The medtech curriculum

Our full medtech curriculum. In detail. In one place.

Three modules. Twenty sub-modules. Every learning objective. Reproduced exactly as it stands in our internal curriculum document.

Modules in the full medtech curriculum.

Sub-modules, all reproduced verbatim on this site.

~180

Learning objectives using Bloom's taxonomy action verbs.

Three modules, delivered across the Embed sprint sequence.

Foundations establishes the common ground – AI regulatory & policy landscape, how AI works in MedTech, and the daily AI foundations in two parts. Applied Practice is the workhorse – thirteen sub-modules covering compliance, knowledge work, data, agentic AI, content creation, vibe coding and workflow automation, all tuned for medtech. Organisational Implementation moves from individual capability to organisational embedding – policy, environments, peer enablement and measurement.

Every engagement includes a bespoke version of the Foundations module, then selects the specific sub-modules from Applied Practice and Organisational Implementation that are right for that client.

A particular emphasis runs throughout the programme.

Beyond ensuring speed and efficiency, the curriculum is designed to apply AI to improve quality metrics – accuracy and depth in areas like report writing, trend analysis and audience-tailored reporting that are among the highest-value, highest-effort workflows across regulated medtech organisations.

Teaching participants to apply AI to these tasks delivers immediate, measurable returns and gives leaders a compelling proof point as skills diffuse across teams.

The foundation behind the medtech curriculum

The 150+ sub-module foundation behind this more selective medtech curriculum has transformed the practice of thousands of senior knowledge workers across regulated industries over the past two years.

The medtech version draws from that core and integrates the specific regulatory context as a thread running through every module – so that compliance is not a separate topic, but is woven into every AI use the curriculum covers.

Module 1

Foundations

The common ground every participant needs before deeper applied work begins – AI regulatory & policy landscape, how AI actually works in MedTech, and the daily AI foundations every participant uses every day.

AI Regulatory and Policy Landscape

Where AI for life sciences sits today in Ireland, and across the EU, UK, US and beyond.

Learning objectives

Describe the EU AI Act's risk-based classification system (unacceptable, high, limited, minimal) and identify where typical medtech AI use cases fall.
Identify Ireland's National Competent Authorities relevant to AI in life sciences (HPRA, DPC, others as applicable), describe their respective remits and understand the touchpoints through which EU AI regulation is enforced locally via these bodies.
Compare the regulatory postures of the EU, UK MHRA, US FDA, Health Canada and TGA with respect to AI in medtech.
Describe the FDA's evolving approach to AI/ML-enabled medical devices – Predetermined Change Control Plans, Good Machine Learning Practice, Computer Software Assurance – and what it implies for AI use inside medtech organisations.
Position the IMDRF Software as a Medical Device (SaMD) framework against the AI tools and harnesses participants are likely to encounter.
Articulate the "risk-reward" posture regulators are taking – encouraging adoption while requiring proportionate controls – and explain why blanket positions (either prohibition or unrestricted use) sit outside that posture.
Recognise the data-protection landscape (GDPR, HIPAA where relevant, ePrivacy) as a governing constraint on every AI use case touching personal or patient data.

How AI works in MedTech

Understanding of large language models so participants can use them well, challenge them sensibly and avoid common errors in daily use.

