For RA & QA teams · medical device compliance

Prove you saw it the moment it happened.

ComplianceBrief watches FDA MedWatch around the clock, hashes every alert with SHA-256 the instant it is retrieved, and builds the timestamped record your next management review will need.

See a sample verification record

SOC 2Type II audit in progress

HIPAAaligned architecture

21 CFRPart 11 electronic records

Verification Ledger3 new today

Class I Recall2h ago

Infusion Pump Software - Recall Notice

FDA MedWatch

SHA-256

Safety Communication4h ago

Cardiac Monitor - Battery Failure Risk

FDA MedWatch

SHA-2567f3a9b2c…d1

Guidance6h ago

Digital Health Technologies - Draft Guidance

FDA MedWatch

SHA-2564e21f0a8…88

Every entry archived, timestamped, and exportable for audit

FDA medical device warning letters rose 96% from FY2023 to FY2024, from 24 to 47.

Source: FDA.gov enforcement data, FY2023–FY2024

Post-market surveillance scrutiny is increasing. Management reviews need to show alerts were monitored as they happened, not reconstructed after the fact. QMSR Clause 5.6.2 requires documented inputs to management review. A timestamped audit trail is that evidence.

The difference

Monday morning, before and after

Before

Manual routine

1Check FDA MedWatch website manually
2Download new safety alerts as PDFs
3Forward them to the team via email
4Update the Alerts-to-Review spreadsheet

45 minutes

Email thread + Excel file

After

With ComplianceBrief

Dashboard shows new alerts automatically
Team sees them immediately, no forwarding
Review, mark relevance, assign for follow-up
System archives with SHA-256 verification

15 minutes

Audit record with SHA-256 hash

Time saved: 2.5 hours per week·130 hours per year per person

How it fits

Compliance infrastructure, not a replacement

ComplianceBrief feeds verified alert evidence into your existing eQMS workflow. It does not replace Greenlight Guru, MasterControl, or any other quality system. It fills the gap those systems leave open: continuous FDA monitoring with cryptographic proof of receipt.

What ComplianceBrief does

Continuously monitors FDA MedWatch for new alerts
SHA-256 hashes every alert at the point of retrieval
Stores an immutable, timestamped archive
Exports records for management review inputs
Covers recalls, safety communications, and guidance

What it complements (your eQMS)

Document control and CAPA workflows
Risk management and design history files
Supplier qualification records
Internal audit management
SOPs and training records

Built for regulated environments. Every record ComplianceBrief produces is designed to be referenced directly by your auditor, not summarised for them.

Tamper detection demo Audit-proof bundle (ZIP)

Pricing

Founding access: free for the first 100 teams

Start building your audit trail today. No credit card required, no procurement process. Paid plans start after founding access closes. You will be notified in advance.

$0/ month

Founding access: first 100 teams

Full FDA MedWatch monitoring, all alert categories
SHA-256 verification on every retrieved alert
Immutable timestamped archive
Team dashboard with shared visibility
Exportable audit records for management review
Email digest of new alerts

No credit card required

After founding access closes

Paid plans for ongoing teams

Pricing is being finalised for small and mid-size medical device teams. Founding access teams will be the first to know, and will have the option to continue before any charge applies.

Everything in founding access
Priority product access as features ship
Grandfathered pricing for founding teams

Questions about pricing? Email support@compliancebrief.health

How it works

Three steps replace manual monitoring

Monitor official FDA MedWatch sources

Continuous polling captures every alert the moment it is published, with no manual checks required.

Archive with cryptographic verification

SHA-256 hashing and immutable storage create a tamper-evident record at the point of retrieval.

Deliver alerts and exportable audit records

Email digests, a shared dashboard, and one-click export for management review inputs.

The problem

FDA alert monitoring is still largely manual at most device companies

Problem #1

Fragmented monitoring across email and spreadsheets

No central visibility into who saw which alerts
Information gaps when alerts go to personal inboxes
Duplicate work when multiple people track the same sources

Most regulatory teams rely on disparate sources such as spreadsheets with links, manual web searches, email alerts, and agency/specialized website review. This process is generating a lot of distraction for the team members due to multiple and duplicate e-mail alerts and internal e-mails forwarded by colleagues.

MedBoard whitepaper on regulatory intelligence (2025)

How ComplianceBrief solves it

One dashboard

Replaces multiple email subscriptions and manual checks.

Team-wide visibility

Everyone sees the same information. No inbox silos.

Searchable archive

Every past alert retrievable with full source proof.

79%

Report insufficient resources for all priorities

MTI Medical Device Regulatory Report 2024 (n=700)

69%

Lack confidence in their current QMS

Greenlight Guru State of Medical Device Industry 2025 (n=536)

Problem #2

Manual monitoring doesn't scale

Regulatory professionals report spending 3 to 8 hours per week on alert collection, not analysis. Headcount stays flat while post-market surveillance requirements expand.

