4 ways to build a medical device quality management system

4 ways to build an QMSAre you facing an urgent need to build a Quality Management System (QMS) for your medical device? Do you need to marshal your process and control sprawling documentation for compliance with ISO 13485? If so, what’s your best option? A paper-based, digital hybrid or a ‘heavy duty’ quality management solution? Is there an alternative?

Why do you need a QMS at all?

Starting on a medical device development project without, early on, establishing a Quality Management System able to control your documentation could jeopardise the future of an entire development project. You could end up failing to create required documents, or be unable to demonstrate which workers reviewed and approved key early design stages. What’s more, without a single tool for storing and controlling your documents, you could end up with an unindexed mess of files spread across different locations that will be difficult or impossible to disentangle and audit in the future.

Even if you’ve started working on a medical device prototype you may have to bin all these efforts and start again as you can’t prove you’ve gathered user needs appropriately or controlled your initial design and development process in line with the regulatory requirements.

Reverse engineering a QMS is not an easy, fun or, for many, a financially viable task.

Yet still developers are slow to get started on their QMS. And it’s easy to see why.


A 21 CFR Part 11 checklist: 7 key FDA e-signature requirements

Does it have to be now?

ISO 13485 can seem like a long and complex standard for those raring to get going on an exciting development project. And the FDA’s QSR (Quality System Regulation) often feels just like more of the same.

What’s more, you may not even have the time, or indeed, in-house skills necessary to trawl through the regulation, identifying and interpreting every passage and item relevant to your company.

Businesses often decide to delay formalising their quality management systems until they feel they can justify spending the time, effort and money on building out a comprehensive solution with the right consultation and support.

But by then, as we’ve seen, it might be too late.

So, how do you start? Can you begin by using a paper-based system and gradually digitise? Can you use a combination of free tools to stitch together a digital solution that will meet the regulation, while not distracting you from your development goals? Or do you need to simply bite the bullet and go straight in with the most robust eQMS you can afford? Should you go ahead and pay a consultant to help you implement a ‘best in breed’ solution used by pharma giants to guarantee you get a ‘gold-plated’ system?

Building a Medical Device QMS - pros and cons of each approach

Paper-based approach

Should you build your QMS with paper, folders and filing cabinets?

Building a QMS using a paper-based approach might on the face of it, seem a less complex option than establishing a digital system. Real-world paper, folders and files safely stored in real-world filing cabinets can seem the most manageable and least expensive option for those trying to keep costs and complexity down. But the potential for chaos and losing pace with a fast-moving tech project massively increases your risk of failure.


  • Reduced technical complexity - no worries about servers, software or cybersecurity.
  • Reduced cost - no expensive digital configuration, set up fees or annual charges
  • No, complex technical training requirements


  • Paper work rapidly mounts up and can become unmanageable
  • Need for manual change control can overwhelm available resource
  • Updating, printing out and filing paperwork is time-consuming
  • Chasing ‘wet signature’ approvals for official sign off can be slow and stall progress
  • Lack of automation for processes can kill velocity
  • Manual processes increase the risk of omissions and mistakes
  • Audits can be long and arduous

Digital hybrid eQMS

Should you take a ‘patched-together’ digital approach?

Remember Frankenstein’s monster, a living breathing miracle of creation, but an unholy mess? It’ll work, after a fashion, but it’s not going to be pretty and it might all end in disaster.

Many developers choose to improvise an eQMS using familiar low cost or no cost applications like Google Docs or Dropbox. Stitched together with email for notifications and reminders, there’s lots of room errors in workflows that can compromise your processes. These solutions are often supported with plug-ins for advanced functionality like digital signatures but as a DIY solution, but will they meet the letter of the regulation in CFR Part 11? Sprawling, unindexed and often kept compliant with regulation through labyrinthine ‘workarounds’ they can quickly become chaotic, confused and inefficient.


