Posted on

UKCA, MDR2002 and why May 2025 is so important

The MHRA have provided a further update to the implementation of the future regulation of IVDs in Great Britain on the 16th June 2023. This follows on from earlier updates pushing back the timelines for UKCA marking for IVDs.

Here are the key timelines for placing IVDs on market in Great Britain:


When using CE marking

  • In Vitro Diagnostic Medical devices (IVDs) compliant with the EU in vitro diagnostic medical devices directive (EU IVDD) can be placed on the Great Britain market up until the expiry of certificate, or 30 June 2030. This is only applicable for devices where a declaration of conformity has been drawn up prior to 26 May 2022
  • IVDs compliant with the EU in vitro diagnostic medical devices regulation (EU IVDR) can be placed on the Great Britain market up until the 30 June 2030.

For devices continuing to utilise the IVD Directive certification (IVDD List A, List B or Self-test devices): while in practise, the 30 June 2030 offers a long lead-time, in reality this is dependent on the expiry of your CE certification. Article 110 of the IVDR states that IVDD CE certificates can be used up to their expiry or until 27 May 2025. Beyond that date, devices which have an IVDD Certificate can not be placed on market in either the UK or EU.

General IVDs under the IVD Directive, for which the conformity assessment did not require a notified body, can only be placed on the Great Britain market if the involvement of a notified body would be required under the IVDR (Class A Sterile, B, C, D) up until 30 June 2030, taking into account the IVDR transition dates applicable for each device class.

What are the deadlines for EU IVDR (2017/746/EU)?

The transition dates are as follows:

26 May 2022 – Class A, New devices

26 May 2025 – Class D devices

26 May 2026 – Class C devices

26 May 2027 – Class B, Class C Sterile

This has been explained in an info graphic by the MHRA.


When using UKCA Marking

Devices can now be placed on the UK market under a UKCA. Currently, this can be completed under the existing MDR2002 (similar to the EU IVD Directive). From the 26 May 2025, all new devices placed on market under UKCA will be required to meet the new regulatory framework, which is due to be published later this year.

It is expected that devices placed on market under the UKCA before 25 May 2025, must comply with the new regulatory framework from 30 June 2030.

The transition process above gives the industry an opportunity to benefit from the use of the existing UK MDR (IVDD) framework, where general devices can continue to use self-declaration before the deadline (707 days to go!!) While progress can be made on compliance to EU IVDR.


Further Updates

Further information will be provided regarding Post Market Surveillance requirements (expected in the next 3-6 months) and the full draft regulation at the end of 2023 – early 2024.

We encourage IVD manufacturers to review their device portfolios, classification and certification against the timelines above, and start preparing for the transitional process. IVDeology are currently supporting a number of international companies through the IVDR and UKCA transition. For more information on how we can support you, book a call with Casey or e-mail [email protected].

Posted on

Integrating ISO27001 and ISO13485

Information Security and Quality Management Systems (ISO 27001 and ISO 13485) : How can they be integrated? 


By Fiona Beardwell, Regulatory Specialist and Linda Garrod, QMS specialist

ISO 27001 details the requirements for establishing, implementing and maintaining an information security management system (ISMS) for managing and protecting company information including personally identifiable information. Those medical device companies seeking to work with government organisations, like the NHS, quickly discover the expectation for some form of Information Management and Cyber security system. ISO 27001 certification is one way to fulfil these expectations, and the principles covered by ISO 27001 are closely aligned with the NHS digital toolkit/data security requirements. 

As many medical devices now include a software element or are software-only devices (known as SaMD – software as a medical device), information security has become increasingly important to manufacturers. Furthermore, tightened privacy laws across the globe place additional responsibilities on manufacturers to protect patient data and prevent cyber-attacks which could result in patient harm. Rather than having separate and disjointed management systems for information security (ISO 27001) and Quality Management System for medical devices (ISO 13485), having one holistic system established within the organisation, ideally during the Design and Development, will support creation of safe and secure medical devices and supporting systems. Both standards apply a risk based approach to the Management System.

