Compliance of myBioma

March 12, 2021

The Regulatory Compliance Journey of myBioma

Biome Diagnostics GmbH is an Austrian medtech start-up utilizing the genetic information of the microbiome and AI to develop medical diagnostic software for doctors. Biome Dx products utilize technologies such as next-generation sequencing, pipeline architectures and microservices. With their lifestyle product myBioma every European has the possibility to learn more about their gut microbiome and improve lifestyle and diet. Furthermore, the product enables to optimize their technical development flow. Since 2020, Biome Dx is the very first company in the microbiome field in the world that is certified according to ISO 13485 and ISO 9001. 

Biome Dx has written an easy-to-read yet highly practical tutorial to all agile medical device startups out there on how to prep and rock the ISO 13485 audits. A summary of their own compliance journey is provided below.

Building Compliance on Jira and Confluence with SoftComply apps

As a passionate and tech-driven company we loved the idea of building a software that positively impacts patients’ lives, however, we were unaware of the regulatory horrors to come. During our first exchanges with other medtech start-ups the phrases “QMS” and “ISO 13485” were often used without us fully grasping the importance of such a system. Clearly quality is always of the highest priority for a start-up — what else could there be to understand?

Specifically, in the beginning of a development process for medical software one might not think about documentation and integrated standards. How do you review code? How do you plan integration tests? Who has which responsibilities? How is a new feature validated? Where is the validation documented? What risks are associated with the product and how high is the probability of occurrence? How do you version your machine learning model so it’s compliant? How do you handle unique device identification in a microservice environment?

“Even though it is tempting, don’t start building the product without thinking about regulatory requirements and the certification process ahead.”

As an agile company we realized we didn’t want to have a zombie QMS (QMS that is never touched) brings more overhead to the company than it actually eases processes by having them defined. We didn’t want to have a documentation in place that is setup once and only adapted in some night sessions shortly before the audit.

This is why we decided to use an electronic quality management system (eQMS) to integrate in our sprint management. There are several systems available on the market, however, none fitted our requirements perfectly.

Specifically, we were mostly confronted with the following problems:

  • lack of integrations
  • terrible usability (Win95 style)
  • too complex usage
  • lack of exportability

After extensive reviews we chose the Atlassian products Jira and Confluence.

Jira covers the sprint management containing medical user needs (=epics) and software requirements (=tasks). It is widely used in agile software development and can excellently be integrated with popular version control systems such as Bitbucket, GitHub and GitLab where code development and versioning are depicted. With the help of external plugins you are able to even build a risk matrix in Jira mitigating risks by linking them to Jira issues.

Confluence acts as the document management system where all your standard operating procedures (SOPs) and templates are defined. With the help of companies like SoftComply, which offer quality-related Atlassian plugins, you are able to build a compliant system that includes approval workflows. The advantage is that you can write your technical documentation in Confluence and easily include requirements from Jira into Confluence pages. The linked pages are then also shown within the Jira issues.

“The advantage of Jira and Confluence based system is that we can use it for quality-related purposes and also for handling all other processes and documentation within the company, which helped creating an eQMS that is operated on a daily basis. Moreover, such an integrated eQMS reduces the number of tools adopted by the team, making it easier to get everyone familiar with its usage.”

For the full tutorial on how an agile medical device company can master an ISO13485 audit by Biome Dx, please continue here

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Medical Device Compliance Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 23, 2024

Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

CVSS-FDA-cybersecurity-medical-devices-1712x599-c
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
September 16, 2024

This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....

Information Security Risk Management Guide
Picture of Marion Lepmets

Marion Lepmets

CEO
September 13, 2024

Keeping your data safe is vital for every business. One way to do this is by following ISO 27001. But how can we manage these information security risks with a tool like Jira? Let’s dive in! What is Information Security Risk Management Information Security Risk Management is all about identifying,...