Change Management & Medical Device QMS on Confluence

August 23, 2022
Table of Contents

    Change is a constant part of life, especially so in the early days of a start-up company. But if your start-up business is in the regulated domains like MedTech, you might want to pace yourself before charging on full-steam. Most of your back-office, ways of working and interacting with other companies will be covered in written procedures. These procedures describe how you conduct your day-to-day business. If you want to do things differently, you need to change your procedures accordingly. Most likely the phrase “write what you do and do what you have written” is not unfamiliar to you.

    Change management, however, is a complex process of its own. Change can be triggered from a wide range of causes, starting from internal changes like changing your ways of working, organisational structure, your devices, capacities, etc. But a change can also be triggered externally – changes in the regulations, standards being updated regularly and as you grow or shift focus, there might be new standards or regulations that are applicable to you.

    SoftComply eQMS on Confluence

    During the years of working with Medical Device standards and serving our medtech and digital health customers, we have generated a pack of document templates for procedures and records that are based on the requirements of different regulations and standards (e.g. MDR, FDA 21 CFR 820, ISO 13485, EN 62304, ISO 14971 and more). These templates (there are over 25 SOPs and over 75 record templates included in the pack) cover all the aspects of the external regulations and are filled with guidance for the user to start working with their company’s Quality Management System.

    Atlassian Confluence is the preferred “home” for these documents, although you can export them to Word and pdf format, as well. Confluence is an excellent repository for your QMS documents together with the electronic document approval workflows, e-signatures and automatic change history table that are all supported by Confluence apps. The powerful search feature of Confluence helps you navigate the content in no time.

    Once you start filling in the templates with your company and your device specific information, the system becomes “live”. As with any live system, this is now subject to a lot of changes.

    Below, you will see how we track the compliance of our QMS content so that we would be equipped to adapt in the case of external changes of different regulations.

    Compliance Matrices

    A compliance matrix (sometimes called a requirements compliance matrix) is a tool you can use to cross-reference a business proposal with the request for proposal (RFP). It’s a table that spells out each requirement stated in the RFP and then lists exactly where in your proposal (section, page number, etc.) that requirement is addressed.

    In regulated industries this is also used to describe where and how a company’s QMS complies to the applicable standards and regulations.

    A compliance matrix is a powerful tool that enhances the usability of the QMS for several aspects:

    1. During its creation, it guides the company through a structured review of the QMS against the applicable clauses;
    2. It helps the company to maintain the QMS during changes to the content and changes to the standards and regulations; it pinpoints the documents in the QMS that should be reviewed when a standard or regulation changes;
    3. It improves the auditability of the QMS; providing such a matrix to an auditor (internal or external) makes the auditor’s job much easier and more efficient;

    Despite this, not many companies have a detailed compliance matrix.

    How to Create a Compliance Matrix

    1. Read through the standard / regulations line by line. As you find clauses, add them to the first column of the table in the order that they appear in the document.
    2. For each clause or sub-clause, note the number and title.
    3. Use the next column to indicate where the requirement is fulfilled. This can be a procedure, the Quality Manual or Policy, templates or actual quality records. The level of granularity is up to the Company. More details make the matrix more useful, but can also make it very complex, especially if the evidence is spread across different processes.

    Best Practices for Building a Compliance Matrix

    1. Create your matrix at the beginning of the design of your QMS.
      The compliance matrix should guide you as you write the QMS outline and create your processes. If you wait until the end to create it, you’ll miss out on a lot of benefits.
    2. Match the language used in the standards / regulations.
      Avoid confusion by using the exact language and terminology found in the standards and regulations. Resist the urge to paraphrase or reword clauses. If clarification is needed, use a notes column to collaborate with your team.
    3. Continuously update the matrix.
      As you create your QMS outline and subsequent process drafts, the sections of your QMS may shift. Update the response location column of your matrix to reflect any changes.
    4. Share your matrix with the wider team.
      While the compliance matrix is typically created by the QA/RA group for internal reference only, it can be helpful for the rest of the Company too.

    The SoftComply eQMS now features full compliance matrices for ISO 13485:2016, IEC 62305:2015 and ISO 14971:2019 and 21 CFR 820. You can see the SoftComply eQMS compliance matrix for ISO 13485 in eQMS User Guide.

    Excerpt of the SoftComply eQMS Compliance Matrix: SoftComply eQMS & ISO 13485 Clause 4

    Table of Contents

    Ready to get started?

    Contact us to book a demo and learn how SoftComply can cover all your needs

    New Cybersecurity Risk Management Features in Jira
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    November 8, 2024

    The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...

    Medical Device Compliance Guide
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    September 23, 2024

    Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

    CVSS-FDA-cybersecurity-medical-devices-1712x599-c
    Picture of Matteo Gubellini

    Matteo Gubellini

    Regulatory Affairs Manager
    September 16, 2024

    This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....