The race is on for biopharma and medtech companies to launch the digital solutions that improve patient care and generate invaluable real-world data. Speed to market is crucial, but so is quality. When seeking out a SaMD partner to help build, launch and maintain regulated digital health solutions, companies must identify which potential partners have the right set of core capabilities—and an ISO 13485 certification is a must-have.
But don’t be too quick to simply check the “ISO 13485 certification” box on a vendor and move on. There’s much more to it. Here’s what you need to know.
ISO 13485 specifies requirements for a medical device’s quality management system (QMS). A medical device company needs this in order to demonstrate its ability to provide medical devices and related services that consistently meet both customer needs and applicable regulatory requirements. ISO 13485 certification is based on a sampling audit of a company’s quality management system at a singular point in time.
To remain compliant, you need to ensure your partner’s QMS is implemented and supported. Some companies underestimate the work and resources needed to effectively implement and maintain their quality management system. They may also hire consultants to help them secure an ISO 13485 certificate. This can be a relatively fast and inexpensive way to get certified. However, after the consultants leave, the new quality management system procedures may not be followed anymore. This will cause major gaps and problematic findings in the next ISO 13485 certification audit.
No quality management system can guarantee product quality. A QMS can help your organization detect, correct and mitigate quality issues by providing visibility. It also provides a standardized way of working. But it is up to your organization to ensure that the right features and functions are built into your software. This can only be done by experienced software development teams. Many software project teams don’t properly plan or have an ineffective project vision, resulting in project failure. Having a robust design process can help by providing the consistent process under which to work, but it won’t provide the technical talent and vision.
Simply having a quality management system doesn’t ensure a quality-focused culture. A quality-focused culture must extend across all areas of the company, from the most senior leader to the most junior employee and everyone in between. This requires support and a strong quality vision from senior leadership. Without senior leadership support, employees may only pay lip service to quality, instead of insisting on it. Simply put, quality must be embedded into the way business and work is done. This can only happen if everyone understands its importance.
A quality management system can indeed be too complex. To remain agile and compliant, it is important that the process and procedures within the QMS cover all necessary requirements to ensure a quality product, but remain as simple as possible. Overengineered processes are difficult to implement, challenging to update and sometimes even hard for employees to understand. And if employees don’t have a clear understanding of the QMS processes, they won’t be consistently followed.
Of course, not all intricacies can be avoided. In these cases, document the complexity as clearly as possible and to the level required to ensure that a quality product is delivered.
The goal of a SaMD company should be to delight the users of the software and to provide them with the highest quality product possible. To do this, an effective quality management system is crucial. But if it is too complex, not implemented properly and not supported by a strong quality culture, there will be little to no positive impact on product quality.
As the leading global platform for biopharma and medtech regulated digital health products, BrightInsight has achieved the utmost privacy, security, regulatory and quality certifications. Our platform was built from the ground up to securely manage regulated medical device data and personal health information, up to class III medical devices. We are EN ISO13485:2016 certified, and our software development lifecycle process follows EN / IEC 62304. As part of our managed service, we maintain all of the required documentation and processes to ensure regulatory compliance globally. Learn more about our certifications.