top of page
Casual Business Meeting

QES Medical LLC

Quality & Regulatory Consulting

Who We Are and What We Do

QES Medical LLC is a consulting firm, founded in 2009, providing a variety of quality, regulatory and software development consulting services to the medical device industry, as well as to the pharmaceutical industry.

​

We help companies achieve and maintain QMS certification; software life cycle processes; cGMP; and product regulatory clearance.

​

We have vast experience helping both, small and large companies, which give us the perspective and ability to help clients based on their specific needs, always ensuring that clients receive compliant and adequate services. Contact us today and see what we can do for you.

Getting Coffee

Get to Know Us

​

Oscars Pic 3.jpg

Oscar Garcia

Founder & Chairman

Oscar Garcia is an entrepreneur with a strong engineering and business background and 20 years of experience in the medical device industry, in the quality and regulatory area, including large companies, such as Abbott Laboratories and Covidien (now Medtronic). Oscar has also been part of several medical device start-up companies, including a vascular robotic company with an acquisition exit of $1.1 billion US dollars.

​

Oscar holds an industrial engineering degree from INTEC University, a graduate certificate in business from Salem State University, an executive education certificate in family office wealth management from Harvard Business School, and an alternative investments certificate from Harvard Business School

​

Oscar is the Founder & Chairman of QES Medical LLC, which is a consulting firm, founded in 2009 in the Greater Boston Area, providing a variety of quality, regulatory and software development consulting services to the medical device industry, as well as to the pharmaceutical industry. Oscar is also the Founder & Managing Partner of the venture capital firm GD Partners LLC, which invests in life science companies; alternative investments; and mutual funds.

Quality and Regulatory Services

​

Quality Management Systems

QMS Development and Support

We can help you develop and maintain your Quality Management Systems in accordance with the applicable standards and regulations, including ISO 13485, FDA QSR 21 CFR part 820, 21 CFR part 210/211 and 21 CFR part 4. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.

Design Control

Support Design and Development Activities

We can help you plan, develop and maintain your design control documentation for all your design and development activities in accordance with the applicable standards and regulations, including ISO 13485:2016 and FDA 21CFR820 Sec. 820.30, as well as IEC 62304 - Medical Device Software Compliance and IEC 62366-1 - Usability Engineering. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.

Risk Management

Risk Management Process and Risk Management File

We can help you develop or upgrade your risk management process. We can also plan, develop and maintain your product risk management file in accordance with the applicable standards and regulations, including ISO 14971:2019. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.

QMS Audits

Audit Readiness Planning

We have vast experience preparing teams to successfully host audits. Benefit from our expertise and let us help your team learn and use effective techniques, which will allow your company to be ready for your upcoming QMS audit. We can work on a project basis, or we can engage in short or long terms quality team contracts to help you achieve your objectives. Contact us today by booking your desired service shown below.

Training

Training and Educating your Staff

We have a variety of training sessions in key processes, such as Design Control and Risk Management, as well as in the entire Quality Management Systems. These trainings are ideal for those companies, or individuals, who are looking to implement, upgrade or better understand these processes and their application on their product. Contact us today by booking your desired service shown below.

Other Services

General Support

We offer other services to help you achieve your objectives. These include cleanroom services (on-site microbial air and surface environmental monitoring services for cleanrooms); QMS audits and remediation, including combination product compliance per 21 CFR part 4 and 21 CFR part 210 / 211; medical device software life cycle processes and activities; supplier control management; implementation of electronic QMS platforms per ISO 13485, FDA QSR 21 CFR part 820 and 21 CFR part 11; among others. Contact us today by booking your desired service shown below.

Cybersecurity Services

Helping Medical Device, Digital Health, Healthcare, and Industrial Organizations Build Secure, Compliant, and Resilient Systems and Devices.

QES Medical cybersecurity services are aligned with recognized industry frameworks and standards, including:

  • ISO/IEC 27001

  • NIST Cybersecurity Framework (CSF)

  • CIS Controls

  • IEC 62443

  • IEC 81001-5-1

  • SOC 2

  • HIPAA Security Rule

  • FDA cybersecurity expectations

  • EU MDR cybersecurity requirements

At QES Medical, we help organizations navigate the intersection of cybersecurity, compliance, and product development to build secure and resilient systems and devices that meet evolving industry expectations.

Medical Device & Digital Health Cybersecurity

Supporting medical device manufacturers, connected medical devices, and Software as a Medical Device (SaMD) developers with cybersecurity activities aligned with industry expectations and regulatory requirements.

Services include:

  • Cybersecurity risk assessments

  • Threat modeling and security architecture reviews

  • Vulnerability assessments and penetration testing

  • SBOM analysis and software supply chain security assessments

  • IEC 81001-5-1 cybersecurity assessments

  • Medical device cybersecurity documentation and regulatory support.

OT / ICS Security

Helping industrial organizations assess and strengthen the security of operational technology environments and industrial control systems.

Services include:

  • OT and ICS cybersecurity assessments

  • Industrial network security reviews

  • Vulnerability assessments

  • Security architecture evaluations

  • IEC 62443 alignment support

  • Risk assessments for manufacturing and critical infrastructure environments.

.

IT Security Assessments

Evaluating enterprise technology environments to identify vulnerabilities and improve cybersecurity maturity.

Services include:

  • Infrastructure and network security assessments

  • Cloud security assessments

  • Application security assessments

  • Security configuration reviews

  • Cybersecurity maturity assessments aligned with CIS, NIST, and ISO 27001 frameworks

.

Vulnerability Assessment & Penetration Testing (VAPT)

Identifying, evaluating, and helping organizations address security vulnerabilities across their technology environments.

Testing may include:

  • Networks

  • Applications

  • APIs

  • Cloud environments

  • Connected devices

  • Product cybersecurity assessments

Cybersecurity Compliance & Risk Advisory

Helping organizations establish cybersecurity programs aligned with recognized standards, frameworks, and regulatory expectations.

Services include:

  • ISO 27001 alignment and gap assessments

  • SOC 2 readiness assessments

  • HIPAA security assessments

  • NIST Cybersecurity Framework (CSF) alignment

  • Cybersecurity governance frameworks

  • Security policies and procedures

  • Cyber risk assessments

.

Regulatory Cybersecurity Documentation & Support

Supporting organizations with cybersecurity documentation needed for regulated products and compliance activities.

Services include:

  • Cybersecurity plans

  • Threat models

  • Risk assessments

  • Security verification and validation documentation

  • FDA 510(k) cybersecurity documentation support

  • EU MDR cybersecurity documentation support

  • Audit-ready cybersecurity evidence

 

Continuous Security Support.

​Providing ongoing cybersecurity support to help organizations monitor, manage, and respond to evolving threats.

Services include:

  • Vulnerability management

  • CVE monitoring

  • Patch advisory support

  • Security risk monitoring

  • Incident response support

​

Contact Us

Greater Boston Area

1-617-752-1327

Thanks for submitting!

Download a Free Audit Readiness Checklist

Click here to download

Subscribe to our website here to stay informed!

Thanks for submitting!

  • LinkedIn
  • Facebook

©2026 by QES Medical LLC.

bottom of page