ISO 13485 applies risk in the context of risk to safety and performance of the medical device. For ISO 27001, risk and opportunities are key inputs into the planning of the Management system from a prospective of achieving ISMS intended outcomes, reducing undesired effects and aiding determination of the Annex A controls to be applied. Therefore, I would recommend approaching information security risks and medical device risk management separately. Where the information security risks relate to an SaMD or onboard software of a physical medical device, relevant elements of the information security risks shall become an input to the ISO 14971 risk assessment process. ISO 27001 and ISO 13485 apply the same core management system principles of Plan, Do, Check, Act and following this approach aids designing standardised approaches to processes.. 

So, for those looking to start your ISMS & QMS journey, the first key steps falls within the Plan phase, where you;

• Identify all the applicable industry standards and regulatory requirements relevant to your device, systems and the information involved.

• Identify your interested parties including patients, users, customers, suppliers and regulators and their requirements/expectations. 

• Identifying your existing business systems, resources, organisational competencies and infrastructure needs 

Pulling all these elements together and identifying any conflicting requirements allows you to devise a clear plan for creation of your managements system, as well as your quality and information security objectives, which will drive your future activities. Commented [LG1]: Might be worth including global privacy laws as another reason for info security and an increase in cyber attacks

The ‘Do’ phase can be the longest and most intense part of any management system implementation as you create meaningful policies and procedures, designed with the user in mind, guiding your team through the processes needed to consistently generate the desired output, support production of safe devices, securely manage data and utilise a risk based approach to all activities. While it may be optimal to create a holistic management system from the start that doesn’t mean, if you already have an established ISO 13485 QMS, that incorporating the requirements of ISO 27001 is impossible. In fact in many areas the requirements can be built into your existing ISO 13485 procedures and simply complemented with additional policies and procedures where appropriate. 

Where your management system contains requirements from multiple sources, your ISO 13485 mandated Quality Manual is an excellent place to explain the applicable regulations and the interactions of the processes. I would recommend providing an overview in the opening sections of the manual, including where possible a visual depiction of the interacting QMS and ISMS processes, and then providing additional detail on the specifics of the Information Security Management System at the end of the manual. This structure will help to provide top level clarity of the interacting processes with easy access to further information where required. This can be particularly useful in certification audits to easily explain the elements relevant to each standard. The ‘Check’ and ‘Act’ phases of both standards ensure security of processes and data, safety of devices and continual improvement of the management system. Internal audits are a feature of both standards and allow for reflection on the processes implemented and potential opportunities to improve. A good management system is never done; it should always grow and adapt as the risks and requirements within the field in which it operates evolve. Elements such as change control, management review, nonconformity and corrective action can drive continual improvement, which is crucial to all Management Systems.

ISO 27001 confers a number of benefits to your organisation:

1) Compliance – provides a framework to comply with regulations regarding data protection, privacy and IT governance and contractual obligations. 

2) Gives you a marketing edge to differentiate your company from competitors. 

3) Reduces expenses cause by incidents. Preventing incidents in the first place saves money in the long run. 

4) Strengthens your organisation by defining responsibilities and processes. 

So If you need any help with integrating ISO 27001 into your company, or even want to begin implementing your QMS as a starting point, then please contact us here and Casey will point you in the right direction

Posted on

Reflections of an external PRRC

As you may know, IVDeology provides compliance support to IVD companies around the world. We love working with SME IVD manufacturers and economic operators (UKRP, Distributors, Importers) who don’t always have sufficient capabilities or bandwidth to address the quality or regulatory compliance needs required under IVD regulations in the EU, UK or rest of the world. Being part of our customer’s compliance support bubble, we can really help them understand how to navigate compliance, either pre-registration or as part of post-market surveillance activities. 

IVD manufacturers who place devices on the EU market, under the EU IVDR, are required to have a Person Responsible for Regulatory Compliance (PRRC), defined under Article 15. For UK SMEs, this role can be outsourced within the same geographic area (the UK). 