  • No cost and low-cost tools reduce long term financial commitments
  • Using familiar tools like Google Drive and MS office minimises training needs
  • Flexibility to use plug-ins to extend functionality (like e-signatures) as and when required


  • A fragmented approach risks mistakes and omissions
  • Workarounds to support required regulatory workflows can be messy
  • Unexpected costs for storage, seats on new platforms often arise
  • Hidden costs such as 3rd party e-signing solutions (eg DocuSign)
  • Increased risk of duplicated documentation and effort
  • They fuel the development of organisational silos
  • Onboarding and training requirements are constantly changing
  • Without a ‘single source of truth’ audits can be complex and confusing


Why not use Greenlight Guru as your eQMS? 

A heavy-duty eQMS

Choosing a proprietary med dev or pharma eQMS. These are robust, but often controlling and inflexible.

Many developers choose heavy-duty eQMS options favoured by pharma and med-tech giants to help them meet their regulatory obligations. Typically built for large companies and developed for the market over decades - they can be prescriptive and inflexible without good reason. A one-size-fits all approach to design means there’s a lack of customisation. New customers will often have to rework their processes to fit with suppliers’ demands - even when these changes are not required by the regulation.


  • Experience and reputation should equal a reliable supplier
  • They’re built by large corporations who can invest heavily in the latest tech
  • Best in breed solutions offer among the most robust compliance templates


  • Annual costs can start at tens of thousands of dollars
  •  Hidden charges mount up for data storage, bespoke changes etc
  • Extra costs for modules you can’t do without, e.g. CAPA, Complaints, NCR's etc
  •  Can require lengthy, on-premise installation by consultants
  • Installation can take weeks or months to complete
  • Training can be long winded and expensive
  • They can be highly bureaucratic
  • They will not adapt to the way you work

The ‘canned’ templates that these solutions offer for nonconformances, engineering change control and CAPA might be a compliant solution ‘straight out of the box’, but that’s because they require you to operate in the way of their choosing. You don’t want to have to down tools for 6 months while you rework your business process to meet the requirements of a QMS supplier, when the way you were doing things in the first place may have been more efficient and compliant with the regulation, anyway,

Remind you of anything? What is it the supercomputer says to his human ‘operator’ in 2001 A Space Odyssey:

"This mission is too important for me to allow you to jeopardize it."

When your QMS software is telling you how you have to structure your business and operations - you are not in control of your solution.

It’s a fact that none of these approaches really meet the needs of the most ambitious start-ups and SMEs in the med dev space. They’re either too weak and fragmented in the controls they offer throughout the process, or too restrictive to be workable for a fast growing business to impement.

So, what’s the answer?

What to look for in an eQMS

Look for a graphical quality management solution that helps you map all your documentation and processes rapidly and precisely to the requirements of ISO 13485, while retaining your ability to scale and be agile. Choose a solution that:

  •  Shows you and your team ‘at a glance’ what is required by ISO 13485
  • Maps your process and documentation directly to those requirements
  • Provides a complete digital framework for ISO 13485 compliance so you can easily  adapt and populate with your own content to customise the QMS
  • Provides strong visualisations to facilitate training and auditing
  • Allows you to make changes to fit the way you work - not the other way around
  • Uses simple non-coder tools, Word, Excel, Powerpoint and Visio for you to edit and refine the supplied framework
  • Comes with customisable forms as standard for: nonconformances, complaints, engineering change control and other key activities
  • All underpinned by a powerful document management and control system

medical device QMS software

As a medical device developer you have got a lot on your plate. You can’t neglect your regulatory obligation to build and maintain a QMS but neither do you have the time and money to grapple with an eQMS built for large corporations with limitless quality management resource.

Instead, find the software that helps you build out a QMS solution with familiar tools and intuitive navigation. Find an intranet-based QMS solution that can sit at the heart of your business and become a repository of your organisational knowledge.

With a graphical QMS, like this, the requirements of ISO 13485 can be overlaid onto your company’s document management system so that your business and quality management really begin to operate as one. As a single source of truth for your design and development operations, it can really help Quality Management become ‘the way you do things’.

New call-to-action

Tags: quality management system