Foundation Reporting produces compliance reports on demand or on schedule, covering every aspect of device operation from firmware integrity to AI model governance. Evidence that would take a team of specialists weeks to assemble manually is generated continuously, without human intervention.
Foundation Reporting covers every layer of a regulated connected device: the device itself, its AI subsystem, the fleet it belongs to, and the cloud infrastructure it connects to. Each report is generated from data already captured by Foundation Core, with no additional instrumentation required.
Each report can be generated on demand or produced automatically on a schedule. All data is drawn from live system telemetry; there is no manual data entry, no spreadsheet reconciliation, and no risk of transcription errors.
8-bit compliance flag register, uptime, activity summary, and issue alerts. The single-page status of your device.
DeviceTamper-evident event log with CRC32 validation, sequence verification, and category breakdown with daily activity trends.
DeviceSHA-256 firmware hashes, flash CRC32, secure boot chain verification, and partition status across every check cycle.
DeviceISO 14971:2019 compliance with full hazard-to-control traceability, verification status, and per-control evidence for all risk categories.
DeviceSPDX 2.3 compatible export with licence analysis, CVE tracking, vulnerability scoring, and component hash verification.
DeviceMemory, cryptographic, peripheral, watchdog, flash, and sensor test results with execution time trends and IEC 62304 Class B compliance evidence.
DeviceInference latency distribution, resource utilisation, numerical stability, safety supervision status, and IPC communication statistics.
AIKL divergence, PSI scores, feature drift analysis, and concept drift detection with automatic fallback activation and reference distribution comparison.
AIISO 42001:2023 control status, model identity and integrity, classification performance, confidence analysis, and human oversight fallback metrics.
AIHSM operations summary, certificate lifecycle status, key rotation schedule, TLS session statistics, and security incident log.
FleetDevice lifecycle tracking, firmware deployment status, provisioning activity log, fleet health metrics, and regulatory traceability.
FleetMicroservice health, access control audit, data residency and GDPR compliance, vulnerability management, and framework certification status.
CloudAssembling the evidence that Foundation Reporting produces automatically requires sustained effort from multiple specialists across regulatory affairs, cybersecurity, software engineering, DevOps, and quality assurance. This is a comparison of the monthly effort required to maintain continuous compliance confidence for a single device type.
Without Foundation Reporting, maintaining continuous compliance confidence requires access to specialists across five distinct disciplines. These roles are difficult to recruit, expensive to retain, and rarely available in smaller medical device companies.
| Discipline | Expertise required | Reports covered |
|---|---|---|
| Regulatory affairs | IEC 62304, ISO 14971:2019, EU MDR 2017/745, FDA QMSR, ISO 42001:2023 | Compliance, risk controls, AI governance |
| Cybersecurity | IEC 81001-5-1:2021, secure boot, PKI, HSM operations, CVE analysis | Integrity, SBOM, fleet security |
| Embedded firmware | Zephyr RTOS, Nordic nRF, MCUboot, flash partition management | Integrity, self-test, secure boot chain |
| Machine learning | Drift detection, quantised inference, edge AI, statistical monitoring | AI health, drift monitoring, model governance |
| DevOps / cloud | ISO 27001:2022, SOC 2, HIPAA, GDPR, microservice observability | Cloud compliance, fleet provisioning |
Regulatory submissions for connected medical devices require extensive evidence of ongoing compliance. Foundation Reporting produces this evidence continuously, reducing the scope of work required for both initial approval and post-market surveillance.
Reports are designed to map directly to the evidence requirements of EU MDR, FDA 510(k), and UKCA. Report content aligns with the structure and data expectations of notified bodies and regulatory authorities, reducing the reformatting and repackaging work that typically delays submissions.
Regulators require ongoing evidence of compliance, not just a snapshot at the point of submission. Foundation Reporting provides this continuously. When a notified body requests evidence of post-market surveillance, the data is already available and current, rather than requiring retrospective data-gathering.
ISO 13485:2016 and ISO 27001:2022 auditors expect to see evidence of systematic monitoring and reporting. With Foundation Reporting running continuously, there is no preparation period before an audit. The evidence exists in a consistent format and is available on demand, reducing the disruption and cost of each audit.
AI-enabled medical devices face additional scrutiny under ISO 42001:2023 and emerging AI regulatory frameworks. Foundation Reporting generates ISO 42001:2023 control evidence, drift monitoring, and performance tracking automatically, providing the documentation that regulators are beginning to require for AI/ML-based SaMD.
Every report links back to source data through cryptographically verified audit trails. Hazards trace to risk controls, risk controls trace to verification evidence, SBOM components trace to CVE assessments. This end-to-end traceability is precisely what ISO 14971:2019 and IEC 62304 require, and it is maintained without manual effort.
The regulatory submission process is often the longest single phase in bringing a connected medical device to market. When the compliance evidence is being generated from day one of development, the documentation package for submission is substantially complete before you reach the formal submission stage.