1-617-752-1327

QES Medical LLC
Quality & Regulatory Consulting
Who We Are and What We Do
QES Medical LLC is a consulting firm, founded in 2009, providing a variety of quality, regulatory and software development consulting services to the medical device industry, as well as to the pharmaceutical industry.
​
We help companies achieve and maintain QMS certification; software life cycle processes; cGMP; and product regulatory clearance.
​
We have vast experience helping both, small and large companies, which give us the perspective and ability to help clients based on their specific needs, always ensuring that clients receive compliant and adequate services. Contact us today and see what we can do for you.

Get to Know Us
​

Oscar Garcia
Founder & Chairman
Oscar Garcia is an entrepreneur with a strong engineering and business background and 20 years of experience in the medical device industry, in the quality and regulatory area, including large companies, such as Abbott Laboratories and Covidien (now Medtronic). Oscar has also been part of several medical device start-up companies, including a vascular robotic company with an acquisition exit of $1.1 billion US dollars.
​
Oscar holds an industrial engineering degree from INTEC University, a graduate certificate in business from Salem State University, an executive education certificate in family office wealth management from Harvard Business School, and an alternative investments certificate from Harvard Business School
​
Oscar is the Founder & Chairman of QES Medical LLC, which is a consulting firm, founded in 2009 in the Greater Boston Area, providing a variety of quality, regulatory and software development consulting services to the medical device industry, as well as to the pharmaceutical industry. Oscar is also the Founder & Managing Partner of the venture capital firm GD Partners LLC, which invests in life science companies; alternative investments; and mutual funds.
Quality and Regulatory Services
​
Quality Management Systems
QMS Development and Support
We can help you develop and maintain your Quality Management Systems in accordance with the applicable standards and regulations, including ISO 13485, FDA QSR 21 CFR part 820, 21 CFR part 210/211 and 21 CFR part 4. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.
Design Control
Support Design and Development Activities
We can help you plan, develop and maintain your design control documentation for all your design and development activities in accordance with the applicable standards and regulations, including ISO 13485:2016 and FDA 21CFR820 Sec. 820.30, as well as IEC 62304 - Medical Device Software Compliance and IEC 62366-1 - Usability Engineering. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.
Risk Management
Risk Management Process and Risk Management File
We can help you develop or upgrade your risk management process. We can also plan, develop and maintain your product risk management file in accordance with the applicable standards and regulations, including ISO 14971:2019. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.
QMS Audits
Audit Readiness Planning
We have vast experience preparing teams to successfully host audits. Benefit from our expertise and let us help your team learn and use effective techniques, which will allow your company to be ready for your upcoming QMS audit. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.
Training
Training and Educating your Staff
We have a variety of training sessions in key processes, such as Design Control and Risk Management, as well as in the entire Quality Management Systems. These trainings are ideal for those companies, or individuals, who are looking to implement, upgrade or better understand these processes and their application on their product. Contact us today by booking your desired service shown below.
Other Services
General Support
We offer other services to help you achieve your objectives. These include cleanroom services (on-site microbial air and surface environmental monitoring services for cleanrooms); QMS audits and remediation, including combination product compliance per 21 CFR part 4 and 21 CFR part 210 / 211; medical device software life cycle processes and activities; supplier control management; implementation of electronic QMS platforms per ISO 13485, FDA QSR 21 CFR part 820 and 21 CFR part 11; among others. Contact us today by booking your desired service shown below.
Cybersecurity Services
Helping Medical Device, Digital Health, Healthcare, and Industrial Organizations Build Secure, Compliant, and Resilient Systems and Devices.
QES Medical cybersecurity services are aligned with recognized industry frameworks and standards, including:
-
ISO/IEC 27001
-
NIST Cybersecurity Framework (CSF)
-
CIS Controls
-
IEC 62443
-
IEC 81001-5-1
-
SOC 2
-
HIPAA Security Rule
-
FDA cybersecurity expectations
-
EU MDR cybersecurity requirements
At QES Medical, we help organizations navigate the intersection of cybersecurity, compliance, and product development to build secure and resilient systems and devices that meet evolving industry expectations.
Medical Device & Digital Health Cybersecurity
Supporting medical device manufacturers, connected medical devices, and Software as a Medical Device (SaMD) developers with cybersecurity activities aligned with industry expectations and regulatory requirements.
Services include:
-
Cybersecurity risk assessments
-
Threat modeling and security architecture reviews
-
Vulnerability assessments and penetration testing
-
SBOM analysis and software supply chain security assessments
-
IEC 81001-5-1 cybersecurity assessments
-
Medical device cybersecurity documentation and regulatory support.
OT / ICS Security
Helping industrial organizations assess and strengthen the security of operational technology environments and industrial control systems.
Services include:
-
OT and ICS cybersecurity assessments
-
Industrial network security reviews
-
Vulnerability assessments
-
Security architecture evaluations
-
IEC 62443 alignment support
-
Risk assessments for manufacturing and critical infrastructure environments.
.
IT Security Assessments
Evaluating enterprise technology environments to identify vulnerabilities and improve cybersecurity maturity.
Services include:
-
Infrastructure and network security assessments
-
Cloud security assessments
-
Application security assessments
-
Security configuration reviews
-
Cybersecurity maturity assessments aligned with CIS, NIST, and ISO 27001 frameworks
.
Vulnerability Assessment & Penetration Testing (VAPT)
Identifying, evaluating, and helping organizations address security vulnerabilities across their technology environments.
Testing may include:
-
Networks
-
Applications
-
APIs
-
Cloud environments
-
Connected devices
-
Product cybersecurity assessments
Cybersecurity Compliance & Risk Advisory
Helping organizations establish cybersecurity programs aligned with recognized standards, frameworks, and regulatory expectations.
Services include:
-
ISO 27001 alignment and gap assessments
-
SOC 2 readiness assessments
-
HIPAA security assessments
-
NIST Cybersecurity Framework (CSF) alignment
-
Cybersecurity governance frameworks
-
Security policies and procedures
-
Cyber risk assessments
.
Regulatory Cybersecurity Documentation & Support
Supporting organizations with cybersecurity documentation needed for regulated products and compliance activities.
Services include:
-
Cybersecurity plans
-
Threat models
-
Risk assessments
-
Security verification and validation documentation
-
FDA 510(k) cybersecurity documentation support
-
EU MDR cybersecurity documentation support
-
Audit-ready cybersecurity evidence
Continuous Security Support.
​Providing ongoing cybersecurity support to help organizations monitor, manage, and respond to evolving threats.
Services include:
-
Vulnerability management
-
CVE monitoring
-
Patch advisory support
-
Security risk monitoring
-
Incident response support
​
2 hr
Contact for pricing2 hr
Contact for pricing2 hr
Contact for pricing2 hr
Contact for pricing1 hr
Contact for pricing