Learning objectives

Describe at a working level how a large language model produces its output – pattern continuation over learned distributions, not retrieval from a database.
Distinguish training, fine-tuning and in-context inference, and describe why each matters for what an LLM "knows" at the moment of use.
Explain the role of context window, memory limits and session boundaries - and predict how each affects output quality on long or complex medtech tasks.
Describe why hallucinations occur – plausible pattern completion under uncertainty – and recognise the workflow conditions that make them less likely.
Distinguish capability tiers across models (frontier, mid-tier, small or local) and choose proportionate to the task.
Recognise the limits of LLMs at exact arithmetic, deterministic recall, real-time information and authoritative citation, and route those tasks accordingly.
Describe what tool use, retrieval and function calling add to a base LLM, and when those additions are needed for a task.
Explain why blanket prohibition of AI fails due to productivity loss, shadow IT, reduced compliance through workarounds - and why undisciplined adoption fails too, via regulatory exposure, patient-safety risk and IP loss.
Apply a severity-by-likelihood-by-reversibility frame to assess AI use for a given task.
Classify an AI use case against patient-safety proximity, regulatory proximity and data sensitivity - to select the matching level of control.
Describe what data is appropriate for which class of AI tool – personal account, enterprise tenant, on-premise, validated environment – and recognise the boundary violations to avoid.
Recognise IP, confidentiality and contractual constraints on AI use (supplier agreements, customer NDAs, licensed datasets) and respect them in tool choice.
Recognise that AI outputs can encode bias from their training data – including under-representation of certain populations in clinical literature – and apply matching scepticism when AI touches diverse patient cohorts.
Recognise when the right answer is 'do not use AI for this task' and articulate why.
Decompose a real in-role task – such as regulatory writing, complaint review, evidence synthesis, training material drafting, supplier correspondence – into inputs, steps, decisions and outputs.
Use AI itself to analyse a candidate task and surface where assistance, automation or refusal is most appropriate.
Frame AI as both a procedural guide, helping work through a sequence correctly, and a high-quality assistant producing or improving the artefact.
Identify rework cycles in workflows – repeated revisions, re-explanations, formatting fixes, citation chasing – as priority candidates for AI support.
Distinguish quick wins - low risk, high frequency, clear output - from harder opportunities with high risk, judgement-heavy and ambiguous outputs.
Identify where AI-assisted quality metrics reporting could reduce rework, escalation or audit-finding risk in current workflows.

Daily AI Foundations - Part One

How to get the most out of AI when applied to the most common non-technical tasks in a knowledge worker's day.

Learning objectives

Use meta-prompting techniques to solve any task via AI
Apply the RBSF protocol – Role, Brief, Style, Format – to construct a prompt that yields structured, detailed and professionally appropriate output.
Write a Role that gives the AI a credible, scoped persona suited to the medtech task at hand, a Brief that states goal, audience, constraints, non-negotiables and source material clearly, specify a Style that controls tone, register, level of formality and use of regulated language - and specify a Format that aligns to the deliverable, such as memo, report, table, regulatory section or training slide.
Recognise when RBSF alone is sufficient and when additional techniques are required.
Iterate a prompt against output rather than rewriting from scratch when results disappoint.
Use Example-based Generation (EG) to shape AI output toward established templates, styles and regulatory formats.
Apply one-shot, two-shot and many-shot EG techniques, as appropriate to the difficulty and standardisation of the task.
Source examples that are representative, current and free of confidential or protected health information (PHI) content before using them in a prompt, whilst recognising the trade-off between consistency and diversity and avoiding common EG anti-patterns: overfitting to a single example, contaminating examples with sensitive data and the leakage of out-of-scope content.
Use EG to drive outputs that match established templates, internal style guides and regulatory formatting standards, including Clinical Evaluation Report (CER) sections, IFU clauses, audit response formats and complaint summaries.
Combine EG with RBSF so structure, voice and example all reinforce the same output specification.

Daily AI Foundations - Part Two

How to ensure all outputs are compliant whilst being empowered to build durable AI capability across the entire team.

Learning objectives

Operate at all times within the team's AI policy, quality system and ethical norms, modelling the posture you'd want a junior colleague to adopt.
Draft communications – internal emails, supplier correspondence, meeting summaries, status updates – as well as reports and documentation, technical memos, investigation summaries, training material and internal procedures using RBSF and EG together.
Apply citation discipline so every external claim or statistic is backed by a source the human reviewer can verify.
Apply banned-language and regulated-language controls so AI-drafted content does not introduce non-compliant claims, unsupported endorsements or speculative product positioning.
Recognise when to escalate an AI-drafted output for senior, regulatory or quality sign-off rather than ship it from a personal workflow.
Mark AI-assisted content visibly within working drafts so its provenance is clear to colleagues and reviewers.
Identify personal AI skills suitable for sharing – specific prompts, workflows or use cases that produce reliable, repeatable value in a team context.
Outline a brief demonstration approach for a chosen skill: setup, example task, walk-through, common pitfalls, where it works, where it doesn't.
Adopt routines for capturing, refining and re-using prompts, examples and patterns so personal craft accumulates rather than evaporates.
Learn deliberately from colleagues' AI practice – pair sessions, demos, shared prompt libraries – and contribute back rather than only consuming.

