A good quality management system puts compliance regulations for safety and efficacy into clear, actionable instructions for your team. It governs everything from manufacturing to records management.
Increasingly, how records are accessed and stored involves an understanding of cloud technologies and complex access points like web applications and APIs (application programming interfaces). Operating digital records systems and integrating them into your teams’ work in a way that everyone understands and is comfortable with can be difficult. A practical starting point for Quality Management teams is to cover security vulnerabilities presented by digital record systems and their use, which some call “cybersecurity”.
Quality management teams can start with assigning all records in their system a security severity rating. This should be customized to the needs and interests of the business, with documents like design and complaints being high-priority, and documents like document control being low-priority. They should also consider including a software specialist in the QMS team, to ensure proper expertise guides the company’s documentation and policies.
International Organization for Standardization (ISO) standards are excellent resources to consult when developing cyber risk in your QMS. Informative sections of standards are publicly available, full reports must be purchased. In particular:
ISO 14971 – Medical Devices – Application of risk management to medical devices. The process described in ISO 14971 can be applied to all types of hazards and risks associated with a medical device, for example biocompatibility, data and systems security, electricity, moving parts, radiation or usability. Several informative annexes were moved from this document to the guidance in ISO/TR 24971, which was revised in parallel. This allows for more frequent updates of the guidance independent of revising the standard.
ISO/IEC 27032:2023 – Cybersecurity – Guidelines for Internet security. “This document is intended for organizations that use the Internet”, which applies to almost all businesses these days, and provides information on how broadly to consider the landscape of the internet and relationships between all Internet components, and also a useful framework for modes of attack.
RQMIS has partnered with Twin Tech to offer QMS expertise informed by the latest in cybersecurity practice. Reach out today to see if we can help you bring your QMS up to date with cybersecurity compliance.
