Some of our customers ask us about certain compliance documentation required for passing audits with Formwork. First off, it's important to note that all of our customers who have gone through an audit with Formwork have passed their audits - in the sense that Formwork never posed a problem for their auditors.
Regardless, companies might have additional requirements regarding compliance for their suppliers and as an eQMS software provider, OpenRegulatory of course is an important supplier for each company.
Here's everything we offer for your internal compliance documentation when using Formwork and also our assessment on how likely it is that auditors are going to ask you for it.
Regardless, companies might have additional requirements regarding compliance for their suppliers and as an eQMS software provider, OpenRegulatory of course is an important supplier for each company.
Here's everything we offer for your internal compliance documentation when using Formwork and also our assessment on how likely it is that auditors are going to ask you for it.
Overview: Formwork Compliance
- Supplier evaluation - mandatory
- Change notifications - mandatory
- Quality assurance agreement - nice to have, auditors often look at it
- Audit rights - optional
- Certifications (e.g. IT Security) - optional
- Service-level agreement - optional
- Business continuity - optional
Supplier evaluation
As part of your ISO 13485 QMS, you need to add OpenRegulatory as one of your suppliers and conduct your normal supplier evaluation. The simplest solution for that is to simply use our free OpenRegulatory templates and follow the instructions in the comments. There's not really much we can do to support you here as this is your own QMS and your own documentation, and so far, customers always manage to get this done by themselves easily.
Change notifications
Getting notified about changes to our eQMS software is an important part of your quality management - auditors sometimes ask about this because, generally speaking, auditors are not very technically proficient and very skeptical of any sort of cloud-based software which doesn't run on a server in your basement.
Luckily, we have a pretty convenient solution for this: Every Formwork user is automatically subscribed to our Formwork Change Notification newsletter, which we send out approximately once per month.
For breaking changes, which would affect customers significantly, we send out a prior notification giving customers at least 3 months to adapt to the new changes. It's important to note that in our company history so far, we haven't shipped any breaking changes to Formwork, so this scenario has simply never happened yet.
For non-breaking or minor changes, we list those in the Formwork changelog which is accessible in the bottom right corner of Formwork. We optionally also notify customers about those in the Formwork Change Notification newsletter.
The combination of the Formwork Change Notification Newsletter and the Formwork changelog accessible within Formwork was always sufficient to fulfill auditors' requirements of getting notified of changes.
Luckily, we have a pretty convenient solution for this: Every Formwork user is automatically subscribed to our Formwork Change Notification newsletter, which we send out approximately once per month.
For breaking changes, which would affect customers significantly, we send out a prior notification giving customers at least 3 months to adapt to the new changes. It's important to note that in our company history so far, we haven't shipped any breaking changes to Formwork, so this scenario has simply never happened yet.
For non-breaking or minor changes, we list those in the Formwork changelog which is accessible in the bottom right corner of Formwork. We optionally also notify customers about those in the Formwork Change Notification newsletter.
The combination of the Formwork Change Notification Newsletter and the Formwork changelog accessible within Formwork was always sufficient to fulfill auditors' requirements of getting notified of changes.
Quality Assurance Agreement (QAA)
As OpenRegulatory becomes an important supplier for your company due to us providing e-commerce software for you, auditors often want to see that you've signed a so-called quality assurance agreement (QAA) with us. We internally have a template for this which has passed all audits so far. However, we only offer signing this for customers on the Formwork QMS + Techdoc pricing tier. That's because of operational reasons: Signing and maintaining documents like this one causes us some overhead, and we simply can't manage that overhead for the thousands of free users Formwork has.
Also note that we can't offer any customer specific customizations to the QAA because that would also increase our operational overhead. Generally speaking, the template we provide has passed all audits it was subject to without any problems. So customizations usually aren't necessary anyway.
Also note that we can't offer any customer specific customizations to the QAA because that would also increase our operational overhead. Generally speaking, the template we provide has passed all audits it was subject to without any problems. So customizations usually aren't necessary anyway.