Module 2

Applied Practice

There are thirteen sub-modules in this programme segment, each highly tailored to the specifics of the client. In general, Applied Practice builds on the Foundations module, so that participants will be able to:

AP1

Compliance & Regulation

How to operate AI inside the quality system, with validation frameworks that make every output defensible.

Learning objectives

Analyse how the provider/deployer distinction within the EU AI Act affects their obligations when using AI tools
Evaluate AI outputs using the human in the loop (HitL) principle, as embedded into the Robust as a Pair (RAP) and Context, History, Evidence, Consistency and Knowledge (C.H.E.C.K.) validation frameworks - to ensure all capability is directly able to deliver against compliance, regulation and GxP requirements.
Classify the organisation's actual AI use cases against the EU AI Act's risk categories – unacceptable, high, limited, minimal – and apply the proportionate controls each category requires.
Apply Computer Software Assurance (CSA) thinking to AI tools and AI-generated outputs – risk-based, fit-for-purpose verification rather than blanket validation for its own sake.
Apply 21 CFR Part 11 and EU Annex 11 expectations to AI-touched records: attribution of who did what, dated entries, reason for change, integrity of the record and limited access.
Recognise where AI use crosses GxP boundaries (GMP, GLP, GCP, GDP) and apply the specific controls each Good Practice regime requires.
Fit AI use into the existing ISO 13485 quality system rather than creating a parallel structure: change control, document control, training records, supplier qualification and periodic review.
Maintain inspection-ready evidence of AI use – tool, user, input, output, review, decision – for any AI activity that touches a regulated record or decision.
Qualify AI tools and AI providers as suppliers under the QMS, evaluating data handling, data residency, IP terms, training-data usage, security posture and business continuity.

AP2

Knowledge Acquisition

Structured research, evidence evaluation and multi-perspective stress-testing – turning knowledge into wisdom before it ships.

Learning objectives

Use structured brainstorming frameworks to generate and evaluate ideas systematically against predefined criteria
Find and evaluate relevant research, content and data sets as inputs into work product - from clinical literature and consensus statements to compliance and regulatory requirements, as well as market and competitive intelligence
Use prompt strategies for evidence retrieval and source triangulation
Evaluate sources of research via a well-defined evidence hierarchy and a working knowledge of AI's search abilities, limits and constraints
Translate a strategic, clinical, regulatory or commercial question into a researchable research objective with a defined scope, success criteria and decision-frame, using appropriate knowledge frameworks which distinguish systematic, scoping and targeted reviews whilst selecting the depth appropriate to the decision at hand.
Define in advance what counts as sufficient evidence to answer the question, grade a source by type, authority, recency and conflict of interest, appraise a study design for internal and external validity, detect bias and weigh its impact, distinguish peer-reviewed, grey, vendor-authored and AI-generated content and treat each with appropriate relevance.
Document searches to a standard that supports transparency and re-execution, iterate search strategies in response to returned results without losing traceability while using AI to draft, critique and expand search strategies and retaining human oversight.
Triangulate evidence from multiple source types and resolve contradictions using source quality and recency, surfacing gaps in the evidence base.
Produce research briefs, evidence summaries, competitive landscapes, regulatory gap analyses and payer briefs, with full source traceability.
Use five steps - Sceptic, Stakeholder, Panel of Experts, Synthetic Audiences and Strategic Forecaster (SSPSS) - to test alternative perspectives on outputs and synthesise them into a single analysis and next best actions report.
Identify when SSPSS is warranted and when a lighter check will do, whilst applying appropriate guardrails including: no PHI, no real named clinicians, KOLs or regulators in role-play - and no fabricated regulatory positions.
Interpret all SSPSS outputs as AI inferences, not real-world validation, before capturing the synthesis and decisions back into the knowledge base (KB) for traceability.
Maintain a research log that supports audit and re-execution by a third party.
Deploy all skills to conduct, evaluate and finalise structured research for shipping.

