severe. The FDA, EMA, and MHRA have established guidelines that must be adhered to, and understanding these is vital for any organization operating in this space.

Step 1: Understanding Regulatory Requirements

The first step in developing a QMS for SaMD and digital health products is to thoroughly understand the regulatory requirements that apply to your product. In the US, the FDA regulates medical devices under the Federal Food, Drug, and Cosmetic Act. For SaMD, the FDA has issued specific guidance documents that outline the expectations for software products.

In the UK and EU, the Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR) set forth similar requirements. Familiarizing yourself with these regulations is crucial. Key documents include:

• FDA Guidance on Software as a Medical Device
• EMA Guidelines on Clinical Evaluation

Documentation is essential at this stage. Create a regulatory requirements matrix that outlines which regulations apply to your product, including any relevant ISO standards, such as ISO 13485 for QMS.

Step 2: Defining the QMS Scope

Once you have a clear understanding of the regulatory landscape, the next step is to define the scope of your QMS. This involves identifying the processes, products, and services that will be covered by the QMS. For SaMD, this may include software development, validation, and post-market surveillance.

Documentation for this step should include a scope statement that outlines the boundaries of your QMS. This should detail the specific products and processes included, as well as any exclusions. It is important to ensure that all relevant stakeholders are involved in this process to gain a comprehensive understanding of your operations.

Roles in this phase include:

• Quality Manager: Responsible for defining the scope and ensuring alignment with regulatory requirements.
• Product Development Team: Provides input on the technical aspects of the products included in the QMS.

Step 3: Establishing QMS Documentation

Documentation is a cornerstone of any QMS. It serves as a record of compliance and provides a framework for quality assurance. The key documents you will need to develop include:

• Quality Manual: This document outlines your QMS policies, objectives, and the structure of your QMS.
• Standard Operating Procedures (SOPs): These define how specific processes are to be carried out, including software development, testing, and validation.
• Work Instructions: Detailed instructions for performing specific tasks within the processes defined in the SOPs.
• Records: Documentation of activities, such as design reviews, risk assessments, and validation results.

Each document should be reviewed and approved by relevant stakeholders to ensure accuracy and compliance. Regular updates should also be scheduled to reflect any changes in processes or regulations.

Step 4: Implementing Risk Management

Risk management is a critical component of a QMS, particularly for SaMD and digital health products. The FDA and ISO 14971 provide guidelines on how to effectively manage risks associated with medical devices. This involves identifying potential hazards, assessing risks, and implementing controls to mitigate those risks.

Documentation for this step includes a risk management plan and risk assessment reports. These documents should detail the identified risks, their potential impact, and the measures taken to address them. It is essential to involve cross-functional teams in this process to ensure a comprehensive risk assessment.

Roles in this phase include:

• Risk Manager: Oversees the risk management process and ensures compliance with relevant standards.
• Development Team: Provides insights into potential risks associated with the software and its use.

Step 5: Training and Competence

Effective training is vital for ensuring that all personnel involved in the QMS understand their roles and responsibilities. This includes training on regulatory requirements, QMS processes, and specific job functions. A training plan should be developed that outlines the training needs for each role within the organization.

Documentation for this step includes training records, which should detail the training provided, the personnel trained, and any assessments conducted to ensure competence. Regular training updates should be scheduled to keep staff informed of changes in regulations or internal processes.

Roles in this phase include:

• Training Coordinator: Responsible for developing and implementing the training plan.
• Department Managers: Ensure that their teams receive the necessary training and support.

Step 6: Conducting Internal Audits

Internal audits are a critical component of a QMS, providing an opportunity to assess compliance with established processes and identify areas for improvement. These audits should be conducted regularly and cover all aspects of the QMS, including documentation, processes, and training.

Documentation for this step includes an internal audit plan, audit reports, and corrective action plans. The audit reports should detail the findings of the audit, including any non-conformities identified, and the corrective actions taken to address them.

Roles in this phase include:

• Internal Auditor: Conducts the audits and prepares the audit reports.
• Quality Manager: Reviews audit findings and ensures that corrective actions are implemented.

Step 7: Management Review

Management reviews are essential for ensuring that the QMS remains effective and aligned with organizational goals. These reviews should be conducted at planned intervals and should include an evaluation of audit results, feedback from customers, and performance metrics.

Documentation for this step includes management review meeting minutes and action items. These documents should detail the discussions held during the review, decisions made, and any actions assigned to specific individuals.

Roles in this phase include:

• Executive Management: Participates in the review and provides strategic direction for the QMS.
• Quality Manager: Facilitates the review and ensures that all relevant information is presented.

Step 8: Preparing for the FDA Audit

As you approach your first FDA audit, it is crucial to ensure that your QMS is fully compliant and that all documentation is in order. This includes having all required records readily available for review, such as design history files, risk management documentation, and training records.

Conduct a pre-audit assessment to identify any potential gaps in compliance. This can involve a mock audit conducted by internal staff or external consultants. Ensure that all team members understand the audit process and their roles during the audit.

Documentation for this step includes an audit preparation checklist and any corrective actions taken in response to the pre-audit assessment. This will demonstrate your commitment to compliance and continuous improvement.

Conclusion

Establishing a robust QMS for SaMD, digital health, and AI-driven medical products is essential for compliance with regulatory requirements and for ensuring product quality. By following this step-by-step guide, startups and scale-ups can prepare effectively for their first FDA audit and establish a foundation for ongoing compliance in the future.

For further information on regulatory requirements and QMS implementation, refer to the FDA Guidance on Software as a Medical Device and the EMA Guidelines on Clinical Evaluation.