The role of a PRRC is to ensure that:

  • The conformity of the device is checked,
  • The Technical Documentation and Declaration of Conformity are available and up to date,
  • Effective post market surveillance is performed,
  • Any performance evaluation studies are performed correctly,

Our team have all had roles similar to this within big IVD companies, and having a good oversight of design & development, change control, risk management and vigilance is key to making sure the device remain compliant. This however can be difficult as an outsider looking in. This is why is it important to build a good relationship and a high level of trust between the manufacturer and external PRRC. But it also requires a good quality and regulatory culture within the manufacturer, even if they do not a QA or RA head count – and this is the tricky bit!

Leadership has an important role to play here, in fostering a great understanding throughout the company of Quality/Regulatory culture, and this should be done as part of the relationship building with the external PRRC. For the business leaders I say – please don’t consider that QA RA compliance responsibilities lies completely with the external party. You still have a responsibility to build an understanding of QARA internally, the external PRRC plays an important role in helping you do this. 

We are aware that this takes an investment of time and unfortunately money, but having an external PRRC, when done right, can make a massive positive difference to your organisation, maintain compliance, and can reduce the need for an additional expensive headcount.

To learn more about the support IVDeology provide, and how to implement the PRRC role, either internally or externally within your organisation, contact Casey for further information.

IVDeology are proud sponsors of TEAM PRRC

Posted on

Experiences from an Audit

Its mid-morning, and you’ve been called by your management to the ‘Audit Holding Pen’, the backroom next to the room where an external auditor is performing an assessment of your Quality Management System, your QA manager is in the room and already looking stressed and tired. 

About an hour later, you get called in, specifically to discuss a non-conformance report you raised 8 months prior. The audit room is quiet, but the auditor smiles and invites you to sit down next to them, and in front of your NC report. They ask you to explain what happened, what steps you took and how you investigated the non-conformance – but your mind goes blank. You can barely remember your name, let alone how you completed the investigation!…

For anyone who has been in an audit, they may have similar stories, but whatever the experience, it can be a very challenging environment, especially if you are new to audits.

The purpose of the audit is to make an independent assessment of your quality management system, or Quality/Regulatory ecosystem. This can be via a notified body, competent authority, customer or corporate party. The audits can be planned, or unannounced, and can vary in scope and length. 

With many diagnostics companies, the transition to EU IVDR, UKCA or transferring to the USA (FDA), having external audits is a new addition to your organisation. Handling an audit effectively is a key skill that takes years of practise, but there are some things you can do to give you best chance of success:

  • Build a process for audit management: When the auditor turns up on your doorstep, it is really important that everyone knows what to do. Who should receive them? Where can they go while you notify your team and organise your audit management?
  • Ensure management buy in: Strong leadership is key here, pull in whoever needs to be involved, this may be top or middle management depending on your organisation. Keep the communication stream going, this will give them a heads up on the audit progress, and allow you quick access to any expertise you may need.
  • Be clear on roles and responsibilities: While sometimes it is easier to control the audit within a closed group, the reality is that you may need the support of others throughout the day. If you are the main auditee, your time will be focused in the room. Establish a role outside the audit room who can coordinate documents, people and tea/coffee. Giving your staff experience of the audit process is a great development opportunity, we’ve all got to learn somehow!
  • Establish good quality culture: There is no substitute for building a strong quality environment around you. Building robust processes which are well understood and followed, will make the audit go much smoother! Establishing a good quality culture takes time, but adds real value and makes life much easier in the long run.
  • Build in mock audits into your quality system: If your team are new to external audits, why not perform a few mock audits in addition to your internal audit programme. It may be disruptive for a day, but the organisation will learn so much from it. It will also give people some additional confidence when it comes to the real thing.