AP3

Knowledge Management

Building, sharing and governing AI knowledge bases that match the rigour of the controlled documentation around them.

Learning objectives

Evaluate the core knowledge, data sensitivities, compliance rules, use cases and team workflows - as well as reversibility and explainability constraints - to create a cost-benefit analysis (CBA) of the available tools for knowledge storage, management and analysis
Compare CBAs to select the right tool for each discrete knowledge base
Set up a sharable, fully compliant, audit-ready knowledge base for any team which features the ability to analyse its structured and unstructured data, deliver templated and free-form content using anti-hallucination guardrails woven throughout its operation
Design versioning and compliance logging systems into the knowledge bases
Safely operate, maintain and audit created knowledge bases and instruct other team members on how to do the same
Wrap governance around each knowledge base, assigning and documenting ownership, setting a review cadence, applying sign-off for updates and maintaining all associated documentation

AP4

Data Fundamentals

Framing the question, finding the source and cleaning the data – the upstream work that decides whether any analysis is worth running.

Learning objectives

Use AI to translate any business, clinical or regulatory issue into a set of well-formed analytical questions which distinguishes hypothesis-driven and exploratory analyses to select the appropriate approach, define success criteria and decision implications
Identify and evaluate internal and external sources and navigate access, consent and ethical constraints as appropriate
Read and interpret data dictionaries and metadata before running analyses
Clean, anonymise and reconcile data sets using clear, repeatable rules - including evaluation of missing data, implications for inference and detection of bias whilst maintaining an auditable version history of the data set for all shipped analysis
Combining, comparing, differentiating and triangulating data from different functional sources - such as clinical, manufacturing, complaints, field service and commercial - so that a single coherent view emerges

AP5

Data Analysis

Applying AI to clinical, quality, operational and commercial data with the statistical literacy to challenge its outputs rather than accept them.

Learning objectives

Prompt AI to draft, explain and refine analytical approaches before running them - including code generation (SQL, Python, R) for a defined analysis and interpretation of what it returns.
Use AI as a second pair of eyes to check reasoning, assumptions and calculations.
Recognise where, how and why AI fails in analysis - including silent errors on bad data, misapplied methods, confident but wrong outputs - and design controls around those failure modes.
Apply the right statistical patterns to the data type to generate insights, identify trends and detect signals in real world scenarios, interpreting confidence intervals, p-values and effect sizes without over-claiming.
Overcome noise using variability, base rates and prior expectations - and apply statistical process control to interpret out-of-control signals and recognise when a signal crosses regulatory reporting thresholds and must be escalated
Choose and apply appropriate descriptive and inferential statistics for clinical, quality, operational and commercial data
Interpret sensitivity, specificity, PPV, NPV and ROC curves, as well as hazard ratios, Kaplan-Meier survival curves and time-to-event outputs
Re-run an analysis from documented inputs and expect identical outputs - or cross-validate a finding using a second method or a second data subset.
Maintain traceable code, queries and parameters alongside the outputs.
Produce an audit trail that a peer or auditor can follow without you in the room.

AP6

Data Visualisation and Communication

Turning analysis into visuals that work for clinicians, regulators, payers, patients and executives – dashboards that earn their place rather than fill a slide.

Learning objectives

Use AI to draft code or specifications for a chart from a requirement, explain what a chart is showing and what it isn't, draft a chart for clarity, honesty and accessibility alongside a visual so the chart and its interpretation stay together.
Design a dashboard that supports specific operational or quality decisions and select the right tool set to build it - based on audience and maintenance burden - while avoiding decorative dashboards that look impressive but support no decision.
Craft a prompt so that a chart will achieve its objective by selecting an appropriate chart type, ensuring low cognitive loads for outputs - and applying colour, contrast and accessibility principles to ensure general suitability for all audiences.
Represent confidence intervals, error bars and distributions correctly, distinguish absolute from relative risk and choose which to show, apply established risk-communication principles when visualising patient-facing outcomes.
Recognise framing effects in your own and others' visuals and minimise them.
Construct, interpret and deploy forest plots, Kaplan-Meier survival curves, ROC curves and related diagnostic performance charts, Bland-Altman plots, SPC charts (Xbar, Range, p, c) and Pareto charts - as well as heatmaps and other dense-data visuals.
Produce clinician, regulator, payer, patient and executive-facing visuals from the same data sets that meet the specific needs of each audience.

