1. Term selection
Terms are chosen from primary regulatory frameworks (FDA CFR and guidance, EU MDR/IVDR, ISO, IEC, IMDRF), from standard industry vocabularies (MDCG, HL7, DICOM, NEMA), and from questions submitted by readers. We add a term when it appears in a rule or guidance document and is likely to be misunderstood or conflated with another term.
2. Sourcing
Every entry is written from primary sources: the FD&C Act, 21 CFR, EU regulations and MDCG guidance, ISO/IEC standards, IMDRF documents, CISA advisories, and NIST publications. We cite the source directly on the term page. Secondary sources (trade press, vendor blogs) are used to identify a topic but never to define it.
3. Drafting
A draft has five sections: plain-English definition, what the regulation says, what it means in practice, common pitfalls or FAQs, and related terms. We write for engineers, regulatory affairs, and quality professionals. We avoid marketing language and vendor-specific framing.
4. Editorial review
Christian Espinosa, Founder of Blue Goat Cyber, reviews each term for regulatory and technical accuracy. Cybersecurity terms receive extra scrutiny given his focus area. The review date is stamped on every page in the byline and in the DefinedTerm JSON-LD (dateModified).
5. Citations and cross-links
Every term links to its primary sources with source, publisher, and label. Definitions cross-link to related terms so the glossary functions as a connected graph, not a list. Comparison pages sit alongside term pages when two concepts are frequently confused (for example 510(k) vs PMA, SaMD vs SiMD).
6. Ongoing updates
Terms are re-reviewed when a cited regulation changes (for example the QSR to QMSR transition, MDR/IVDR transition extensions, or new FDA guidance). The Latest feed ingests regulator publications daily so newly-affected terms surface quickly. Corrections and reader questions are welcome.
Citations
Source-tier hierarchy
Not every source carries equal weight. We rank citations into five tiers so readers can see, at a glance, whether a claim is grounded in binding law, regulator guidance, peer-reviewed evidence, industry commentary, or vendor material. Definitions are drawn from Tier 1 and Tier 2 wherever possible; Tier 5 is never cited.
-
Tier 1
Binding law and regulation
Definitional
The text of statutes, regulations, and directly-referenced standards. Used to define terms and to state what a rule requires.
- US: FD&C Act, 21 CFR Parts 800-1299, 21 CFR Part 11
- EU: MDR 2017/745, IVDR 2017/746, EU AI Act
- Standards incorporated by reference (for example ISO 13485, ISO 14971, IEC 62304, IEC 62366-1)
-
Tier 2
Regulator guidance and consensus documents
Authoritative interpretation
How regulators and international bodies interpret and apply the law. Used for practice detail, thresholds, and scope clarifications.
- FDA guidance documents, Q-Sub program materials, openFDA data
- EU MDCG guidance, EMA scientific guidelines, notified body position papers
- IMDRF, IEEE, HL7, DICOM, NEMA, AAMI, NIST, CISA advisories
-
Tier 3
Peer-reviewed and primary research
Supporting evidence
Peer-reviewed literature and registered clinical evidence. Used to support what happens in practice, not to define a regulatory term.
- PubMed / NIH-indexed journals
- ClinicalTrials.gov registered interventional studies
- Health-technology assessments from HTA bodies (NICE, CADTH, IQWiG)
-
Tier 4
Trade press and expert commentary
Context only
Used to identify a topic worth covering or to note how the industry is reacting. Never used to define a term or to make a regulatory claim.
- Established regulatory and MedTech trade publications
- Recognized subject-matter blogs from regulatory attorneys and consultants
- Conference proceedings and standards-body workshops
-
Tier 5
Vendor and community sources
Not cited
Vendor marketing, product pages, unverified forum posts, and undated PDFs are not used as citations. They may point us to a term but they do not appear in the reference list.
- Vendor product pages, whitepapers, and pitch decks
- Anonymous forum threads and social media posts
- Undated or unattributed PDFs
Each term page lists its primary references with source, publisher, and label. If a citation moves between tiers (for example when a guidance document is superseded), the term is re-reviewed and the review date is updated.