Regulatory Services

If you are uncertain about the optimal regulatory pathway for bringing your Medical Device to market or need a second opinion, a regulatory assessment can provide valuable guidance. This process offers insights and recommendations tailored to certification requirements under classification rules in various jurisdictions (e.g., EU, UK, USA).

Our assessment evaluates the device’s Intended Purpose, outlines potential regulatory pathways, and summarizes the key steps required for compliance. This includes considerations for both Quality Management Systems and Technical Documentation.

If you need to identify the steps required to achieve compliance with a new or revised standard or regulation, our service offers a structured approach. This includes a formal review of your existing documentation and a systematic gap analysis, comparing it against the relevant standard or regulation (e.g., ISO 13485, MDR, IVDR, FDA QSR, IEC 62304, ISO 14971, ISO/IEC 27001, etc.).

We provide a detailed action plan that highlights missing or insufficient documentation, offers tailored advice on necessary steps, and references applicable standards and regulations to ensure compliance.

We can help you with CE certification. We provide full support and can take the project lead for Medical Devices under:

• MDR (EU) 2017/45
• IVDR (EU) 2017/46

Our services include managing the Notified Body contacts, the risk assessment, identification of applicable standards, and providing test protocols for safety, performance, cybersecurity, usability engineering and clinical evaluation.

We are also able to establish the Technical Documentation as technical writers.

How to start with us:

• Regulatory assessment: If you are uncertain about the CE Classification of your Medical Device, we recommend conducting a Regulatory Assessment report, before conducting the Technical Documentation.
• Gap analysis: If you have FDA, ANVISA, or other regulatory certified documentation, or aim to upgrade legacy devices under e.g. MDD 93/42/EEC, then the best start is to conduct a Gap analysis. 

If you have started conducting the Technical Documentation following MDR-Annex II-III, but have not yet succeeded, we also recommend a Gap analysis as a starting point.

We provide support to the establishment and implementation of Quality Management Systems for Medical Devices. 

Manufacturers of Medical Devices or applications:

When you want to place Medical Devices and Health Software Applications on the market, you must establish and implement a Quality Management System (QMS) in accordance with ISO 13485 and additional requirements set to such QMS from MDR and IVDR Medical Device regulations (e.g. MDR, IVDR).

Outsourced Manufacturers with no Medical Devices and applications:

Even when you don’t have Medical Devices and Health Software Applications in-house developed, but you act as a third-party supplier, an ISO 13485 certification can be your competitive advantage to sign a contract with the client. We can assist you in establishing and implementing ISO 13485 requirements for you to act as an Outsourced Manufacturer.

Let us handle the contract negotiation and communication with the Notified Body when you are busy preparing documentation, reviews and audits internally.

We ensure that your product and QMS scope match your needs and that you get the optimal timelines for a smooth certification process.

Management Representative (MR): If you want to ensure ISO 13485 compliance (clause 5.2.2) but do not have the resources or competencies internally, this service involves providing an outsourced Management Representative (MR) role on your organizational chart.

Person Responsible for Regulatory Compliance (PRRC): When you have placed a Medical Device or Software as a Medical Device (SaMD) on the EU market, you must appoint a person within your organisation as a Person Responsible for Regulatory Compliance (PRRC). The PRRC obligations are laid down in MDR (EU) 2017/745, Art. 15. If you don't have the resources or competencies present in your organisation we can provide you with such person acting as your PRRC on your organizational chart.

Quality Assurance (QA)/Regulatory Affairs (RA): If you are in need of various regulatory support in specific projects or just want to outsource the role of such Quality Assurance and/or Regulatory Affairs person, we can assist you. This service covers both periodic regulatory support and constant involvement in the case of an outsourced role.

Information Security Management System (ISMS) - ISO 27001

You don't need two management systems. We can assist you in the establishment and implementation of ISO/IEC 27001 as an integrated part of your ISO 13485 Quality Management System. Our services involve support as well as consultation with all matters in Information Security.

With GPPR (EU) 2016/679 for storing and handling patient's health data, the data privacy of the individual patient must comply. Also, with the AI Act (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI), cybersecurity has become important for Medical Device manufacturers. An Information Security Management System accreditation (ISO/IEC 27001) is not mandatory for Medical Device manufacturers. But an Information Security Management System can ensure that you have overview surveillance of your compliance with GDPR, the AI Act and other cybersecurity measures as part of ISO/IEC 81001-5-1*.

*ISO/IEC 81001-5-1: Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle

If you aim to bring your device to the market (acquire the CE mark in the EU or get FDA approval/clearance in the USA), one of the most important steps is the technical documentation. This service includes support in structuring and drawing it up to ensure compliance with the desired regulation (MDR/IVDR, UK MDR, FDA, etc.). As this process can very often include involvement from external parties such as test houses and Notification Bodies in the EU, this service includes support in these interactions, too.

If your software is considered Medical Software, and you want it to be compliant with all the applicable standards in the Medical Device industry, this service includes providing support in all regulatory aspects: software lifecycle processes according to IEC 62304, safety requirements according to IEC 82304 and security requirements according to IEC 81001.

If you are looking to: get acquainted with the basic requirements of certain standards or regulations learn more about the requirements of specific standard/regulation sections, resolve practical challenges of certain processes through workshops, gain more knowledge about a dedicated topic through the individual customized training sessions, attend a seminar or webinar in case of a larger groups of participants or attend an externally certified training course in cooperation with a certified training provider, this service provides it all. Upon agreement with the client, these sessions can be delivered as either awareness training or sessions with formal evaluation. With many years of experience, a lot of sessions organized over the years and a number of qualified trainers, you can be sure that you are in the right place when it comes to increasing competence.

If you need resources to check your QMS system internally, need resources to conduct regular audits of your critical supplier(s), or just need support during certification audits, our certified auditor’s involvement ensures that you are up to date with a healthiness check of your QMS, Medical Devices and suppliers. 

We conduct audits on-site or remotely, depending on the agreement with you for the best option.

If you are a non-EU manufacturer of Medical Devices (UK, Switzerland, Turkey, other non-EU European countries, USA, Canada, Asia, South America, etc.) wishing to place your device on the EU market, you must appoint a legal representative that will serve as your Authorised Representative. The roles and responsibilities of the Authorised Representative are defined in MDR and IVDR in Article 11.

Also, it is possible for the non-EU manufacturer to outsource the MDR-article 15 mandatory role of PRRC (Person Responsible for Regulatory Compliance). We provide this PRC service as well.