Our team all have their own stories from grilling, or being grilled at an audit. We can help you in a number of ways:

  • Mock audit: We can be an independent external auditor, to come in and help your company test your audit robustness. We can use our audit management experience to interview your team and give you honest, constructive feedback on how you can effectively manage the process
  • Audit training: Our workshop events can help you establish a process to manage your audits, and help you assign the roles and responsibilities your team needs
  • In-audit support: Sometimes you just need a steady hand in the audit. We can sit with you in your audits and help you explain, justify and understand the audit requirements and outcomes. 
  • Post-audit support: We can help you understand, plan and implement any corrective actions from audit non-conformances

However you manage the process, the audit process should be seen as a positive experience, and it is critical to the continued growth and improvement of your quality management system. For more information, including how we can help you with your audits, book a meeting with our team.

Posted on

Happy 1st Birthday, EU IVDR date of application!

It’s officially a year after the date of application (DoA) for the EU IVDR, and although there are transition dates for the legacy devices, the requirements for post-market surveillance (PMS), market surveillance, vigilance, registration of economic operators and of devices have been in place since the DoA – 26th May 2022. 

Therefore, there is a need for manufacturers to comply with the Post Market Surveillance obligations for ALL CE-marked products now.

So, what does this mean for me today? 

All manufacturers of CE-marked devices must have a PMS procedure within their QMS that aligns with the requirements established in Articles 78 to 81, Annex III and Annex XIII Part B. The procedure should link to the relevant procedures for Risk Management, CAPA and Performance Evaluation.

A PMS Plan must be created for each of your devices (according to Annex III). This should include:

  • what data you will be collecting for your device – data such as complaints, adverse events, trends, production information, literature searches, feedback from users, importers & distributors; how frequently will you be collecting the data,
  • how you plan to analyse the data collected – what methods you will use, who will complete the analysis.
  • what you will then do with the results – reassessment of the benefit-risk analysis, investigations, determining the need for any CAPAs or communication with customers, Competent Authorities, Notified Bodies and Economic Operators.

It should include proactive data collection, such as from customer surveys, not only relying on data from complaints and trends. It should also include a Post Market Performance Follow-up Plan (according to Annex XIII Part B) or a justification as to why this is not necessary. 

The plan should also include the frequency of review required. For Class A & B, you can justify the frequency of PMS reporting based on the risk of your device. For Class C and D CE-marked products, the requirement is for PMS to be carried out annually and therefore the first ANNUAL review will be coming up! 

For Class A & B devices the outcome of the Post Market Surveillance will be documented in a PMS Report (according to Article 80) where the results are summarised together with the conclusions drawn and any actions required are documented. For Class C & D, the outcome of the PMS will be documented in a Periodic Safety Update Report (PSUR) (according to Article 81), unless they are still currently CE marked under the IVDD where under the transition, according to the published guidance MDCG-2022-8 on legacy devices, a PMS report is the minimum requirement for these devices unless a manufacturer voluntarily prepares a PSUR. The PSUR, in addition to the results, conclusions and actions required by the PMS Report, also includes the conclusion of the benefit-risk determination, the findings of the PMPF and volume of sales, estimation of the size and characterisation of the population using the device and the usage frequency.

So, what should I do next?

  • Make sure that you have the relevant procedures and templates in place to meet the IVDR requirements for PMS.
  • If you are a manufacturer of a Class A or B device, ensure that you have a PMS plan in place for all your devices and that you are collecting the data that you have determined within the plan is appropriate.
  • If you are a manufacturer of a Class C or D device, start preparing for your first PMS review and creating the required report for your device.

If you want to know more or feel that IVDeology could help, then book a call with Casey here

Posted on

Post Market Surveillance – What’s expected?

The MHRA recently announced plans to release new requirements later this year for post market surveillance for IVDs for implementation mid-2024 ( if you missed this, you can read about it here in another post of ours here). However this does not mean that manufacturers currently do not have obligations for post market surveillance (also known as PMS). 

Even under the IVD Directive, which the UK MDR 2002 references, post market activities are required. Annex III part 5 states:

“The manufacturer shall institute and keep up to date a systematic procedure to review experience gained from devices in the post-production phase and to implement appropriate means to apply any necessary corrective actions, taking account of the nature and risks in relation to the product.”

