Building an enterprise SaMD Quality Management System

A HealthSec Alliance™ Case Study

Client: A global leader in pharmaceuticals and digital health innovation with over 50K employees

Challenge

The client needed to evolve from a supporting digital unit into a legal manufacturer for its global portfolio of Software as a Medical Device (SaMD) products. Previously, responsibilities were fragmented across subsidiaries, leading to inconsistent processes and complex regulatory oversight.

The division required a centralized Quality Management System (QMS) to manage the entire SaMD lifecycle, covering design, development, postmarket surveillance, and the ability to:

• Prove compliance with U.S. and EU medical device regulations

• Integrate risk management and safety throughout the lifecycle

• Centralize manufacturer responsibilities under client

• Ensure an audit-ready, sustainable process for global deployment

Solution

The HealthSec Alliance provided strategy, validation, and regulatory alignment support throughout the development, validation, and deployment of the QMS.

The team partnered with the client’s internal stakeholders to:

• Design and validate a scalable Digital QMS tailored for SaMD workflows

• Embed Zero Trust and data integrity controls to support audit readiness

• Integrate privacy-by-design into systems handling clinical and health data

• Document and prove compliance across international framework

The resulting QMS became the single source of truth for all SaMD quality processes, unifying product design, validation, and postmarket operations across the enterprise.

Technical & Regulatory Framework

• Quality & Risk Standards: ISO 13485:2016, ISO 14971:2019, IEC 62304, IEC 62366, ISO/IEC/IEEE 29148

• Global Regulations: EU MDR 2017/745, IVDR 2017/746, MDCG 2019-11, MDCG 2019-16, FDA 21 CFR Parts 803, 806, 820

• Privacy & Security: HIPAA, HITECH, GDPR, and state laws (WA MHMD, TX HB 300, NY HIPAA, CT SB 3)

Outcomes & Impact

• Audit-Ready Compliance: The client achieved validated, inspection-ready documentation with traceable evidence across all SaMD processes.

• Centralized Governance: Manufacturer roles and quality responsibilities were unified under one QMS framework, improving accountability and oversight.

• Accelerated Innovation: Standardized validation workflows reduced release friction and enabled faster, compliant product iteration across global teams.

• Lifecycle Assurance: Continuous risk management and cybersecurity were embedded throughout the software lifecycle, ensuring lasting trust and safety.