AP7

Foundations of Agentic AI

The mental model, taxonomy and regulatory frame that shapes what an agent can and can't do inside a medtech operating model.

Learning objectives

Define the components of an agentic system - tool use, planning, iteration, persistent context, autonomy over actions - and articulate why each one changes the compliance posture of a task.
Distinguish chat, co-pilot and autonomous-agent modes and describe which is appropriate for which class of work: including activities such as complaint triage, CAPA investigation, CER drafting, 510(k) section writing, submission assembly and supplier audit prep.
Describe the harness as the environment that determines what an agent can see, touch and change inside a medtech operating model.
Position a task on an autonomy spectrum from 'draft for human review' through to 'plan, execute and report back' - and justify the placement against regulatory and patient-safety risk.
Articulate what an agent remembers within and across sessions, and why that directly affects traceability obligations under the quality system.
Select the right harness for representative tasks including: CER drafting, IFU updates, labelling change, CAPA investigation memo, complaint trend analysis, device software change, design-control documentation and training material generation.
Identify harnesses that are not appropriate for PHI, controlled documents or safety-critical work until the enterprise setup has been validated for that purpose.
Plan handoffs between harnesses without losing state or audit trail.
Re-evaluate tool fit as harness capabilities change and retire outdated assumptions rather than carry them into validated workflows.

AP8

Compliant Use of Agentic AI - Part One

Configuring the harness, briefing the task and setting the boundaries – the groundwork that keeps agent-driven work audit-ready.

Learning objectives

Configure a harness for specific use cases: working folder, project scope, access permissions and output locations, mapped against the quality system.
Install and manage Model Context Protocol (MCP) connectors, plugins and skills that serve specific workflows - including literature surveillance, FDA MAUDE monitoring, EUDAMED lookup, recall tracking, complaint trending and submission drafting.
Establish data boundaries so PHI, supplier-confidential and regulatory data cannot cross into an unapproved harness or tenant.
Set up version control (Git, eDMS-integrated or equivalent) so agent-driven changes to documents, code and designs are attributed, dated and reversible from the first change.
Configure sandbox, shell and filesystem access so an agent working on a medtech task cannot touch a validated system unless that specific integration is itself validated.
Document the setup - MCPs installed, skills enabled, permissions granted, boundaries enforced - to a standard a quality auditor can follow.
Write a task brief with workflow-specific scaffolding: regulatory context, applicable standards (ISO 13485, ISO 14971, IEC 62304, MDR, 21 CFR Part 820), citation requirements, banned language and expected output format.
Decompose a real world deliverable – CER, 510(k) section, Post-Market Clinical Follow-up (PMCF) report, CAPA investigation, risk management file update, design history file section – into agent-sized sub-tasks with clear handoffs.
Decide per task which mode to use (pair, delegate with checkpoints, delegate end-to-end) based on regulatory risk, patient-safety proximity and reversibility of the output.
Feed verified failures back into prompts, skills, rule files or validated procedures so the same error can't recur in the same workflow.
Anticipate medtech-specific failure modes – fabricated clinical references, invented 510(k) or CE certificate numbers, incorrect MDR reportability call, misapplied standard – and construct the brief so the agent flags uncertainty instead of confabulating.
Define success criteria that include evidence traceability and regulatory defensibility, not just surface correctness.

AP9

Compliant Use of Agentic AI - Part Two

Tools, integrations and controls – connecting agents to medtech systems without crossing the lines that matter.