Audit Rights
Generally speaking, some quality assurance agreements also make the supplier offer audit rights to the purchasing company. We unfortunately can't offer audit rights as part of our QAA, because it again would increase our operational overhead substantially - and as an eQMS provider, from an ISO 13485 compliance perspective, setting up a QAA and adding additional supplier compliance documentation on your side is more than sufficient to pass any QMS audit.
We do understand, however, if your company potentially has the internal policy of auditing its suppliers. In that case, Formwork might not be a good fit for you - see further below.
We do understand, however, if your company potentially has the internal policy of auditing its suppliers. In that case, Formwork might not be a good fit for you - see further below.
Certifications (e.g. IT Security)
Sometimes customers ask us whether we ourselves have certain certifications, for example, ISO 13485 or ISO 27001. While we do maintain ISO 13485 QMS internally, it is not certified - and this has never been a problem in our customer's audits. We don't have an ISO 27001 certification. This is also not required for an eQMS provider and also never was a problem in audits. If your company, however, requires that each of your suppliers has these certifications, then another eQMS provider might be a better fit for you (see below).
Regarding IT security, we've outlined our internal procedures, hosting providers and our redundant backup setup in this article which was sufficient to answer any questions regarding this topic in the past.
Regarding IT security, we've outlined our internal procedures, hosting providers and our redundant backup setup in this article which was sufficient to answer any questions regarding this topic in the past.
Service-level Agreement
A description of the service level we provide as part of our Quality Assurance Agreement.
Business Continuity
OpenRegulatory is a profitable and still 100% founder-owned company. This sets it apart from almost every other eQMS company on the market which tend to be owned by venture capital investors, not profitable and at risk of getting sold to larger enterprises which tend to raise prices and lock customers in by making data exports very difficult.
We've described the sustainability and governance of OpenRegulatory further in this article, which you can use for your compliance documentation.
We've described the sustainability and governance of OpenRegulatory further in this article, which you can use for your compliance documentation.
You Need More?
The points outlined above and especially our quality assurance agreement should easily enable you to pass your medical device compliance audit. Regardless, we do understand that some companies have additional compliance requirements which go above and beyond what auditors expect.
For example, one of our customers recently sent us a questionnaire consisting of 52 compliance questions regarding points like modern slavery.
I can assure you that OpenRegulatory does not engage in modern slavery.
Regardless, some companies do have the expectation that their suppliers fill out a questionnaire consisting of 52 compliance questions. We won't state our opinion on whether this makes sense or not - but we do have to caution that we simply don't provide the level of "enterprise support" which could handle requests like this one.
We’ve built Formwork to provide lean, founder-led companies and startups with a simple, easy-to-use and affordable eQMS software. While the overwhelming majority of our customers are very happy with the package we offer, we understand that this may not be true for everyone. For some people, other providers are a better fit which may provide a different balance of customer support, certifications and price.
For some companies, the overall package of our competitors might be preferable over Formwork. The drawback here would be a higher price (usually 6-40x more expensive) and additional costs per seat (Formwork has unlimited seats), but for some companies, it may be worth it. In that case, exporting all your data from Formwork is easy (and we are arguably the only provider to offer this), but switching eQMS providers of course always entails some effort.
For example, one of our customers recently sent us a questionnaire consisting of 52 compliance questions regarding points like modern slavery.
I can assure you that OpenRegulatory does not engage in modern slavery.
Regardless, some companies do have the expectation that their suppliers fill out a questionnaire consisting of 52 compliance questions. We won't state our opinion on whether this makes sense or not - but we do have to caution that we simply don't provide the level of "enterprise support" which could handle requests like this one.
We’ve built Formwork to provide lean, founder-led companies and startups with a simple, easy-to-use and affordable eQMS software. While the overwhelming majority of our customers are very happy with the package we offer, we understand that this may not be true for everyone. For some people, other providers are a better fit which may provide a different balance of customer support, certifications and price.
For some companies, the overall package of our competitors might be preferable over Formwork. The drawback here would be a higher price (usually 6-40x more expensive) and additional costs per seat (Formwork has unlimited seats), but for some companies, it may be worth it. In that case, exporting all your data from Formwork is easy (and we are arguably the only provider to offer this), but switching eQMS providers of course always entails some effort.