5 tips for quality management compliance


    In a highly regulated industry like life science, you have to make sure every 'i' is dotted and every 't' is crossed.

    The FDA and other regulatory agencies have strict requirements for document control, training, CAPAs and other core quality management processes. Your QMS must support continuous compliance, and your organization needs to be ready to respond to documentation requests, unexpected audits and constant regulatory change.

    Ensuring your processes and procedures are compliant can feel like an overwhelming task if you're just getting started. Life sciences start-ups and scale-ups in the research and development phase need to create a quality management system which can scale.

    We'll guide you through the 5 crucial steps you should take to ensure your organization can maintain operational quality and compliance - and deliver exceptional, industry-leading products.


    What is QMS compliance?


    QMS compliance is the state of constant operational adherence to your company's quality and regulatory objectives.

    Your company's quality management system (QMS) is functioning properly, outputting products and processes that match your company's requirements.

    But before we begin tackling how to get compliant, it's worth exploring what exactly we mean by compliance.

    Every company has a different compliance framework, depending on its territory and industry of operation. 

    Any company can pursue compliance with the broad quality management requirements of ISO 9001.

    But American medical device manufacturers, operating in a regulated life-or-death industry, need to comply with the stricter national medical device requirements of FDA 21 CFR 820. A medical device company wanting to get an international medical device standard in place, meanwhile, would also need to work to ISO 13485 compliance.

    Pharmaceutical and therapeutic companies, on the other hand, need to show compliance with GxP - with the 'x' swapped out for an 'l' if they run a laboratory, a 'd' if they distribute products, and so on.

    Compliance, then, is a broad label. What it means to your business will depend on the context and the objectives of your operation. With that in mind, let's take a look at 5 top tips to get robust QMS compliance in place.


    5 tips for quality management compliance


    A quality management system (QMS) is a comprehensive set of business processes and procedures designed to meet customer requirements and create quality-centric products. The QMS should be aligned with regulatory requirements and your organization’s purpose.

    Your organization is responsible for creating a QMS which helps you bring products to market that meet the requirements of regulatory agencies and your customers. Fast-tracking compliance requires you to understand all applicable regulations, existing QMS formats, and which electronic QMS software is the best fit you.


    1. Understand your requirements


    Your organization needs to meet regulatory requirements to produce a high-quality product which also meets customer requirements. Depending on your industry or market, you may even hope to achieve certification or compliance with ISO 9001, ISO 13485, or another set of international quality standards.

    There are a large number of acts, regulations, current good practices, and standards which impact organizations in the life sciences industry. The applicable Current Good Manufacturing Practice (cGMP) regulations that affect your organization could even vary within a single vertical depending on your company's product if you manufacture a medical device or combination product.

    The first step toward creating compliant processes is to clearly define all the requirements which impact your organization.


    Requirement #1: customer requirements

    Determining your organization’s target customer should be relatively straightforward, especially compared to gathering compliance requirements. Creating a clear vision of your ideal customer can support the future creation of product documentation, such as the QMS scope document required by both ISO 9001 and ISO 13485.



    What an ISO 13485 quality manual should look like


    Requirement #2: regulatory requirements

    Life sciences organizations are subject to regulatory requirements from federal, state, and local agencies which include product standards for health and safety, but also include requirements for insurance, facility fire code, waste management, and other components of compliant operations.


    Requirement #3: product and industry standards

    Life sciences organizations are subject to mandatory standards for product safety and codes of practice for operations. For example, Class III medical devices are subject to strict requirements for the inclusion of a Unique Device Identifier and inclusion in the FDA GUDID tracking system.

    Understanding your specific product and industry standards can be relatively straightforward, or more complex, depending on your business. Organizations in medical device or combination product verticals may require the assistance of an expert consultant to map all applicable product and industry standards.


    2. Create a regulatory register

    To make the process of understanding regulatory requirements easier, you may choose to create a quick register of legal and regulatory obligations and map these requirements to all impacted operational activities. This list can be extremely extensive if your organization has a large number of locations, is subject to multiple requirements, or manages an extensive supply chain. An example of one entry in a regulatory register is listed below.

