Are you looking for ways to build and maintain the most efficient, ISO 13485 QMS as your company continues to scale? From the prison of paperwork to a digital frankensystem, what are the choices and compromises ahead?
As a scaling business, you may be considering an array of options, including going all in with a heavy duty, proprietary eQMS. But what are the pros and cons of each approach?
Paper, DIY digital or a heavy duty eQMS?
A manual QMS - the prison of paperwork
A paper-based quality management system may be how your business has been operating since the start. You may even have gained ISO 13485 certification through a physical audit of your paper system. Your manual processes and SOPs may be well understood and working relatively well - albeit slowly.
But these manual processes may now be so entrenched and well-observed by everyone in your team, that you fear you’ll fatally disrupt them by shifting to a digital alternative.
Sticking with a paper-based QMS might, on the face of it, seem a less complex and risky option than establishing an all-new digital system. Real-world paper, folders and files safely stored in real-world filing cabinets can often seem the most manageable and least expensive option for those trying to keep costs and complexity down.
✅ Pros |
⚠️ Cons |
✅ Reduced technical complexity – no servers or cybersecurity concerns |
⚠️ Paperwork volume will increase and become hard to manage |
✅ Long-established and familiar system |
⚠️ Manual change control overwhelms resources as you grow |
✅ Lower upfront and ongoing costs |
⚠️ Updating, printing, and filing is time-consuming |
✅ No complex technical training needed |
⚠️ Chasing wet signatures delays approvals |
⚠️ Lack of automation kills velocity |
|
⚠️ Higher risk of omissions and mistakes due to manual processes |
|
⚠️ Audits are longer and more arduous |
The reality is most medical device manufacturers using a paper-based system will be thinking about digital alternatives. As you plan to scale up your team to hit tough delivery targets and retain the confidence of investors – your manual processes may quickly seem unequal to the task.
Without automation you can be easily outpaced by competitors. There is the risk of dangerous gaps emerging in the way you work, from missing approval steps of key documentation to Corrective and Preventive Actions (CAPAs) not being effectively followed through.
And yet, the potential disruption of a full digital migration, the risk of getting it wrong and losing the confidence of your team is still holding you back from taking the digital leap.
Digital hybrid eQMS - building a frankensystem?
So, why not take a DIY digital approach? Why not use Google Docs, DropBox and DocuSign to stitch together a functional ISO 13485:2016 compliant QMS?
The truth is, a DIY approach can be a ‘Frankenstein’s monster’. A living, breathing miracle of creation, but an unholy mess. It’ll work (after a fashion) but it’s not going to be pretty and it might all end in disaster.
Many medical device companies choose to improvise an eQMS in this way, using email for notifications and reminders to animate workflows. These solutions are often supported with plug-ins for advanced functionality like e-signatures.
But as a DIY solution, will they meet the letter of the regulation in the FDA 21 CFR Part 11 and the ISO 13485:2016 standard?
Sprawling, unindexed and often kept compliant with regulation through labyrinthine ‘workarounds’ they can quickly become chaotic, confused and inefficient.
✅ Pros |
⚠️ Cons |
✅ No cost and low-cost tools reduce long-term financial commitments |
⚠️ Fragmented approach risks mistakes and omissions |
✅ Familiar tools like Google Drive and MS Office reduce training needs |
⚠️ Workarounds to support required regulatory workflows can be messy |
✅ Flexibility to add plug-ins for functionality (e.g. e-signatures) |
⚠️ Unexpected costs for storage and additional platform seats |
⚠️ Hidden costs for 3rd party tools like DocuSign |
|
⚠️ Increased risk of duplicated documentation and effort |
|
⚠️ May lead to organisational silos |
|
⚠️ Onboarding and training requirements constantly evolve |
|
⚠️ Without a ‘single source of truth,’ audits become complex and confusing |
A 'heavy-duty' eQMS - the supercomputer approach
What is it the supercomputer says to Dave the human ‘operator’ in 2001: A Space Odyssey:
"This mission is too important for me to allow you to jeopardise it."
When your QMS software is telling you how to structure your business – you are not in control of your solution.
Many developers choose heavy-duty eQMS options. The kind favoured by pharma and med-tech giants to help them meet their regulatory obligations. These are robust, but often controlling and inflexible. Typically built for large medical device manufacturers and developed for the market over decades – they can be prescriptive and inflexible without good reason for more agile developers.
A one-size-fits-all approach to system design means there’s a distinct lack of customisation. New customers often have to rework their processes to fit with suppliers’ way of working, which may not even be required by the ISO 13485 standard, the FDA QMSR or GxP Guidelines.
✅ Pros |
⚠️ Cons |
✅ Strong reputation and reliability from established suppliers |
⚠️ Annual costs can start at > £10K |
✅ Built by corporations investing in cutting-edge tech |
⚠️ Hidden charges for storage, bespoke changes, and customisation |
✅ Robust, pre-configured compliance templates ("best-in-breed") |
⚠️ Extra fees for essential modules like CAPA, Complaints, NCRs |
⚠️ May require lengthy, consultant-led, on-premise installation |
|
⚠️ Implementation can take weeks or months |
|
⚠️ Training often long-winded and costly |
|
⚠️ Systems can be highly bureaucratic |
|
⚠️ Lack flexibility to adapt to your preferred way of working |
The ‘canned’ templates that these solutions offer for non-conformances, engineering change control and CAPA might be a compliant solution ‘straight out of the box’, but that’s because they require you to operate in the way of their choosing.
You don’t want to have to down tools for 6 months while you rework your business process to meet the requirements of a QMS supplier, when the way you were doing things in the first place may have been more efficient and compliant with the regulation anyway.
For a more detailed comparison of the most popular eQMS solutions on the market in 2025, read our specially created guide for medical device developers (with insight from real-world users and eQMS creators)
What’s the answer?
It’s a fact that none of these approaches really meet the needs of businesses that are scaling up in the medical device industry. They’re either too weak and fragmented in the controls they offer throughout the process, or too restrictive to be workable for a fast growing business to implement
Medical device developers and contract manufacturing businesses should choose a partner who can help them build and migrate to a Lean, digital quality management system that exactly meets their needs.
Look for a solution that:
- Provides a digital framework for ISO 13485 compliance, but one that you can easily adapt and populate with your own content
- Uses simple ‘non-coder’ tools, Word, Excel, PowerPoint and Visio to edit and refine the supplied framework.
- Brings a flexible procedure for creating a medical device technical file
- Comes with customisable forms for nonconformances, complaints, engineering change control and other key activities.
- Takes a graphical approach to define and document quality processes and workflows.
- Supports training with an integrated Learning Management System and management review capabilities.
- Helps your structure your quality manual and product realization planning
- Includes integrated e-signatures for secure approval sequences.
- Is underpinned by a robust document control system with full QMS documentation support.
By selecting the right QMS software built around ISO 13485:2016 requirements, contract manufacturers can meet the expectations of notified bodies and FDA inspectors. You can build compliance with newly harmonised standards, and maintain audit readiness without compromising your agility.
The right digital QMS solution should liberate you from the extra work and risk of a DIY solution without imposing the straitjacket of a typical med tech eQMS. Choose carefully and you can avoid the curse of ‘over-processing’ - while imposing the controls that really count.
Last updated: 1/7/25