Although the above statement is intentionally somewhat provocative, it does hold a degree of truth. Organizations that are generally negative toward regulations and their Quality Management System (QMS) are often the very ones burdened with the most complicated and inefficient QMS. So, which came first, the negativity, or the overly burdensome QMS? 

An unnecessarily complex QMS is sometimes a symptom of limited understanding, insufficient knowledge, or a general lack of acceptance of regulatory requirements in the organization. Excessive procedures are also often introduced because the organization lacks confidence that employees will actually follow them. This leads to employees following them even less. Another frequent issue is that operating procedures are developed without input from those who actually perform the work, resulting in processes that do not align with the actual needs.

So, what is the key to success?

The first and most crucial step—highlighted in every regulation—is the commitment of top management. If the CEO views “quality” as just another cost and the sole responsibility of the Quality Department, the path to success will be long and difficult, if not impossible. Moreover, top management’s involvement must be visible in practice, not just in words. Actions speak louder than words, and the importance of this cannot be overstated.

A key aspect of this commitment is ensuring that all staff, including the CEO, receive quality and regulatory training. Depending on the organization, training can be tailored in various ways. For larger organizations, a general training session for all staff, followed by more specific, department-focused sessions, can be particularly effective. This approach allows each department to delve deeper into areas most relevant to their work and address their specific questions. Undoubtedly, the CEO’s participation in quality training is not only a requirement but also sends a powerful message to employees about its importance.

Another important step to get acceptance and commitment to the QMS is to encourage process owners to take part in developing and updating Standard Operating Procedures (SOPs). Importantly, the Quality team needs to be flexible, supportive, and should avoid rigidly enforcing regulatory requirements. The goal is to ensure alignment with the intent of the regulation, rather than rigidly enforcing a single interpretation. The process owners’ proposals might almost align with the intent of the regulations, requiring only minor adjustments. Collaboration is key: the Quality team can clarify the purpose behind complex regulations, while process owners can provide insight into practical challenges and suggest feasible solutions.

This collaborative approach to developing SOPs serves several important purposes. First, it helps employees understand the reasoning behind each requirement. It also fosters a sense of involvement and ownership among staff. After all, it’s harder to criticize a procedure you helped create. For the Quality Department, this process provides valuable insight into the practical challenges of implementing regulations.

When all parties adopt an open and non-judgmental attitude, it creates an opportunity to build a QMS that supports daily work rather than hinders it. While regulations continue to become more stringent, working together allows us to identify and apply the least burdensome approach.

Does your organization need help aligning your QMS so that it genuinely supports your day-to-day operations? Contact us to find out how our Quality and Regulatory team can help you reduce complexity, increase engagement, and deliver real value where it matters most.

FDA’s final guidance on Computer Software Assurance (CSA) for Production and Quality System Software marks a significant modernization of software validation practices. 

In late September, the FDA finalized its guidance on Computer Software Assurance (CSA) for software used in medical device production and quality systems. Replacing Section 6 of the earlier “General Principles of Software Validation,” CSA modernizes validation practices by shifting from the traditional Computer System Validation (CSV) model to a flexible, risk-based approach. The focus moves from exhaustive documentation to maintaining ongoing confidence in software performance, emphasizing assurance over validation.

The guidance aligns well with international standards, supporting compliance with ISO 13485:2016 in areas like software validation, risk management, and continual improvement. CSA also complements EU MDR requirements, including Annex I´s General Safety and Performance Requirements and Article 10’s quality system obligations, making it suitable for global regulatory strategies.

Traditionally, CSV emphasized exhaustive documentation and uniform testing, regardless of risk. CSA shifts this by focusing assurance activities on software functions that could directly impact product quality, patient safety, or process integrity. It emphasizes intended use and process impact, with context-driven rigor applied to critical functions. This ensures alignment with real-world risk and operational relevance. The guidance promotes critical thinking over checkbox compliance, encouraging thoughtful risk assessment and appropriate rigor.

Another major change is the adoption of a binary risk classification: software features are categorized as either “high process risk” or “not high process risk.” This simplification helps organizations to prioritize the validation activities better. CSA also supports the use of vendor documentation and software development lifecycle (SDLC) artifacts as valid evidence of software reliability, rather than duplicating vendor testing.

While CSA streamlines assurance activities, it requires a shift in mindset for quality and regulatory professionals accustomed to extensive validation. QA/RA teams must recalibrate their approach, prioritizing risk-based decision making and context-driven documentation. Limited documentation could be acceptable, provided it is supported by a robust, well-documented risk analysis.