    Source Document

    ISO 13485

    Regulatory Requirement

    Create and implement SOPs for labeling and packaging (7.5)

    Impacted Operations

    • Quality Management
    • Quality Assurance
    • Labeling
    • Packaging

    Evidence of Compliance

    • Create a unique, specific record for each batch of devices manufactured and approved (7.5)
    • Verify and accept each device batch record (7.5)

    3. Adopt a QMS format

    It's not easy to create your own QMS processes and procedures based on compliance requirements. FDA cGMP guidelines, for instance, clearly state they shouldn't be seen as recommendations for a comprehensive QMS structure. Your path to compliance and total quality management will be much simpler if you use an existing QMS and adapt it where necessary to meet any additional regulatory needs.

    ISO 13485 is a great place to start for a medical device QMS format, since it's the leading internationally recognized standard for the sector and its requirements are largely in sync with national and territory-specific requirements. In the U.S., the FDA is planning to harmonize its 21 CFR Part 820 standard with ISO 13485, too.

    For pharmaceutical industries, the format which provides the best groundwork for compliance is ICH Q10. Neither ISO 13485 or ICH Q10 are 100% compliant with FDA requirements for medical devices or pharmaceuticals, but they're a strong starting point which require only minor modifications to minimize regulatory risk. That's certainly simpler than building a QMS from the ground up.

    While it's essential to ensure your organization covers FDA requirements, the goal is both quality and compliance. FDA regulations are not as prescriptive of how to set up a QMS as ISO or ICH guidelines are.


    ISO 13485 toolkit

    The perfect quality assurance plan for pharma companies


    4. Go digital

    More and more life science businesses are realizing the operational potential of digitizing their quality management system with electronic quality management software.

    The best eQMS for your life sciences company depends on your industry and the size of your organization. A quality management software can help your organization achieve dramatically simpler compliance with FDA and international regulations, as well as more quality-driven product, quality, and customer processes.

    Prioritize cloud QMS software which is specialized for organizations in the same vertical and growth stage as your own, and consider the following factors.

    Is it comprehensive?

    The best QMS software offers an all-in-one, cloud-based tool with fully integrated quality processes instead of standalone tools or separate modules. You should look for a single software tool which can handle all of your organization's quality processes, documents and quality data.

    Is it cloud-based?

    Cloud software offers the advantage of ease of use, global access and lower lifetime maintenance costs when compared to on-premise systems. Outdated technology can clutter and complicate your compliance efforts by diverting resources towards updates and system maintenance.


    Does it support collaboration?

    Your eQMS should facilitate practical cooperation between quality management and internal staff, as well as external partners like suppliers and auditors. The system should support global collaboration between users with automated notifications and in-line commenting on document control processes.

    In turn, all these things will help your business build a cohesive culture of quality.


    Is it easy to use?

    A confusing UX can frustrate staff. When it’s hard to complete workflows correctly, you can face compliance errors, data quality issues and staff resistance. The eQMS should be intuitive for users.


    What about control vs. flexibility?

    The eQMS should offer a right-sized balance between control and flexibility. It should provide built-in processes for compliant documentation and quality processes. It should be flexible enough to fit your business and facilitate continuous improvement without huge software updates.


    Learn more:

    12 questions to ask before you buy an eQMS


    5. Quality, not just compliance!

    Change is the only certainty in today's regulatory environment. Life science organizations can expect many changes to regulatory requirements in the months and years ahead from the FDA, EU and other regulatory agencies.

    Achieving immediate compliance is critical, and maintaining this compliance 24/7/365 is key to avoiding the costly fines and reputational damage of non-compliance.

    However, it's crucial to understand that compliance is a moving target. A culture of quality is a better strategic goal, as it not only strengthens all aspects of your business operation but eases the burden of compliance in doing so.

    To give you a real-life example, we spoke to Laura Araujo, Vice President of Quality at 4G Clinical, on our From Lab To Launch podcast.

    Laura shares how quality impacts product, and why it's so important to her customers.

    Listen here:



    Taking a checklist approach to compliance can result in rigid organizational processes, or an eQMS which can't quickly adapt to new regulatory changes.

    A better mindset is to exceed compliance requirements with an obsessive focus on quality throughout organizational processes.

    Your systems and processes should meet cGMP, while also facilitating continuous improvement and agility.