Solita RegProof™ blog series, part 2: Laying the foundation for calm compliance​

Henrik Toivakka RegProof Developer, Solita

Published 20 May 2024

Reading time 7 min

Our last blog post was about our experiences regarding general pain points in medical device manufacturing and how to achieve calm compliance. In this post, we are going to tackle the tricky parts of medical device regulations head-on, starting from the basics. Unlike unregulated software, manufacturers of medical devices are faced with a barrage of tasks and activities introduced by regulations. Many companies, particularly startups, step into the world of medical device software without a clear understanding of the regulatory demands their products must meet. This lack of awareness often results in unexpected surprises and last-minute decisions that can significantly inflate costs as the project nears completion.

Another frequent problem is the control of documents. ISO 13485 requires strict document control, a task that is cumbersome to handle manually and challenging to execute properly, even with digital assistance. Essentially, manufacturers need to retain records of every relevant document and sign each document. Furthermore, before a controlled document can be signed off, it must be reviewed and approved. This requirement introduces significant overhead into the development process, as documents circulate among various team members for review and approval.

If these two problems are present in your medical device project, the odds are that there will be problems in the future. By getting these things right from the start of the project, a lot of problems can be avoided, and project business risks will be reduced.

This is where Solita RegProof™ comes to help with solutions that come out of the box.


Ever heard of a software project that did not go as planned? The journey began at a startup aiming to create a revolutionary medical device. The idea was excellent, the need critical, and the team skilled. However, having the right ingredients did not mean everything would go smoothly.

Figure generated with AI: mess

Right from the start, there were big issues. The team did not understand the complex rules that control medical device development. This lack of knowledge made the project like trying to find a way through a maze while blindfolded. The team was made up mostly of engineers and designers, not regulatory experts, and were not familiar with medical device manufacturing. The team had no clue where to start with the regulatory work, leading to the fact they quickly lost track of the design control and the project turned into ad-hoc implementation chaos.

Furthermore, they were missing a good system to manage documents. In medical device development, keeping detailed records of everything from test results to design changes is crucial. They had no way to version, freeze and approve documentation, quickly leading to a document mess, spread out over different systems, and sometimes only on paper or local copies on team member’s computers.

Even signing documents was chaotic. Each document needed signatures, but there was no straightforward way to get them. Team members had to use different systems to sign different documents, wasting time and often causing delays or even the loss of important documents.

As the project moved on, the initial excitement turned into frustration. The team spent more time dealing with these issues than on innovation or executing their plans. Clearly, something needed to change.

Digital tools to bring salvation

Fortunately, things can be made easier with modern digital tools, which help teams collaborate and focus on value creation. Even further, compliance can be built into the development process by utilising digital tools – which we like to call calm compliance.

In practice, we have tackled this by focusing on the possibilities of Application Lifecycle Management (ALM), i.e. the process of managing software applications from conception through development, testing, deployment, and maintenance, ensuring efficient and effective delivery of high-quality software products.

However, none of this would work without comprehensive document control and a crystal-clear vision of the project goals.  

Figure generated with AI: vision and focus

Agile project management with clear goals

In our solution, we have wanted to emphasise the lean and agile workflows. Nonetheless, the intricate web of regulatory requirements introduces numerous mandatory tasks throughout the product lifecycle that demand careful oversight during the product development process. Without a deep understanding of medical device manufacturing, navigating these requirements to ensure timely and correct actions can be exceedingly challenging. So, how does Solita RegProof™ tackle this problem?

Regulation transformed into practical mandatory tasks

We have assembled a task list of activities and deliverables required by different regulations, standards and guidance. This task list guides the project leaders on what must be done – and suggests when the task should be completed. However, the teams can decide what are the most important things to focus and they have control over the flow of the work. This gives a sharp vision for teams of what is still in the backlog, and what must be accomplished.

In the name of agile development, it is also possible to postpone tasks for later. For example, if some design decision cannot be made right now, it can be deferred to a later stage of the project when there is enough information to make the decision. Additionally, it is possible to rule out any non-applicable tasks from the task pool, as there might be regulatory requirements related to a specific type of product.

In this way of working, the development teams can focus on creating value while maintaining a feeling of control over what’s going on. They do know what’s next on the menu.

Document templates ready for use

Even when the regulation is transformed into a more pragmatic format and clear tasks, the team members may still wonder where the documentation should be placed. For this purpose, the Solita RegProof™ service model contains a template for the medical device technical file, which has a clear structure and a straightforward way to find the correct place for documentation. The technical file template consists of +30 document templates, which can be used to capture essential information.

The combination of pre-defined tasks and document templates makes compliant work effortless. Old ways of working tend to forget the utter complexities of document creation. They typically don’t see the document’s evolution, or how it’s shaped and reshaped as information becomes available. Our approach is designed to illuminate this process, acknowledging that key deliverables like plans or specification documents are works in progress, not destined to be perfect on the first draft.

In line with this, our predefined tasks allow teams to focus sequentially on different sections of a document. This structured yet flexible method not only streamlines the workflows. We ensure that content is approved only when fully matured, guaranteeing that the final product is not only compliant but also in a format which is, likely to meet even the most stringent regulatory standards.

Even further, the mandatory tasks and technical file templates can be reused across different products or projects. This makes it easier to start figuring out the regulatory strategy and focus on the essence of the product, when there are multiple projects going on.

Follow the progress and move to the next milestone

The project’s progression can be reviewed from a project milestone meeting memorandums, held in specific stages of the project to review the design outputs. Our solution includes templates for meeting memorandums, which collect the required mandatory tasks from the team backlogs and work boards. As a result, there is a document containing a single source of truth about what has been done.

What is even better, the document can be used as a tool for audit purposes to display that everything has been done as required. This can be an invaluable way to demonstrate regulatory conformity of products, as there is no need to dig through documents and hope for the best. Everything can be traced down from a single starting point.

Effective document control and electronic signatures

Finally, even if the project task management and documentation structure was top-notch, the ISO 13485-compliant quality management system demands effective control of documents, which means that the document needs to be versioned, reviewed, approved, and archived for a set amount of time. In our experience, this might be one of the easiest ways to get a nonconformity in an audit.

All documents in a single system – under digital document control

In our Solita RegProof™ ALM solution, all documents are in the same system, which introduces many advantages to daily working practices. No more missing documents, no more spread-out documentation, no more manual maintenance on every piece of information.

This unified system not only simplifies information retrieval but also ensures consistency and accuracy across all stages of product realisation. Team collaboration is enhanced as everyone can work from the latest, up-to-date documents, which facilitates better communication and quicker decision-making. It aligns perfectly with our commitment to quality and efficiency.

Review and approve documents with an integrated tool

Since all documents are in the same location, it is easy to review and approve them with an integrated document management tool. After the document has been drafted, the author can set reviewers to review and approve the document. The reviewers will be notified to review the document. After the review has been passed, the final document is signed with FDA Part 11 compliant electronic signatures, and it is restricted from further edits or modifications.  

Final document

To make working with documents easier, we have separated the working copies from the published documents. The editors can edit the documents in their own space, and the released versions are available for everyone to read. It is also possible to assign training for the released documents, which means that the trainees must read and confirm they have understood the document, and therefore, create audit records for training.


By bringing clarity to the project management and implementing effective document control, a Solita RegProof™ project can start stress-free and focus on delivering value from Day 1. These are the foundational building blocks to establish Calm Compliance. If the foundation for the project has been established well, it is effortless to continue from there. Otherwise, the following problems will cumulate over time and cause lots of additional work that could have been avoided. (Images are generated with artificial intelligence.)

Interested in hearing more? Let’s be in touch.