Agile & Iterative Methodologies (Fast Feedback Loops)

Randy Horton
Randy Horton
Published on: February 4th, 2026
2026 Mar Webinar Banner Zoom

Executive Summary

Modern MedTech products increasingly depend on software that continues to change after release. They connect to hospital systems, patient smartphones, and cloud platforms, operating within interconnected environments that change independently of the product itself. As a result, they must continuously respond to new vulnerabilities, shifting user needs, and real-world performance data. This ongoing evolution creates friction inside many MedTech and SaMD organizations. Software changes continuously, often long after initial release. Yet development governance remains phase-based and milestone-driven. Many teams still rely on models designed for hardware with relatively stable requirements, where change is planned and introduced at defined intervals. Software does not necessarily follow that pattern.

When iterative SaMD development operates within phase-gated models, feedback is delayed until formal review. Teams continue building between milestones, but quality, regulatory, and human factors input often arrives after functionality has already been implemented. Risk documentation must be reconciled en masse close to the end of the project, and traceability matrices require last minute updates to realign requirements, risk controls, verification evidence, and approvals. As multiple software initiatives run in parallel, cross-functional coordination becomes more complex and release predictability declines.

In our recent webinar, experts from Merck, ResMed and Orthogonal discussed how Fast Feedback Loops address this delay by integrating quality, regulatory, and risk review directly into the sprint cycle. Instead of waiting for milestone gates, MedTech and SaMD teams can evaluate usability, cybersecurity, and regulatory impact as features are implemented. Smaller increments make changes easier to assess and adjust. Real-world usage data from deployed products feeds directly into engineering and risk decisions, reducing late-stage discovery and improving release-planning stability.

When these practices are aligned, late-stage rework decreases, and releases become more predictable. Compliance activities occur as work progresses rather than being done at the end of development.

The goal is not speed alone. It is to enable continuous improvement in MedTech and SaMD while safeguarding quality, patient safety, and clinical effectiveness.

Watch Webinar Recording

Why Traditional Development Struggles With Software

Traditional project management models were built for environments where requirements stayed relatively stable. That approach works well for buildings, production lines, and traditional hardware-based medical devices with relatively stable requirements. It does not translate well to software-driven MedTech systems.

As discussed in the webinar, software connects to evolving platforms, interacts with growing data sets, and must respond to newly discovered vulnerabilities. Updates are not rare events. They are expected.

“You’ve got to deal with software, and dealing with software means dealing with change.”
— Bernhard Kappe

Agile emerged outside of MedTech as a response to software development environments characterized by continuous change. It was designed for work that progresses in small, testable increments, with feedback integrated into the development cycle rather than reserved for major milestones.

As software became central to MedTech and SaMD products, these practices were adapted to operate within regulated environments. The discussion emphasized that the question is not whether to adopt Agile or maintain regulatory discipline. The challenge is structuring development so that iterative execution and design controls operate together rather than in sequence.

Faster Does Not Automatically Mean Better

The discussion then shifted to a common assumption in MedTech and SaMD organizations: that increasing development speed inherently improves performance.

Moving faster does not automatically mean delivering more value.

Teams may complete more features in each development cycle. Internal performance reports may show shorter turnaround times and higher throughput. Releases may become more frequent.

From an operational standpoint, this can look like progress. But each external release affects more than the engineering team. In MedTech and SaMD, releases carry operational and compliance complications, including:

  • Hospitals scheduling and validating updates within their IT environments.
  • Clinicians adjusting workflows or receiving updated training.
  • Patients experiencing changes in therapy delivery.
  • Internal documentation updates, regulatory reviews, and cross-functional coordination.

These downstream effects mean that release cadence cannot be evaluated solely by speed. This is where Fast Feedback Loops become important. Fast Feedback Loops are not simply short sprints or frequent releases. They are a way of structuring development so learning happens continuously rather than at milestone gates. Work is broken into smaller increments, each intended to create real value. Feedback is gathered quickly and deliberately from clinicians, patients, cross-functional stakeholders, and real-world product data, then fed back into the next development cycle.

That feedback may come from formative usability sessions, cross-functional quality and regulatory review, cybersecurity assessment, automated testing, or real-world product analytics once a solution is deployed. The goal is to surface usability gaps, safety risks, performance issues, and unintended consequences early, when changes are still manageable and controlled.