In summary, CSA introduces a smarter, more agile framework for software assurance in production and quality systems. It helps manufacturers reduce unnecessary effort, enhance efficiency, and uphold standards, while encouraging a risk-based mindset aligned with real-world impact.

Do you need help implementing CSA effectively? Let our experts guide your team through risk-based validation, leveraging vendor documentation, and aligning your processes with both FDA expectations and international regulations.

 

In an industry shaped by rapid regulatory changes and global competition, leading life science companies are rethinking what it takes to succeed. Increasingly, expert support is no longer a luxury—it’s a strategic necessity.

“There has been a cultural shift in the industry,” says Ulrika Hammarström, Head of CRO Operations at Aurevia. “Expert support is now seen as something a company must have in order to succeed.”

“Strategic clarity is the new currency in life science,” adds Anna-Karin Alm, Head of QARA Operations at Aurevia. “Thoughtfulness, experience, and planning are more important than ever.”

Aurevia, a consultancy formed by merging several European firms, including QAdvis and Scandinavian CRO in Sweden, provides comprehensive support across the entire product lifecycle. From early development to market access and beyond, Aurevia’s multidisciplinary team brings deep expertise in quality assurance, regulatory affairs, and clinical research to empower pharma, biotech, and medtech innovators to navigate complexity and achieve lasting success.

Read the full article at Göteborg Life Science in Swedish or English to explore the key factors that characterize successful life science companies.

Photo: Anna-Karin Alm, Head of QARA Operations at Aurevia (left) and Ulrika Hammarström, Head of CRO Operations at Aurevia (right).

In the third part of our article series on the FDA’s new “radical transparency” initiative, we explore strategic considerations for a successful 510(k) submission. As transparency and consistency become increasingly emphasized by the FDA, medical device manufacturers must approach their submissions with both thoroughness and coherence. Successfully navigating the FDA’s 510(k) pathway requires more than compiling test data. It necessitates strategic foresight, sound regulatory judgment, and a thorough understanding of the Agency’s evolving expectations. 

A strong 510(k) submission begins with selecting an appropriate predicate device with the same intended use and same/similar technological characteristics. Selecting a predicate device involves more than reviewing marketing claims. It requires a thorough review of FDA-cleared 510(k) summaries, potentially a FOIA request or other available information. For novel technologies or unconventional comparisons, a Pre-Submission (Q-Sub) meeting is strongly recommended to validate the approach and align expectations early.

The structure and consistency of the submission are equally critical. Particular attention should be paid to the Indications for Use statement, which must be identical across all sections of the submission. Inconsistencies in this area remain a leading cause of Refuse to Accept (RTA) decisions.

When referencing FDA-recognized consensus standards, do not merely list them but provide a rationale for their applicability. Any deviations from these standards must be justified with scientifically sound explanations and supported by appropriate validation data.

For devices incorporating user interfaces, human factors and usability engineering data, even when not explicitly required, can demonstrate a proactive approach to risk mitigation and patient safety.

Similarly, including data from failure mode testing, rather than only successful outcomes, strengthens the overall risk analysis and reflects a comprehensive understanding of device performance under stress conditions.

Where applicable, real-world evidence (RWE), such as post-market surveillance data or clinical experience from non-U.S. markets can further substantiate claims of safety and effectiveness.

Maintaining proactive engagement with the FDA throughout the process is highly beneficial. The Q-Sub program offers a valuable opportunity to obtain feedback on device classification, testing strategies, and regulatory pathways, while also fostering a collaborative relationship with the review team that can streamline the formal review process.

Internally, it is advisable to develop a submission reference guide in the structure of the eStar submission pdf. This is not for FDA review, but for internal use. This document outlines the logic of the submission, identifies the location of key data, and serves as a reference during FDA interactions.

Finally, don’t overlook the post-submission phase. Time your initial submission to avoid receiving FDA feedback during major holidays or vacation periods. Responding to Additional Information (AI) requests can be resource-intensive and time-sensitive. Failing to allocate sufficient personnel during this phase can lead to delays and missed deadlines.

The above practices represent a strategic and quality-driven approach to 510(k) submissions that position the sponsor for success in an increasingly transparent and data-driven regulatory environment.

Do you need support with your submission strategy or documentation? Let our team provide you with the insight and expertise that you need to achieve success.