develop and deploy applications. Examples of PaaS providers include Heroku, Google App Engine, and Microsoft Azure.
  • Software as a service (SaaS): A model by which users can access software applications over the internet on a subscription basis. The cloud provider hosts the application and makes it available to users via a web browser or mobile app. Examples of SaaS applications include Salesforce, Google Workspace, and Microsoft Office 365.

Code: A set of written instructions in a programming language that a computer can interpret and execute to perform specific tasks or operations. It is the foundation of any software application and is the building block that developers use to create, modify, or troubleshoot programs.

Containers: A type of operating system virtualization technology that allows applications to run in an isolated environment with their own runtime, libraries, and dependencies, regardless of the underlying host operating system. Containers package up an application and all its dependencies into a single, portable unit that can be easily deployed on any system that supports containerization. This makes it easier to develop, test, and deploy software across different environments, without having to worry about differences in hardware, operating systems, or other dependencies.

COTS: Stands forcommercial off-the-shelf” software, which refers to prebuilt software products that are available for purchase or use without customization, but are specifically designed for commercial use.

Debugging: The process of finding and fixing errors, bugs, or glitches in the software code. This process helps developers to identify and correct problems that can cause software applications to behave unexpectedly or not work at all. Debugging is an essential part of the software development life cycle and is used to ensure that software products are free from defects and errors, and that they meet the specified requirements.

DevOps: A software engineering methodology that combines – you guessed it – software development and operations. The goal is to increase efficiency, speed, and reliability in software development.

Dev server: Provides a testing environment for the developers to test their code, applications, and software before deploying it to the production environment. This allows developers to ensure that their code is functioning as intended and to make any necessary changes before the code is made available to end-users. A dev server also helps to prevent any errors or bugs that could affect the production environment, ensuring a smooth deployment process.

Docker: A popular open-source platform for containerization that allows developers to create, package, and deploy applications in lightweight, portable containers. It provides a way to package up an application and all its dependencies into a single, portable unit that can be easily deployed on any system that supports Docker.

FOSS: Stands for “free and open-source software,” which is a type of software that is distributed under a license that allows users to freely use, modify, and distribute the software. FOSS is often created and maintained by a community of developers who collaborate to create, improve, and distribute the software.

Front end: The user interface and user experience (UX) of an application. It includes all the visual and interactive elements that users interact with, such as buttons, forms, graphics, and layout. The front end is responsible for presenting the data and functionality provided by the back end to the user. It is built using technologies like HTML, CSS, and JavaScript, and it’s the first thing a user sees and interacts with when using an application.

GitHub: Web-based platform for version control and collaboration that helps developers store and manage their code repositories. It serves as a hub for software development projects, allowing developers to share, collaborate, and contribute to code repositories, track issues and bugs, and build and deploy applications.

GUI: Stands for “graphical user interface.” The GUI permits users to interact with the software in a visual and intuitive way, such as clicking on buttons, selecting menu items, and entering data into forms. A GUI allows users to perform tasks and access information in a more user-friendly way and can be designed to make the software more accessible to a wider range of users.

Kanban: An Agile methodology for managing and visualizing workflow, with the goal of improving efficiency and reducing waste. The kanban methodology emphasizes continuous improvement and emphasizes the flow of work through the system rather than simply completing tasks.

Kubernetes: An open-source platform for managing and orchestrating containerized applications across a cluster of nodes. Kubernetes automates the deployment, scaling, and management of containerized applications, providing a highly available and scalable platform for cloud-native applications.

OTS: Stands for “off-the-shelf” software, which refers to prebuilt software products that are available for purchase or use without customization. OTS software can be a cost-effective and time-saving solution for organizations that need software to support their business processes or operations.

Patch: A small software update that addresses specific bugs, security vulnerabilities, or other issues with a software application. A patch typically modifies or replaces a small portion of the existing software code and is designed to correct a specific problem. Patches are often released by software vendors to improve the overall functionality of their products and to fix any problems that users have encountered. They can be applied to existing software installations, eliminating the need for a full-scale upgrade.

Plugin: A software component or module that adds a specific functionality to an existing software application or platform. It provides additional functionality to the main application, making it more versatile and customizable for the user. Plugins can be installed and integrated into the main application without affecting its core functionality. They can enhance the functionality of a software platform or application by adding new features, enhancing existing features, or providing integration with other software systems.