Learning objectives

Use MCP connectors to give an agent scoped access to relevant systems – email, calendar, document stores, eDMS, PLM, QMS, CTMS, EDC, regulatory information management, complaint handling, CAPA – with least-privilege permissions.
Handle controlled-document systems (MasterControl, Veeva Vault, Arena, Windchill, Greenlight Guru, Oracle Agile) with discipline: agents draft and compare, humans route and approve; no write-through without validated integration.
Use browser automation for regulatory and reference sites (FDA, EUDAMED, EMA, MHRA, Health Canada, TGA, ISO/IEC, PubMed) when no API or MCP is available, and capture evidence of what was retrieved and when.
Use desktop control only for native apps with no API surface, and never as a substitute for a validated integration with a GxP system.
Identify which integrations must require per-action human approval and which can run unattended.
Configure audit logging for agent activity and review it on the cadence the quality system requires, not only after an incident.
Recognise prompt-injection risks from the content medtech agents routinely process – complaint narratives, supplier emails, field-service reports, web-scraped regulatory pages – and apply defensive patterns when that content becomes an input.
Design rollback and recovery procedures for failure modes, paying particular attention to records that could end up in a submission, an audit or a post-market file.
Reproduce an agent's output from recorded inputs to confirm determinism where it's expected, and to document variability where it isn't.

AP10

Brainstorming and Ideation

Generating, structuring and stress-testing ideas with AI – for product, process, regulatory and clinical decisions.

Learning objectives

Use structured brainstorming frameworks – SCAMPER, six thinking hats, first principles, analogical reasoning – with AI to generate options for a defined medtech challenge.
Frame an ideation prompt that yields divergent options before convergent recommendations, avoiding premature narrowing.
Use AI to evaluate generated ideas systematically against medtech-specific criteria – feasibility, regulatory fit, patient-safety risk, evidence requirements and commercial viability.
Apply red-teaming and devil's-advocate prompts to stress-test promising ideas before committing to them.
Use synthetic personas and simulated panels to surface objections and edge cases (linking to SSPSS in AP2).
Capture brainstorm outputs into the team's knowledge base so good ideas are not lost between sessions.
Recognise where AI-generated ideas reflect bias in training data (defaulting to standard-of-care thinking, missing under-explored populations or contexts) and counter accordingly.

AP11

Content Creation

Producing high-quality long-form content – documents, presentations, multimedia – that lands with the right medtech audience.

Learning objectives

Plan and structure long-form medtech content (whitepapers, internal reports, training material, KOL pieces, regulatory narrative) with AI before drafting begins.
Apply RBSF and Example-based Generation at scale across multi-section documents while maintaining voice consistency.
Use AI to generate, critique and refine presentation slides – content, structure, narrative flow – for medtech executive, regulatory, payer and clinical audiences.
Generate, edit and adapt visual assets (diagrams, illustrations, image-based explainers) using AI image tools while respecting medtech IP and confidentiality boundaries.
Use AI for audio and video content – voiceovers, training videos, conference content – within the controls appropriate to a regulated environment.
Repurpose a single piece of medtech content across formats (long-form, summary, slide, social, email) without losing accuracy or compliance posture.
Apply terminology, claim and banned-language controls consistently across long-form and multimedia content.

AP12

Vibe Coding

Building working code with AI – for scripts, prototypes, personal tools and quality automations – whether you write code already or not.

Learning objectives

Recognise the right scope for vibe coding in a medtech setting – personal scripts, prototypes, internal tools, dashboards – and the wrong scope (anything that touches a validated system, patient-safety-critical logic or a regulated record).
Brief AI to generate, explain and refine code in common languages (Python, R, JavaScript, SQL) for defined medtech tasks such as data extraction, quality trending, complaint analysis or batch-record summarisation.
Iterate on AI-generated code through testing, error reading and refinement rather than blind acceptance.
Apply version control discipline (Git, basic commit hygiene) to any vibe-coded artefact intended to be reused or shared.
Document the purpose, inputs, outputs and limits of any vibe-coded tool so a colleague or auditor can understand what it does.
Recognise the boundary between vibe-coded prototypes and production software: prototypes inform decisions, they do not enter the QMS, the manufacturing line or the device.
Treat dependencies, secrets and data handling with the same care as any other code in a regulated environment.

