Change is a constant part of life, especially so in the early days of a start-up company. But if your start-up business is in the regulated domains like MedTech, you might want to pace yourself before charging on full-steam. Most of your back-office, ways of working and interacting with other companies will be covered in written procedures. These procedures describe how you conduct your day-to-day business. If you want to do things differently, you need to change your procedures accordingly. Most likely the phrase “write what you do and do what you have written” is not unfamiliar to you.
Change management, however, is a complex process of its own. Change can be triggered from a wide range of causes, starting from internal changes like changing your ways of working, organisational structure, your devices, capacities, etc. But a change can also be triggered externally – changes in the regulations, standards being updated regularly and as you grow or shift focus, there might be new standards or regulations that are applicable to you.
SoftComply eQMS on Confluence
During the years of working with Medical Device standards and serving our medtech and digital health customers, we have generated a pack of document templates for procedures and records that are based on the requirements of different regulations and standards (e.g. MDR, FDA 21 CFR 820, ISO 13485, EN 62304, ISO 14971 and more). These templates (there are over 25 SOPs and over 75 record templates included in the pack) cover all the aspects of the external regulations and are filled with guidance for the user to start working with their company’s Quality Management System.
Atlassian Confluence is the preferred “home” for these documents, although you can export them to Word and pdf format, as well. Confluence is an excellent repository for your QMS documents together with the electronic document approval workflows, e-signatures and automatic change history table that are all supported by Confluence apps. The powerful search feature of Confluence helps you navigate the content in no time.
Once you start filling in the templates with your company and your device specific information, the system becomes “live”. As with any live system, this is now subject to a lot of changes.
Below, you will see how we track the compliance of our QMS content so that we would be equipped to adapt in the case of external changes of different regulations.
Compliance Matrices
A compliance matrix (sometimes called a requirements compliance matrix) is a tool you can use to cross-reference a business proposal with the request for proposal (RFP). It’s a table that spells out each requirement stated in the RFP and then lists exactly where in your proposal (section, page number, etc.) that requirement is addressed.
In regulated industries this is also used to describe where and how a company’s QMS complies to the applicable standards and regulations.
A compliance matrix is a powerful tool that enhances the usability of the QMS for several aspects:
- During its creation, it guides the company through a structured review of the QMS against the applicable clauses;
- It helps the company to maintain the QMS during changes to the content and changes to the standards and regulations; it pinpoints the documents in the QMS that should be reviewed when a standard or regulation changes;
- It improves the auditability of the QMS; providing such a matrix to an auditor (internal or external) makes the auditor’s job much easier and more efficient;
Despite this, not many companies have a detailed compliance matrix.
How to Create a Compliance Matrix
- Read through the standard / regulations line by line. As you find clauses, add them to the first column of the table in the order that they appear in the document.
- For each clause or sub-clause, note the number and title.
- Use the next column to indicate where the requirement is fulfilled. This can be a procedure, the Quality Manual or Policy, templates or actual quality records. The level of granularity is up to the Company. More details make the matrix more useful, but can also make it very complex, especially if the evidence is spread across different processes.
Best Practices for Building a Compliance Matrix
- Create your matrix at the beginning of the design of your QMS.
The compliance matrix should guide you as you write the QMS outline and create your processes. If you wait until the end to create it, you’ll miss out on a lot of benefits. - Match the language used in the standards / regulations.
Avoid confusion by using the exact language and terminology found in the standards and regulations. Resist the urge to paraphrase or reword clauses. If clarification is needed, use a notes column to collaborate with your team. - Continuously update the matrix.
As you create your QMS outline and subsequent process drafts, the sections of your QMS may shift. Update the response location column of your matrix to reflect any changes. - Share your matrix with the wider team.
While the compliance matrix is typically created by the QA/RA group for internal reference only, it can be helpful for the rest of the Company too.
The SoftComply eQMS now features full compliance matrices for ISO 13485:2016, IEC 62305:2015 and ISO 14971:2019 and 21 CFR 820. You can see the SoftComply eQMS compliance matrix for ISO 13485 in eQMS User Guide.