Risk management: Software risk management is the process of identifying, assessing, and mitigating risks related to software development projects. The goal of software risk management is to minimize the potential negative impact of risks on the software development process and the end product. It is essential for ensuring that software development projects are completed on time, within budget, and with a high level of quality. By identifying and mitigating potential risks, organizations can avoid costly delays, improve the overall quality of their software products, and ensure that they meet their business objectives.

SaMD: Stands for “software as a medical device,” which refers to software products that are used in the diagnosis, treatment, or prevention of medical conditions. SaMD can be stand-alone software products, or they can be software components of medical devices or other healthcare products.

SBOM: Stands for “software bill of materials,” which is a list of all the software components, libraries, and dependencies that are used to build a software application. The SBOM provides a detailed inventory of all the components that make up the software, including their version numbers, sources, and licenses. The SBOM is an important component of software security, as it provides visibility into the software supply chain and helps organizations to identify and mitigate potential security risks. By identifying all the components that make up the software, organizations can better understand the potential security vulnerabilities and risks associated with each component.

SCRUM: An Agile framework for software development that emphasizes collaboration, flexibility, and iterative delivery. It involves cross-functional teams, daily stand-up meetings, sprints, and regular retrospectives to assess progress and plan next steps. The goal is to deliver a usable product incrementally, allowing for changes and improvements along the way.

Secure coding: The practice of developing software in a way that ensures that the code is free from vulnerabilities and is resistant to attack from hackers and other malicious actors. Secure coding practices are essential to ensure that software is trustworthy and reliable, particularly when it is used to manage sensitive or confidential data.

SiMD: Stands for “software in a medical device,” which refers to software that is embedded in or integral to a medical device. Unlike stand-alone SaMD, SiMD is an essential part of a medical device and cannot be used independently of the device.

SPDX: Stands for “software package data exchange,” a standard for communicating software license information, including copyright, license type, and any other relevant licensing information.

Sprint: A short, fixed period of time (usually 2-4 weeks) during which a cross-functional team works on a set of development tasks to deliver a usable product increment. The goal of a sprint is to focus the team’s efforts on a specific set of features, prioritize work, and deliver a potentially shippable product increment. At the end of each sprint, the team evaluates what was accomplished and plans for the next sprint. This methodology is often used in Agile software development.

Testing: A process of evaluating a software application to identify defects, errors, or bugs that may be present in the application. The goal of software testing is to ensure that the software meets its intended requirements, is error-free, and is of high quality.

Software testing is typically carried out in several phases, which may include:

  • Unit testing: The process of testing individual modules or components of the software to ensure that they are functioning correctly.
  • Integration testing: The process of testing how the individual components of the software work together to ensure that they integrate correctly and that the software as a whole is functioning properly.
  • System testing: The process of testing the entire software system, including all of its components and features, to ensure that the software is functioning correctly and meets all of its intended requirements.
  • Acceptance testing: The process of testing the software with end-users to ensure that it meets their needs and is user-friendly.

Software testing can be conducted manually, using human testers who carry out various test cases, or it can be automated, using specialized software tools that automatically carry out test cases and report any errors or defects that are found.

Overall, software testing is a critical component of the software development process, ensuring that the software is of high quality, meets user requirements, and is free from errors or defects.

TRACE: Stands for “test, review, analyze, control, evaluate” reporting and refers to a system for logging and reporting diagnostic information in software development. It is often used to debug and troubleshoot issues with software by providing detailed information about events and errors that occur during execution. TRACE reporting can include information such as function call stacks, variables values, and other relevant data that can help developers understand the cause of issues and find solutions.

UI: Stands for “user interface.” UI provides an intuitive and user-friendly experience for users and includes elements such as buttons, icons, text, images, forms, and other interactive components that allow users to interact with the software. The goal of UI design is to make the software as simple and efficient as possible for the users to employ, and it plays an important role in device risk management.

UX: Stands for “user experience” and refers to the overall experience of a user while interacting with a software product, including the UI. This encompasses aspects such as ease of use, usability, accessibility, and enjoyment, among others. UX design is the process of designing software products with the user in mind, aiming to create a positive and efficient experience.

Validation: Process of evaluating software to determine whether it meets its intended use and user needs.

Verification: Process of evaluating software to determine whether it meets specified requirements and conforms to its design and development standards.

Waterfall: A traditional software development methodology that follows a linear and sequential approach. It is called “waterfall” because each phase of the software development process flows down to the next phase, like a waterfall.

There’s So Much More to Know…

Oriel STAT A MATRIX offers a wide variety of training classes regarding software, including:


Our team is here to help. Contact us online


Get answers right now. Call

US OfficeWashington DC


EU OfficeCork, Ireland

+353 21 212 8530