This means that as manufacturers you still need to be collecting data on how effective your device is – monitoring your customer complaints and feedback, any incident reporting, your manufacturing information, looking at your trends, to mention just a few possible sources of information. This data should then be reviewed to determine whether any updates are required and if so these actions should be documented appropriately. Potential updates could impact your:

  • Risk Management File – Is the Severity of the risks impacted? Does it impact your frequency of occurrence of known risks? Are there new risks that you haven’t included?
  • Instructions for Use & Labelling – Do you need to add additional warnings? Are your instructions clear enough?
  • Training – Is any training that you provide sufficient? Is additional training necessary for your users?
  • Other products – Does the issue impact other devices you manufacture? 

Moving forward, we are also wondering what to expect in the new requirements. The consultation response released by the UK government indicates that they want “to clarify and strengthen the requirement for manufacturers to implement a post-market surveillance system”. It is expected that the new requirements will be broadly similar to the requirements for post market surveillance in the IVD Regulation. Good news if as a manufacturer you are also CE marking your device, this is likely to mean that most of the new expected requirements will be in place and when further guidance is shared by the MHRA, your procedure will only require some small adjustments to accommodate any local differences. 

Post market surveillance can often feel like a very time-consuming, resource heavy exercise which many manufacturers only complete in order to meet the regulatory requirements. However this is such a waste. As a manufacturer, PMS enables you to collect real-world data of your device being used by your intended users in your intended use environment – data levels which no clinical trial would be able to replicate. This data can then be used to show that your device is still safe and effective, something which all regulatory authorities will be looking for. 

So as a manufacturer what should you do next:

  • Review your procedure – make sure it aligns with the MHRAs requirements
  • Create a PMS plan – ISO/TR 20416 gives great guidance for this
  • Determine what data you have available for your device and where that data comes from. Look at the best way for collating and analysing the data you have available

If you need any assistance with your post-market surveillance procedure or creating your PMS plan then IVDeology can help. Book a call here and have a chat with our friendly team.

Posted on

That’s a RAPS!

On 8th and 9th May 2023 I took part in something that I think could be a huge step forward in providing a credential for Regulatory professionals looking to move into or already covering the role of Person Responsible for Regulatory Compliance (PRRC). The RAPS regulatory compliance certification programme. The IVD regulation is clear as to the requirements that the PRRC must have in education and experience. However, the minimum level of degree level qualification in law, medicine, pharmacy or other scientific discipline and one year’s regulatory or quality specific IVD experience is not, in my opinion, enough to equip an individual for this highly responsible role.

The Regulatory Affairs Professional Society (RAPS) has been offering the Regulatory Affairs Certification (RAC) since 1991 and in 2019 they initiated the Device specific RAC. The introduction of this credential has gained traction and is often stated as preferred that a candidate holds this credential in US job adverts. With the PRRC role now being a requirement for compliance to the IVD Regulation in the EU RAPS has again risen to the need for a tangible credential which demonstrates an in depth knowledge of the IVD Regulation 2017/746 or the Medical Device Regulation 2017/745.

The process that I was involved with was to provide subject matter expertise, along with other SMEs, to review each of the questions constructed for this new certification examination. We were given the instructions to review for content, and accuracy, to check source references and also provide wording for adjustment to any questions we considered required amendment. This process took two full days, carefully checking and also identifying where questions had been repeated, or where there may be too many questions focussed on the same area.

I really enjoyed the chance to work with a group of experts, from many different backgrounds, to ensure that the final collection of questions would provide a true test of an individual’s knowledge of the IVD Regulation and hence a pass would provide a clear credential for public scrutiny. While there is no suggestion that this new certification programme should be made compulsory for those wishing the be a PRRC it can go a long way to provide confidence that someone is ready to perform in this role

If you’d like to learn more about our services, including appointing a PRRC, please get in touch here

Posted on

Platinum Healthy Workplace Award – Thrivall and IVDeology

IVDeology Pioneers Productivity-boosting Mental Health & Wellbeing Programme with Thrivall to Win Platinum Healthy Workplace Award

Medway-based company IVDeology, is excited to announce a recent partnership with proactive workplace mental health and wellbeing programme Thrivall.

