Medical Device Framework Pack
The Medical Device Framework Pack extends Compliance Yoke with the frameworks a device manufacturer lives under — FDA 21 CFR Part 11 (electronic records and signatures), FDA 21 CFR Part 820 / QMSR (device quality system), and ISO 13485 — and crosswalks them to each other and to your existing SOC 2 controls.
It installs as data: frameworks, criteria, a shared control library, and the mappings between them. Nothing about the compliance engine changes — your readiness scores, evidence, and audit exports all work over the new frameworks the same way they work over SOC 2.
What "aligned" means here
FastYoke helps you organize and evidence control coverage against these frameworks. It does not certify, validate, or attest that your system is compliant — those are determinations you and your auditor make. The pack gives you the structure (criteria, controls, mappings, readiness roll-ups) to run that work; the judgment stays with your quality and regulatory teams.
Installing the pack
From the Compliance workspace, open Framework Packs and install the Medical Device pack. Installation:
- seeds the three frameworks and their criteria,
- seeds a shared control library (audit trail, electronic signatures, access control, design controls, CAPA, complaint handling, document control, training, management review, and validation),
- seeds the crosswalk — both the control-to-criteria mappings and the criterion-to-criterion equivalences, and
- opens a Framework Crosswalk page so you can browse every mapping.
Uninstalling reverses all of it cleanly. Install and uninstall are scoped to your workspace and are safe to re-run.
The crosswalk
The pack ships two complementary views of how the frameworks relate:
- Evidence reuse — one control mapped to criteria across several frameworks, so a single piece of evidence (an audit-trail configuration, a signed record) answers Part 11, ISO 13485, and SOC 2 at once. You maintain the control once; it counts everywhere it is mapped.
- Requirement equivalence — a direct criterion-to-criterion table (for example, Part 820 corrective-and-preventive-action lines up with ISO 13485 corrective action), with a short rationale on each row so a reviewer can see why two requirements are treated as equivalent.
AI-assisted crosswalk
Mapping a control library onto a new framework by hand is slow. The pack includes an AI crosswalk drafter that proposes control-to-criterion mappings for a given criterion.
It is deliberately conservative:
- Grounded in your data. Suggestions are retrieved from your control library using an on-device semantic search — the model only sees controls you actually have. If nothing relevant is found, it returns an insufficient-evidence result without calling a language model at all.
- Draft-only. Every suggestion is a draft. Nothing is written to your compliance records until a reviewer with the right permission accepts it.
- Cited. Each draft names the control ids it drew on, so a reviewer can check the reasoning before accepting.
Accepted mappings are stored as normal crosswalk records, tagged as AI-originated and marked accepted, so your audit trail shows exactly which mappings a human reviewed and approved.
Enabling the AI drafter requires turning on compliance AI for your workspace and configuring a language-model provider in Settings.