Automation plays a central role in enabling these feedback loops. Continuous integration, automated testing, and modern tooling allow teams to detect issues earlier and reduce rework. In MedTech and SaMD environments, this does not replace design controls or risk management. It shifts them closer to implementation so that compliance evidence is generated as work progresses rather than assembled at the end. The speakers also emphasized an important distinction: An increment is not the same as a release. An increment represents internal learning and progress. A release places change in front of users. Mature MedTech and SaMD organizations build the capability to release quickly, but exercise judgment about when a release delivers meaningful value.

“If your focus is on cadence over value, there’s still more evolution to work on.”
— Jason Gorman

For regulated MedTech companies, the goal is not to demonstrate speed. It is to improve decision quality, protect patient safety, and ensure that the release strengthens effectiveness, usability, and operational stability.

Where Agile and Quality Actually Align

The discussion highlighted a recurring challenge in MedTech and SaMD organizations: development teams working in short, iterative cycles, while quality, regulatory, cybersecurity, and human factors reviews occur at defined phase gates. When those rhythms are not aligned, friction follows. Agile and quality are not in opposition. Both are built on continuous improvement. Quality systems rely on monitoring, corrective action, and documented refinement. Agile relies on inspection, adaptation, and incremental delivery. The tension emerges when they operate at different speeds.

When software evolves incrementally but compliance activities cluster at the beginning and end of a project, documentation, risk updates, and traceability lag behind development. The result is late-stage reconciliation, compressed review cycles, and avoidable rework.

The panel emphasized that this is a structural issue. Quality and regulatory functions cannot remain purely downstream reviewers in an iterative MedTech or SaMD environment. They must engage as work evolves.

This does not mean increasing oversight. It means integrating core activities into the development rhythm. Risk is evaluated as features emerge. Cybersecurity is assessed as architecture change. Human factors inform usability refinements earlier. Compliance evidence is created alongside development rather than reconstructed later.

“Your QMS and all your processes need to be right-sized and flexible to support that.”
— Michael Iglesias

Right-sizing does not lower standards. It aligns the quality system with how modern software is built. When that alignment exists, compliance becomes part of execution rather than a bottleneck.

Rethinking Human Factors and External Feedback

Structural alignment creates the conditions for better execution. The next question for MedTech and SaMD organizations is how teams generate meaningful insight as software evolves.

The panel emphasized that fast feedback loops create value only when feedback reflects real-world use. In MedTech and SaMD environments, this requires discipline. User populations are smaller, clinical workflows are defined, and regulatory expectations limit informal experimentation. Feedback must be structured.

Traditionally, human factors work occurs at two primary points: early development and final validation. The discussion challenged whether that model supports iterative software development.

Rather than reserving usability insight for large milestone studies, teams can incorporate smaller feedback cycles during development. Examples discussed included:

  • Short formative usability sessions
  • Focused workflow evaluations
  • Targeted UX reviews on evolving features

These activities do not replace formal summative validation. They reduce the likelihood of late-stage surprises.

The panel also highlighted the role of product analytics once software is deployed. Software can be instrumented to generate usage data that informs:

  • Feature adoption and workflow patterns
  • Error frequency and severity
  • Risk management updates
  • Performance and stability trends

However, feedback volume in MedTech and SaMD is lower than on consumer platforms since medical devices tend to have smaller user bases. Signals must be interpreted in the clinical context and aligned with the intended users.

This reinforces the importance of the distinction between increments and releases. An increment enables internal testing and learning. A release introduces change into clinical environments and patient workflows. Mature organizations strengthen internal feedback cycles while exercising discipline about external release timing.

In this model, fast feedback loops improve decision quality without increasing operational disruption.

Learning From Real-World Data and Risk Management in an Iterative Environment

As the conversation moved from formative feedback to deployed systems, it became clear that in software-driven MedTech and SaMD environments, learning does not end at release.

Software-enabled MedTech and SaMD products provide direct visibility into performance and user behavior. That capability changes how organizations approach risk management.

In traditional medical device development, risk analysis is concentrated early and revisited at defined milestones. In iterative software environments, functionality evolves incrementally. Architecture changes. Integrations expand. Risk cannot remain static.

It must evolve with the product.

As features emerge, teams assess whether new hazards are introduced. As architecture changes, cybersecurity implications are evaluated. As usage data accumulates, real-world behavior informs earlier design assumptions.

The panel pointed to several practical sources of feedback:

  • Post-market product analytics
  • Error logs and defect severity trends
  • Cybersecurity vulnerability monitoring
  • Workflow data that reveals friction or unintended use patterns

This data does not replace formal post-market surveillance. It strengthens it by enabling earlier detection and faster mitigation.

