What is the difference between verification and validation in medical device development?

Verification answers "did we build the product correctly?" — it checks that design outputs meet design inputs. Validation answers "did we build the correct product?" — it confirms the device meets its intended use under actual or simulated use conditions. ISO 13485 §7.3.6 covers design and development verification; §7.3.7 covers validation. Both are required and both require documented planning.

Does ISO 14971 require a separate V&V plan?

ISO 14971 §5.6 requires verification of risk control measures — confirming that controls were implemented correctly and that they achieved the intended risk reduction. This is verification activity that must be planned and documented. It is distinct from general design verification under ISO 13485 §7.3.6, and a V&V Plan that addresses both avoids the common audit finding of risk control verification being untraceable.

What verification methods does the template support?

The template documents four standard verification methods: Test (executing the product against defined acceptance criteria), Analysis (calculation, simulation, or model-based review), Inspection (physical or documented review), and Demonstration (operational walkthrough without instrumented measurement). Each verification activity in the plan specifies the method, and the RTM traceability summary links activities to requirements and risk controls.

Free V&V Plan Template

Verification confirms you built it right. Validation confirms you built the right thing. Both require a plan.

A free Verification and Validation Plan template for regulated product development. Covers governance, verification and validation planning by activity, schedule, deliverables, RTM traceability summary, and standard-specific guidance for ISO 13485, ISO 14971, IEC 62304, DO-178C, ISO 26262, and AS9100. No account, no gate.

Download V&V Plan Template (.docx) All free templates →

Document structure

§1–2 Introduction & Governance

Scope, referenced documents, roles and responsibilities, and approval structure for the V&V Plan.

§3 Verification Plan

Verification strategy, activities by requirement (VER-xxx IDs), methods (Test / Analysis / Inspection / Demonstration), acceptance criteria, and traceability to REQ-xxx IDs.

§4 Validation Plan

Validation strategy, activities (VAL-xxx IDs), intended use coverage, simulated use conditions, and acceptance criteria tied to user needs.

§5–8 Schedule, Deliverables & Standards

Milestone schedule, V&V deliverables list, RTM traceability summary, and standard-specific guidance sections for each applicable standard.

What V&V planning requires you to do

A V&V Plan is not a test script. It defines the strategy: what activities will confirm that design outputs meet design inputs (verification) and that the device meets its intended use (validation), how those activities will be conducted, and how results will be documented and reviewed. Without a plan, V&V evidence is difficult to scope and harder to defend at audit.

Verification is not validation

ISO 13485 §7.3.6 and §7.3.7 are separate requirements with separate records. Verification checks design outputs against design inputs. Validation checks that the finished device meets user needs under real or simulated use conditions. Auditors look for both.

Every requirement needs a V&V activity

The RTM traceability summary section maps each REQ-xxx, HAZ-xxx, and FMEA-xxx reference to at least one VER-xxx or VAL-xxx activity. Gaps in this mapping are the most common audit finding in design V&V review. The template's traceability table makes gaps visible before the auditor arrives.

Risk control verification is separate

ISO 14971 §5.6 requires verification that risk control measures were implemented and achieved the intended risk reduction. This is separate from general design verification. The plan's HAZ-xxx and FMEA-xxx trace columns ensure risk control verification activities are planned alongside design verification activities, not discovered after the fact.

Section reference

Each section of the template corresponds to a distinct planning obligation. Complete them in order during design and development planning, before verification and validation activities begin.

Section	What it covers	When to complete
§1 Introduction	Document purpose, product scope, applicable standards, and referenced documents (SRS, risk management plan, test case specification).	At plan creation, during design planning phase.
§2 Governance	Roles and responsibilities for V&V execution, review, and approval. Independence requirements (IEC 62304, DO-178C). Change control process for the plan itself.	At plan creation. Update if team changes.
§3 Verification Plan	Verification strategy and one row per VER-xxx activity: description, method (Test / Analysis / Inspection / Demonstration), acceptance criteria, responsible party, linked REQ-xxx IDs, and status.	After design inputs are defined. Update as requirements evolve.
§3.4 Risk Control Verification	VER-xxx activities specifically for ISO 14971 §5.6 risk control verification, linked to HAZ-xxx hazard IDs and FMEA-xxx failure mode IDs. Documents that controls were implemented and effective.	After risk controls are defined in the hazard log or FMEA.
§4 Validation Plan	Validation strategy and one row per VAL-xxx activity: intended use scenario, acceptance criteria, simulated or actual use conditions, linked user need IDs, and status.	After user needs are defined. Finalize before design freeze.
§5 Schedule	Milestone plan linking V&V activities to design phase gates. Identifies which activities must complete before design transfer.	At plan creation. Keep updated through design phases.
§6 Deliverables	List of V&V records to be produced: test reports, inspection records, analysis reports, validation summaries. Each deliverable identifies the responsible party and target completion.	At plan creation.
§7 Traceability Summary	RTM cross-reference table: REQ-xxx → VER-xxx, user needs → VAL-xxx, HAZ-xxx → VER-xxx, FMEA-xxx → VER-xxx. Identifies any requirements or risk controls without a planned V&V activity.	After §3 and §4 are complete. Update as activities are added.
§8 Standard Guidance	Standard-specific notes for ISO 13485, ISO 14971, IEC 62304 (by safety class), FDA QMSR, DO-178C (by DAL), ISO 26262 (by ASIL), and AS9100. Delete or retain sections for applicable standards.	Customize at plan creation based on applicable standards.

