The Nemedio Blog:  Demystifying Compliance

your guide to product development and compliance for medical technology
Compliance, Quality

Quality agreement versus business agreements

May 23, 2022

When a startup sets out to create a new medical device, the first thought is how the product will function, and how to make it as a prototype to share it with users and investors to gain traction. Once that traction is achieved, the next step is usually to find vendors to help build the device to scale to first test for regulatory filing requirements, and to then market the product at scale. 

It is always recommended to engage vendors as early as possible, so they can have a say in the design of the product whether it’s hardware, software, or a combination. This is to ensure that the product can be created and manufactured at scale when the time comes. You want to avoid creating intricate designs that can potentially be manufactured, but would cost more money to manufacture at scale than you could ever sell them for. 

Now that you have identified potential vendors, the next step is to sign some agreements to make sure both sides get what they want from the agreement. As a medical device manufacturer, you are liable for all aspects of the device, regardless of who you trusted to make them. The FDA calls you the legal manufacturer for this reason. Therefore you have two agreements you need to consider:

  1. Business agreement

This one is fairly obvious to any business. You would like the lowest price possible for the parts you expect exactly to your specifications. The issue here is that you are a small startup and are just getting started with either design or prototyping. You will need some samples created to show to your customers and investors, a small batch created for testing for regulatory needs, then hopefully hockey-stick shaped demand to lead to  market success. The pricing and delivery should reflect these changes to your business. Companies that can start large scale manufacturing often dismiss small needs, and vice versa. You will need multiple vendors who can meet the same requirements or single vendors who are outfitted to create products at various levels because they are smart and don’t want to leave money on the table. Finding these vendors is critical, and should be done sooner than later to make sure no bottlenecks in production are affecting your timelines.

  1. Quality agreement

Now that you found that amazing vendor, you are wondering if they can meet the requirements you have from a medical device standpoint. Creating hardware that has cleanliness, strength, minimal risk of failure, etc. is critical to your regulatory filing and end user safety. If you say to yourself, I’m creating a software product, none of this applies to me, you can skip ahead to the next paragraph.  You don’t want your product recalled due to unforeseen issues. Your risk assessment should extend to a process failure modes model at this point to think of all the problems that can arise. In order to mitigate these risks, you need to design with operations partners, and ensure that the vendors have quality systems in place to meet your demands. An FDA-registered vendor with a quality system you can audit would be ideal. The tripping point here would be a vendor who claims they have a quality system like ISO 9001 for manufacturing, but have never heard of ISO 13485 for medical device manufacturing. A quality screw that meets every criteria for an automobile is not suitable for a surgery. Manufacturing quality does not meet the requirements of a medical quality system.

Hi there, are you joining us new, or are you hardware software combo or just curious? 

Either way, let’s address the new boundaries. Quality agreements apply to software development too, if you are using SOUPs, using outside help for writing code, using cloud based computing, storage, access, etc. If anything, regulatory bodies have a very keen eye on you these days. The data breaches have made your life very difficult.  You need vendors who can provide quality documentation on the data security, HIPAA compliance measures, and encryption levels to ensure that your system is difficult to breach (No system is impenetrable, and no medical device is completely safe. You mitigate as much as possible, and the FDA decides if your mitigations are enough).  Quality documents should be geared towards medical use for cloud based systems as different bodies typically have different levels of security required for uses.


Chat with an Expert

Stuck on a particular problem? Speak with an expert to get your questions answered.