However, increased visibility also increases responsibility. Not every anomaly represents risk, and not every usage pattern reflects intended design. Governance processes must define how real-world data feeds back into risk files, design updates, and release decisions.

Here again, the distinction between increments and releases matters. Internal changes may occur frequently. External updates that affect therapy or clinical workflow require structured evaluation.

In this model, iterative development and risk management reinforce each other. Continuous feedback supports earlier hazard identification, more informed mitigation, and disciplined release decisions.

For MedTech and SaMD organizations, the objective is not speed alone. It is sustained improvement in safety, effectiveness, and resilience.

The Organizational Barrier

Process alignment alone does not ensure success. The primary barrier in MedTech and SaMD organizations is structural.

Engineering, quality, regulatory, cybersecurity, and clinical teams often operate in silos, each optimizing for its own metrics. When Agile is introduced only within development, friction increases rather than decreases. Speed in one function exposes bottlenecks in another.

The panel emphasized that successful adoption requires clear executive sponsorship. The objective is not to “implement Agile.” It is to improve the delivery of value while maintaining safety and effectiveness. Without alignment on leadership across functions, iterative practices stall.

At the same time, large-scale mandates rarely work. A focused pilot team, staffed with cross-functional problem solvers, can demonstrate measurable improvement and build organizational confidence before broader rollout.

Two extremes undermine progress:

  • Rapid iteration without automation, documentation discipline, or risk integration
  • Rigid adherence to legacy processes that resist adaptation

Sustainable change requires shared ownership. Development must understand regulatory expectations. Quality and regulatory must understand iterative delivery. Incentives must align around value creation, not functional boundaries.

Agile in MedTech and SaMD is not a one-time transformation. It is an ongoing organizational discipline.

Why This Matters Now

Software now defines competitive advantage in MedTech and SaMD. Clinical value is increasingly delivered through connected ecosystems, data integration, AI-enabled functionality, and continuous updates. Hardware alone no longer determines differentiation.
At the same time, external pressure is increasing. Organizations are operating in an environment defined by:

  • Intensifying cybersecurity expectations
  • Expanding oversight of AI-enabled systems
  • Growing reliance on real-world performance data
  • Continued regulatory scrutiny

This creates a structural requirement, not a preference. Organizations must improve responsiveness to software-driven innovation while maintaining disciplined control over safety, risk, and compliance.

Agile practices, when integrated with right-sized quality systems and continuous risk management, provide a way to manage both.

The takeaway from the discussion is clear: in a software-defined MedTech and SaMD landscape, the ability to learn, adapt, and release responsibly is no longer optional. It is foundational to sustained performance.

Watch Webinar Recording
Michael Iglesias, Global Quality Advisor, Roche

Associate Director, Quality Assurance, Merck

Michael Iglesias

Michael Iglesias leads Digital Health Engineering and Quality at Merck, building scalable frameworks for regulated digital health solutions. He has held senior quality and advisory roles at Roche, Novo Nordisk, Eli Lilly, Philips, and Johnson & Johnson, specializing in software quality, connected health, and global regulatory alignment.

Jason Gorman Headshot

Sr. Director, Global Product Regulatory Affairs

Jason Gorman

Jason Gorman is a quality, regulatory, and compliance leader in medical device and digital health. He leads Global Product Regulatory Affairs at ResMed, guiding regulatory strategy for hardware, software, and AI-driven healthcare solutions. He previously held senior leadership roles at Propeller Health and Accuray, building global quality systems and securing international regulatory approvals.

Bernhard Kappe

CEO & Founder, Orthogonal

Bernhard Kappe

Bernhard is a MedTech leader with over a decade of experience in Software as a Medical Device, Digital Therapeutics, and connected medical device systems. He has led the launch of medical device software, authored Agile in an FDA Regulated Environment, co-authored the AAMI report on cloud computing for medical devices, and founded ChiPMA and the Chicago Lean Startup Challenge.

Randy Horton, VP of Solutions and Partnerships, Orthogonal

Chief Solutions Officer, Orthogonal

Randy Horton

Randy helps MedTech companies accelerate development of Software as a Medical Device, digital therapeutics, and connected device systems by applying modern software and product practices, including Agile and Lean.

Related Posts

Talk

How to Create an Agile Organizational Structure

Talk

The Value of Digital Ecosystems and How You Build Them

Talk

Lessons Learned from 2025, Plans for 2026 for Digital

Talk

SaMD Development and the Use of AI Tooling

Back to Insights
BSI ISO 13485 Logo
Terms of Use | Privacy Policy | Careers
All Rights Reserved © 2026 Orthogonal