Standards coverage

V&V planning is required across all major regulated-product standards. The specific clause, independence requirements, and depth of evidence differ by standard and product safety class or criticality level.

Standard	Relevant clause	What the plan addresses
ISO 13485:2016	§7.3.6 Design and development verification, §7.3.7 Design and development validation	Separate verification and validation planning with documented acceptance criteria. §7.3.6 requires planned verification to confirm design outputs meet design inputs. §7.3.7 requires validation under actual or simulated use conditions before delivery. Both require records retained in the design history file.
ISO 14971:2019	§5.6 Implementation and verification of risk control measures	Risk control verification activities planned alongside general design verification. The §3.4 section of the template documents VER-xxx activities linked to each HAZ-xxx or FMEA-xxx risk control, confirming controls were implemented correctly and achieved intended risk reduction.
IEC 62304:2006+A1	§5.6 Software integration testing, §5.7 Software system testing, §8 Software maintenance	Software safety class determines V&V rigor. Class A: document testing. Class B: unit test coverage plus integration testing. Class C: full unit, integration, and system test planning with traceability to all software requirements. The plan's §8 guidance section includes class-specific notes.
FDA QMSR (21 CFR 820)	§820.30(f) Design verification, §820.30(g) Design validation	QMSR (effective Feb 2026) incorporates ISO 13485 by reference and aligns verification and validation requirements with §7.3.6/7.3.7. The plan structure satisfies both the pre-QMSR 820 design control requirements and the QMSR alignment. FDA specifically requires validation under actual or simulated conditions of use.
DO-178C	Table A objectives by DAL, §6.4 Software verification process	DO-178C defines verification objectives by Design Assurance Level. DAL A requires coverage of all MCDC conditions, full structural coverage, and independence between development and verification. The plan's verification activity table and independence fields support DO-178C compliance. §8 guidance notes which objectives apply at each DAL.
ISO 26262:2018	Part 6 §9–11 Software unit testing, integration testing, and verification by ASIL	ASIL level determines required coverage metrics and testing methods. ASIL D requires statement coverage, branch coverage, and MC/DC for software testing. The plan structures verification activities by ASIL-driven method requirements. §8 guidance notes ASIL-specific obligations for software and hardware V&V.
AS9100 Rev D	§8.3.4 Design and development controls, §8.3.5 Design and development outputs	AS9100 requires planned verification and validation as part of design controls. The plan documents the review and approval gates that AS9100 §8.3.4 requires, links verification activities to design outputs, and provides the objective evidence structure for configuration audits and first article inspections.

Using this alongside other templates

The V&V Plan template is designed to work with the full RTMify template family. The traceability summary section references IDs from each of these documents.

RTM Template

REQ-xxx and user need IDs from the Requirements Tracking Template are the primary inputs to §3 and §4 of the V&V Plan. Every requirement must have at least one VER-xxx activity. Every user need must have at least one VAL-xxx activity.

FMEA Template

FMEA-xxx IDs from the FMEA template feed §3.4 risk control verification. Each recommended action in the FMEA that was implemented as a risk control needs a planned VER-xxx activity to confirm the control was correctly implemented and effective.

Hazard Log

HAZ-xxx IDs from the Hazard Log template reference top-level risk control verification activities in §3.4. The V&V Plan closes the ISO 14971 §5.6 loop: hazard identified in the log, control implemented, verification planned and executed.

RTMify Trace

RTMify Trace reads the Requirements Tracking Template and generates an RTM PDF, Markdown, or Word document that surfaces gaps between requirements and tests. Use it to validate that the traceability summary in §7 of the V&V Plan is complete before review.

Download RTM Template (.xlsx) All free templates →

Download the V&V Plan template

Free Verification and Validation Plan template for ISO 13485, ISO 14971, IEC 62304, DO-178C, ISO 26262, and AS9100. Word document (.docx), ready to fill in.

Download V&V Plan Template (.docx) All free templates →