79% of regulatory professionals report insufficient resources to complete all priorities.

How ComplianceBrief solves it

Automated monitoring

Eliminates manual website checks and inbox triage.

3 to 5 hours back per week

Time returned from collection to analysis.

Focus on analysis

Your team reviews impact instead of chasing alerts.

Problem #3

Documented regulatory monitoring is now a US federal requirement under the QMSR

The QMSR, in effect since February 2, 2026, incorporates ISO 13485:2016 into US federal law. Clause 5.6.2 requires management review inputs to address applicable new or revised regulatory requirements.

Typical gaps a QMS auditor looks for

No documented procedure for regulatory monitoring
Management reviews lack supporting records
Cannot demonstrate when changes were identified

How ComplianceBrief supports your QMS

Timestamped record of when each FDA alert arrived
SHA-256 cryptographic verification, tamper-evident
Exportable audit reports for management review

ComplianceBrief supports compliance workflows. It does not guarantee FDA compliance or replace your Quality Management System.

Product

What's included

Live today, plus what's on the roadmap.

Live now

Real-time FDA MedWatch

Real-time FDA MedWatch monitoring
Daily email digest
SHA-256 cryptographic verification
Tamper-proof audit trail
Export compliance reports
Searchable archive

In development

AI-powered summarization

AI-powered summarization
Relevance filtering by device type
Advanced search and filters

Planned

API access and integrations

API access
eQMS integrations (Greenlight Guru, MasterControl)
Multi-jurisdiction support (EU MDR, Health Canada)

The dashboard

See ComplianceBrief in action

app.compliancebrief.health/dashboard

High PriorityJanuary 15, 2025

FDA Issues New Guidance on Digital Health Technologies

Summary

The FDA has released updated guidance for software as a medical device (SaMD), including new requirements for clinical evaluation and risk management processes. This affects all digital health companies developing AI/ML-based diagnostic tools.

Source

U.S. Food and Drug Administration

View original document

Audit Trail

SHA-256a1b2c3d4e5f6...

Archived: January 15, 2025 at 2:30 PM EST

Live features: real-time alerts, SHA-256 archive, compliance export. AI summarization and advanced search are in development.

Scope

Clear about what we do

ComplianceBrief is focused FDA MedWatch infrastructure. It is not an eQMS replacement.

What ComplianceBrief does

Systematic FDA MedWatch monitoring

Cryptographic verification and audit-ready documentation. Replaces manual checking, email forwarding, and spreadsheet tracking.

What it complements

Your existing eQMS

Greenlight Guru, MasterControl, and similar tools handle CAPAs, design controls, and document management. ComplianceBrief handles FDA alert monitoring. They work together.

FAQ

Questions from RA and QA teams

We already get FDA email alerts for free. Why pay for this?

Free FDA alerts land in individual inboxes. There is no team visibility, no search, and no proof of systematic monitoring for audits.

ComplianceBrief organises them into a shared system with SHA-256 verified timestamps. That is the kind of documented evidence an auditor can reference, not a forwarded email chain.

Our eQMS already handles document control. Do we need this?

eQMS tools manage document control, CAPAs, and risk files. They do not continuously monitor FDA MedWatch or produce cryptographic proof of when an alert arrived. ComplianceBrief fills that gap and feeds the evidence into your eQMS-driven process.

ComplianceBrief

"FDA just published new cybersecurity guidance. Received and hashed at 08:14."

Your eQMS

"Here is the gap analysis, CAPA, and rollout plan."

Can't we just assign someone to monitor FDA websites?

Manual monitoring does not produce a verifiable, timestamped, tamper-evident record. A person checking a website cannot generate cryptographic proof of when an alert was seen. And as headcount stays flat while regulatory volume grows, the manual approach does not scale.

ComplianceBrief automates the monitoring and produces the audit trail that manual checking cannot. Your Regulatory Affairs team is freed for analysis instead of data collection.

Is this HIPAA compliant?

ComplianceBrief monitors public FDA MedWatch data only. No patient health information is processed. The infrastructure uses TLS in transit and AES-256 at rest. Our architecture is designed to align with HIPAA requirements, and a SOC 2 Type II audit is in progress.

What happens after the founding access period ends?

Founding teams keep their full archive and audit history. Paid plans will start at pricing appropriate for small and mid-size medical device teams. You will be notified in advance and given the option to continue before any charge applies. No credit card is required to start.

Security & compliance

Built for healthcare compliance requirements

SOC 2 Type II

Audit underway. Report available on request.

HIPAA-aligned

Architecture designed for PHI safeguards.

21 CFR Part 11

Supports electronic records documentation.

Encrypted

TLS in transit, AES-256 at rest.

Start building your audit trail today

Free for the first 100 teams. No credit card required, no procurement process. The timestamped, SHA-256 verified record your next management review will need.

Full archive access from day one
SHA-256 verified on every alert
Exportable records for management review