Founded in 2018, IVDeology is a growing team of like-minded, friendly professionals who are passionate about regulatory affairs within the in vitro diagnostic medical device industry. The company brings a flexible and pragmatic approach to support other businesses in navigating IVD quality and compliance requirements.

Working from offices in the Chatham Historic Dockyard, IVDeology is focussed on ensuring flexibility, personal development and gender equality within the team. Co-founders and directors Stuart Angell and Nancy Consterdine share a belief that supporting staff and helping them grow will create benefits for both their own business, and also for customers. 

Thrivall Managing Director and Co-founder Anwen Cooper commented: “We are delighted that IVDeology have chosen to pioneer the Thrivall programme with their team. Our structured and sustained approach is designed to provide outstanding levels of colleague care to support everyone in the business to realise their full potential while also delivering increased productivity and boost bottom-line results for the business.” 

Dan Corpe, Thrivall Partnerships Director and Co-founder adds: “The Thrivall programme focuses on bettering the individual for the betterment of the organisation. IVDeology is a great example of a forward-thinking, people-focussed business which has embraced the Thrivall ethos as they fully understand the benefit of investing in their team.”

Thrivall brings together qualified and experienced experts to deliver a uniquely structured solution to workplace wellbeing and mental health. Combining an evidence-based and comprehensive programme, Thrivall delivers team training workshops on all aspects of wellbeing, along with regular proactive counselling and professional performance coaching sessions for every individual within an organisation. In addition, impact is measured through regular benchmarking evaluations to track progress and demonstrate return on investment. 


IVDeology Managing Director Stuart Angell said: “Thrivall has fundamentally changed how our business feels. The team build effect is palpable. Two colleagues have approached me separately to say how the programme is going to change their lives for the better. We really appreciate how Thrivall has given us all a shared language around mental health.”

Nancy Consterdine, Director of Training and Compliance at IVDeology added: “We are delighted that our commitment has been recognised by the Medway Healthy Workplace Awards Programme. We have progressed over the last few years from Bronze, through Silver and Gold and have now been given the Platinum Award. This is the highest-level recognition of the continued investment we’ve made to date in the wellbeing of our team.”

Notes to editors:

More info about IVDeology: www.ivdeology.co.uk¦More info about Thrivall: www.thrivall.co.ukEmail [email protected] and [email protected] for further 

Posted on

Go West Young SME!

In the recent budget announcement from Jeremy Hunt , it referenced the intension to enable the MHRA to sign-off medicines and technology already approved by trusted regulators from 2024. There is already Project Orbis – GOV.UK (www.gov.uk) which provides a framework for concurrent submission and review of oncology products among international partners. This is co-ordinated by the U.S. Food and Drug administration alongside MHRA and involves the regulatory authorities of:

  • Australia (Therapeutic Goods Administration (TGA))
  • Canada (Health Canada)
  • Singapore (Health Sciences Authority (HSA))
  • Switzerland (Swissmedic)
  • Brazil (Agência Nacional de Vigilância Sanitária (ANVISA))

Additionally MHRA together with the regulatory authorities of Australia, Canada, Singapore and Switzerland is part of the Access Consortium Access Consortium – GOV.UK (www.gov.uk) which is a medium-sized coalition of regulatory authorities that work together to promote greater regulatory collaboration and alignment of regulatory requirements.

What might this have to do with Medical Devices?! I can hear you asking, neither of the groups above currently mention them. However, these could be seen to be setting the precedent, the closer ties that the UK government is building with the USA, Canada, Australia would immediately seem to be the most logical states to be considering when talking about approvals from trusted regulators. Additionally, with the MHRA official delay of the new UK Medical Device regulation out to June 2025 it gives IVD Device manufacturers to possible opportunity to look at a two pronged regulatory strategy for launch. 

