A Quality Management System (QMS) is a requirement for medical device developers across the globe. But should you build yours with SharePoint?
What can SharePoint do for you?
SharePoint is a great document management product. It’s highly configurable, and there are four editions to suit companies with different budgets and at different stages of their evolution: Standard, SharePoint Online, Server, and Enterprise. Many companies now use a SharePoint solution as the central repository for their business filing, keeping their documentation secure, organised, and safe from unauthorised changes.
What are the top six features of SharePoint?
- SharePoint is a secure, document management solution
- SharePoint has built-in workflows which allow you to manage approvals, feedback, and change control
- SharePoint’s storage 1TB capacity is sufficient for most organisations.
- SharePoint is a trusted and reliable solution - Microsoft are not going to suddenly disappear
- SharePoint is highly compatible: Microsoft owns it and it is available as part of the Office package.
- SharePoint is highly customisable
But should SharePoint be your medical device QMS?
As it is a Microsoft product, SharePoint is widely available and often floated as a suitable candidate for medical device development companies as they look to digitise their operations and build a QMS. But is the approach right for you?
Here are seven useful questions to ask yourself when contemplating whether to use SharePoint as the foundation of your medical device digital Quality Management System.
1. Have you got the time and skills to build your QMS with SharePoint?
Do you have the internal resource, time and patience to build a medical device Quality Management System from scratch? Or, to be precise, do you have the budget to employ a consultant to configure a SharePoint solution that exactly meets the requirements of ISO 13485 and FDA 21 CFR part 820?
Think about all the access hierarchies, audit trails and integrations you’ll be responsible for implementing. To do it properly, you’ll need someone with a deep knowledge of medical device regulation and a mastery of the software to build your system and migrate your documents across in an orderly way. Beyond some of the simpler configuration processes, you may need an expert in Windows Server, IIS management, C# development practices and Active Directory to help you effectively create and maintain your solution.
And SharePoint consultants aren’t famous for offering a whole lot of aftercare, at least not without extra payment.
2. Does SharePoint come with the right document controls for medical device development?
Yes. And no. Document controls are central to building a medical device quality management system. They are the tools and procedures you need to identify, approve, publish, share and make obsolete documents throughout their lifecycle. If you’re using SharePoint, and have enough time and resources, you can just about build the necessary workflows to control documents in the way that works for you - and meets the regulation. But it’ll be challenging.
3. Can SharePoint handle workflows and design phase gating?
Of course. It’s a powerful piece of configurable software. But it doesn’t come with templates specific to medical device design and development, including non-conformance, complaint capture and CAPA procedures.. As a result, you may struggle adapting what’s already there to fit the specific requirements. And you may also have to build a lot from scratch. From a long list of document control requirements you’ll need to:
- Automate periodic checks of SOP documentation to ensure continuing compliance
- Automate approval reminders to keep documents flowing through your system
- Set up change control sequences
- Handle phase gating to meet formal, design control requirements
- Set up training attestation sequences and training completion matrices
4. But what about e-signatures?
There’s no built in electronic signature approval solution with SharePoint that can meet the GXP and FDA CFR 21 Part 11 regulations. You’ll be using third party integrations and your own development skills to achieve some of the most exacting FDA requirements. These include managing access to signatures, controlling passwords, authenticating identities and appending each signature’s meaning to your audit trail.
5. Can SharePoint control your versioning?
Yes. SharePoint can control your versioning. It can automatically name each iteration of a document you create using a defined format. It can help you differentiate between ‘minor’ and ‘major’ versions of each document - so you know when something is a draft and when it is the final approved version.
But proprietary document management systems specifically built for the regulated industry can do a much better job of versioning for you, straight out of the box. They can discriminate between ‘drafts’ and ‘issues’ in unmistakable ways. They can ensure only the latest versions of documents can be accessed by the wider team, but give those who need it full access to previous versions. They can watermark your files to ensure their current status are always clear to the reader. They can list the changes made between versions in detailed audit trails, showing who they were made by and who approved them.
6. What will it take to validate your SharePoint QMS?
Validating your homegrown, SharePoint QMS can be an extra challenge when you haven’t got the support of an experienced supplier to help you. Here’s a typical FDA warning letter from a company that used a SharePoint approach and couldn’t adequately validate the software.
7. How much will it cost?
As one user on the Elsmar Cove medical device forum says:
“SharePoint has some interesting features but there's nothing built in that would enable a 'turnkey' QMS support system.”
As mentioned there’s a huge amount of work to do and associated costs with developing a med dev QMS with SharePoint. You’ll likely need a consultant to come in and configure the system. You’ll also need to pay for enough seats in the software and, probably, a full-time staff member to troubleshoot and maintain the system once it’s up and running. Frankly, there’s enough configuration to do with a proprietary med dev QMS system, never mind trying to build one from the ground up.
Is SharePoint really the answer?
Configuring a SharePoint QMS, maintaining it, and updating it over time can be an immense task that detracts from the reason you are in business in the first place — to develop and sell your product.
Why would you want to spend time and effort constructing a bespoke platform when your priority is building your business?
If you carefully select the right document management system with the right supplier you can, together, build a solution that meets your regulatory obligations while adapting to the "unique way you do things".
This might be a difficult balance to achieve, but it’s one every scaling business needs to find.