Busting myths about eQMS vendors

“Are you guys certified to ISO 13485?

How about ISO 14971?

The IVDR transition period is about to end and the industry is scrambling, do you guys comply with the latest changes?”

I get asked these questions all the time - sometimes by prospective customers, sometimes by our brand-new sales reps.

But usually there's an anxious prospect involved, who has probably heard from some sales pitch by a competitor that 'Qualio isn’t certified' to those regulations. 

And they're right. We aren’t.

Let me repeat that for those of you in the back:

Qualio isn't certified to ISO 13485 or ISO 14971.

Why not?

We don't have ISO 13485 accreditation because we aren't involved in the design, development or manufacture of medical devices.

And we don't have ISO 14971 accreditation either because - news flash - nobody does!

ISO 14971 certification simply doesn't exist. It's a medical device risk management methodology which should be followed under the umbrella of a broader ISO 13485 quality management system.

If you’ve heard about ISO 14971 certification or the ISO 13485 requirements of an eQMS vendor from a sales rep, please run the other way.

They don’t know what they are talking about, or they are deliberately trying to pull the wool over your eyes. 

And our competition? They aren’t certified either - and if they are, they shouldn't be.

Let me bust a couple of myths about eQMS vendors to make your search a little less stressful and confusing.

Qualio is a software company, making quality system software and providing this as a service to the entire life sciences industry.

This doesn't mean that we, or any other eQMS vendor, require certification to the same standards that our customers have to comply with.

For example, you probably work with other vendors in your supply chain who aren't certified either. And that's totally fine. If they aren’t making medical devices themselves, then ISO 13485 is not an appropriate standard for them - but the general quality management standard, ISO 9001, would be.

The guy making the overshipper boxes that you ship your product in? Not a medical device, and therefore probably not certified to 13485.

But - and here's an important point - part of determining if a supplier is acceptable for YOUR quality management system would be to understand their business, how it’s run, how quality is managed and maintained, and so on.

If that supplier making overshippers was certified to ISO 13485, alarm bells would ring for me.

I would wonder about their understanding of the regulated world they operate in, and of the requirements of their customers.

And I would wonder about their priorities, and the amount of time and energy they've spent complying with a certification full of requirements that aren't applicable to them. 

My personal favorite quality motto applies here:

 

Complexity ≠ compliance

 

 

So, what's the moral?

Being able to just hand you the same certifications you have does not do a better job of proving that I, as a prospective vendor,  understand your company pain and can do a good job for you.

Quite the opposite. I would be skeptical of your processes, and of the notified body who certified you - especially in the software space.

 

My key takeaway is this: when scoping out eQMS vendors, don't let FUD (fear, uncertainty and doubt) and false compliance information from a sales pitch guide your procurement process. 

 

It's important for you to find a platform that you can build your own quality processes upon, that enables you to meet the regulations that are in scope for your business.

Yes, Qualio enables Part 11-compliant e-signatures as standard functionality. But Part 11 also requires certain internal processes that you must have in place.

No piece of software, for example, can perform the initial verification that a person is who they say they are. That falls on your HR department at hiring time.

Nor can eQMS software 'do' risk management to meet ISO 14971 for you. YOU must perform it. 

Above all, you want an eQMS vendor who is carefully considering what regulations apply to them, versus what regulations their customer base needs to comply with. Choosing a suitable supplier with appropriate quality management mechanisms in place is a core tenet of ISO 9001.

Rather than simply aping what their customers do, a reputable eQMS vendor builds the customer requirements into their own product and service.

Qualio, for example, has a fully certified ISO 9001 QMS run on our own software.

We know information security is increasingly important to our customers and our industry, so ISO 27001 certification is in progress.

We know our software needs to meet industry-standard validation requirements, so we aligned with GAMP 5 to ensure our customers have a common language to explain how it’s done to their regulators, and we provide a validation pack to support those needs.
 

And we know that the upcoming end to the IVDR transition period doesn't affect us as an eQMS vendor (see above!), but that some of our customers will appreciate specific guidance and focus on this change in our Qualio+ support program.

Last of all, if an eQMS vendor does take all these customer requirements into account, it should be in a way that is simple and flexible across their entire customer base, in all its variation.

Shoehorning every customer into the same rigid workflow and calling it 'best practice' doesn’t enable them to serve a variety of customers well.

It enables them to serve a handful of customers perfectly, while tying the others into straitjackets which hinder growth and stifle continuous improvement.

And even that handful will eventually begin to struggle to keep up with the evolving life science ecosystem. How can they connect with agility and flexibility to their entire supply chain, from component to finished good to patients?

End of rant. I'm starting to ramble! 

 

Kelly