It may be wise for manufacturers looking to bring new devices to the market in the next couple of years to seriously consider forgoing the EU as the first port of call for registration approvals. The US FDA 510K/PMA process is a clear, well understood process which does stick to timelines unless real issues are identified during the review. The pre-submission process is a way for a manufacturer to gauge how the FDA is viewing the device and feedback, whilst not direct advice, allows adjustment before final submission. This allows the manufacturer to have the best opportunity for approval with as little too and fro as possible. For manufacturers who have an innovative device, the Breakthrough Device Designation programme may be to route to take Breakthrough Devices Program ¦ FDA

By looking to bring devices to the UK market through the current UK MDR 2002 which is based around the IVD Directive requirements, allowing many manufacturers to self-certify, and simultaneously submit to the US FDA, two recognised regulatory approvals could be delivered within 6 months of file submission. EU IVD Regulatory approval should not be dismissed but for start-up organisations, where revenue is key, this approach would result in getting to market sooner and being more attractive for acquisition if that was an attractive proposition. 

If you are interested in learning more around UK MDR support and or US FDA requirements please get in touch [email protected] or book a slot in my calendar

Posted on

My ISO9001 Journey

Back in 2018 when Nancy and Stuart had founded IVDeology, I was working as a lab technician in IVD manufacturing, where I had been for 14 years. In May 2019 I took the step to join Nancy and Stuart to help build and grow IVDeology. It was a no brainer as I knew there would be so many opportunities to learn and grow with the company and make a difference in the world of diagnostics.

At the start we knew we wanted to setup a QMS. We were all from lab environments so had lived and breathed in the ISO 13485 world. We knew by having a certified QMS it would help define and control our processes and give our clients confidence in our commitment to customer satisfaction and continuous improvement. For our business we decided ISO 9001:2015 was the most appropriate standard for our needs. 

My role as Operations and Quality systems Co-ordinator was to setup up and maintain our QMS. This was a great challenge as I had only ever worked within a QMS and had not been involved in the day to day running or setting up of one.

We tried using our current Microsoft system, but we really struggled with some of the document control features we wanted, and it just seemed to be really clunky. 

Then one of our customers introduced us to Cognidox. Cognidox is an electronic document management system but also so much more. After the demo we realised it ticked all the boxes we required from an EQMS. 

So we signed up for a trial and got to work creating the documents we needed for our company and to be compliant to ISO 9001:2015.

We created all the procedures, policies and forms and got through our stage 1 audit and once we were fully using the system got through stage 2 to gain certification in Jan 2021. 

That was a huge achievement and milestone for the team and I.

I am even more proud of this achievement as you may remember January 2021 we went into lockdown a second lockdown, and we had another period of home-schooling our then 5-year-old. Let’s just say this was a tough time, but I feel I came out of it stronger, and with more confidence to face future challenges. 

Though it wasn’t the end of the story of course, as with all QMS’s we are continually reviewing, updating, and improving our documents to evolve with the company. 

We lived with the documents and started to learn what worked and didn’t work for us within the scope of the standard. 

As a result, our documents are now much more streamlined as we’ve gone for a simplified process flow approach, as we’ve found these to be much more effective for our company. Cognidox were there to listen to our queries, our wants and needs, and make it work for us. It wasn’t a one size fits all which some EQMS can be.

We have a really robust process for CAPA, change control and staff training. It’s tailored to fit our quality and operational needs.

We have got through 2 successful surveillance audits, and we look forward to our recertification audit in December this year.

I have learned so much from this journey:

  • oRealising the perfect procedure or document doesn’t exist, they should always be evolving, the simpler the better and always designed with the user in mind. 
  • oDon’t over complicate things, as you can end up getting tied up in knots. 
  • oAn electronic document management system is so important for document control, training, and report functions (making management so much easier). 
  • oIt is a huge challenge, but with the right support ,hard work and knowledge it results in a huge achievement. 

Our team all have years of experience not only building quality management systems but living in them too, this helps us to understand the requirements for the people using the system to guarantee it works for the individual company.

If you require any Quality management system support or advice please get in touch, our highly experienced team are ready to help. 

We also partner with Cognidox, so if you feel you want to go from paper based to EQMS, please reach out and we can put you in touch with the team.