AP13

Workflow Automation

Connecting tools and automating repeatable medtech workflows with non-agentic platforms – Zapier, Make, n8n, Power Automate.

Learning objectives

Distinguish workflow automation from agentic AI – deterministic, rule-based pipelines vs reasoning agents – and choose the right approach for the task.
Identify medtech workflows where automation pays back the build effort: complaint intake routing; deviation management (classification, severity scoring, duplicate and trend detection); regulatory intelligence monitoring; shift handover automation; quality-metrics digest generation.
Design a workflow automation in Zapier, Make, n8n or Power Automate with clear triggers, steps, conditions and outputs.
Apply data-handling controls so automations do not leak PHI, IP or supplier-confidential data across tools.
Build error handling, retry logic and human-approval gates into automations that touch regulated content.
Document the automation to a standard a quality auditor can follow – purpose, owner, trigger, steps, conditions, error handling and change history.
Maintain and periodically review automations to ensure they still work as tools and APIs evolve.

Module 3

Organisational Implementation

The organisational layer that turns trained individuals into embedded organisational capability – policy and governance, building enterprise AI environments, peer enablement and measurement.

OI 1

Policy, guardrails and governance

The documented posture that lets the organisation adopt AI without losing the audit.

Learning objectives

Draft an AI acceptable-use policy that sets out what data may be used with which tools, what human review is required for what outputs and what is explicitly prohibited.
Define the governance body – AI council, review group or standing item in existing Quality or Information Governance forums – that owns ongoing AI policy and exception handling.
Embed AI use into existing controlled frameworks (quality manual, training matrix, supplier controls, information security) rather than creating a parallel policy stack.
Define escalation paths for incidents – data leak, hallucinated output in a regulated record, unauthorised tool use – and the recovery procedures that follow.
Ensure the policy is audit-ready for Notified Body, FDA, MHRA, MDSAP, ISO 13485 and data-protection inspection.
Review and iterate the policy on a defined cadence as tools, regulation and organisational maturity change.

OI 2

Building AI Environments

Build persistent, knowledge-rich AI workspaces that embed organisational knowledge at team and department scale.

Learning objectives

Design enterprise-scale AI workspaces that embed validated organisational knowledge – SOPs, quality procedures, reporting templates, style guides, approved language libraries – for reuse across teams.
Integrate workspaces with existing controlled sources where appropriate, maintaining a clear boundary where the AI workspace is a derivative rather than a source of truth.
Establish ownership, review cadence and sign-off for the organisational knowledge embedded in AI workspaces, matching the rigour applied to controlled documentation.
Design access tiers so the right people see the right workspaces, including restrictions on PHI, IP and supplier- or client-confidential material.
Capture the tacit knowledge behind procedures – the why and the what-to-watch-for – not only the procedural text, so the workspace earns its working status.
Maintain auditability so an external reviewer can trace what the workspace contained, who changed it and when.

OI 3

Peer enablement, measurement and iteration

Building organisational capability through common learning and deliberate peer sharing.

Learning objectives

Design a focused 15-minute AI skill session covering setup, worked example, common pitfalls and where the skill does and doesn't apply.
Deliver the session live or recorded and receive structured peer and facilitator feedback covering clarity, accuracy, practical value and fit for audience.
Refine the session based on feedback and maintain it as a reusable asset rather than a one-off delivery.
Build a community of practice – champions, brown bags, shared skill libraries, feedback loops – that earns its place against medtech's tight time-for-training budget. The objective is libraries and lessons learned that people can find quickly, trust on sight and learn from consistently, so shared knowledge actually moves rather than accumulates unread.
Align AI training with existing training-matrix and competency requirements (GxP, quality, regulatory) so it counts toward real capability records.
Identify priority use cases that pair high business value with manageable risk and avoid low-value high-risk experiments early in the programme.
Define adoption measurement across activity, quality, value and risk dimensions, and track the full set rather than one flattering number.
Run short pilot cycles with defined success criteria before committing the organisation to scaled rollout of a given workflow.
Establish feedback loops that capture what's working, what isn't and what the policy needs to change in response.
Communicate progress, lessons and changes across the organisation on a cadence that sustains momentum without becoming noise.