At Spyrosoft, quality is the most important aspect of everything we do. In light of our new collaborations in the medical sector, today on the blog we’re discussing the quality management standards in Medtech with Marek Pałka, our Head of Quality Management.

What is the Quality Management System?

Currently, at Spyrosoft, we have a certified Integrated Management System that consists of ISO9001-Quality Management System and ISO27001 – information security Management System. This is the foundation of what we do as an organisation. They not only dictate how we provide services for our customers in a predictive and secure manner but also how we interact with our clients and within the company.

What’s crucial, our Management System based on these quality management standards serves as a kind of “umbrella” under which we further integrate and align with industry-specific standards and regulations. A good example here would be the A-SPICE framework and ISO26262 standard from the automotive industry and most recently – ISO13485 from the medical device industry. This integrated approach helps us, on one hand, to maintain the very idea of a system, process approach and continuous improvement – principles that are so common in ISO standards, and on the other to make the processes work for us, not the other way round.

What quality certificates and standards are used in the medical sector?

When we’d started analysing the quality management standards from the healthcare industry, we’ve quickly realised how similar these are to the automotive standards that we already have plenty of experience with. In the automotive industry there are strict process requirements when it comes to developing software for managing a car; in the medical sector – there are also industry-specific standards and regulations that are to ensure the proper development of medical devices. Regardless of the industry, in the end, there are people who are the end-users of cars or medical devices. Certain flaws in software used in a medical device could easily lead to the patients being diagnosed incorrectly and getting treatment that would not be suitable for them. The applicable standards and regulations are enforced in order to reduce such a probability.

Currently, we’re implementing the ISO13485 standard, which is a Quality Management System supplemented with regulatory requirements that are specifically used in healthcare. Since we’re already working in accordance with ISO 9001, so it will be a matter of filling in the gaps of the medical standard, which heavily relies on ISO9001. We have a detailed plan already in progress.

To get ISO13485 certified, among other things we also need an SW development project example from the medical sector where we will be able to show exactly the addressed requirements from the standards. Our current project activities in the medical industry include our collaboration with a Polish R&D company, Pro-PLUS where we’ve been working on a software platform for monitoring Covid-19 patients. Since our customer is already ISO13485 certified we, as a supplier, need to follow the same rules so that the solution is delivered and compliant with applicable requirements. We, as the Quality team, ensure that all process-related activities and requirements are addressed and specific products are being created at every stage of the project.

Are there any other norms from the medical sector we’re currently following?

Since medical devices can be safety-critical products, there’s a lot of risk management involved. This aspect must be covered from the very beginning of each project for both the automotive and the medical industry. For the latter sector, this is regulated with ISO 14971 standard, ‘Risk management for medical devices’. It’s a set of best industry practices that need to be followed throughout the project life cycle, so of course, we follow it.

There’s also IEC 62304 that specifies the framework for software development lifecycle in medical devices – from the initial requirements to the final verification of the product by the end-users. The lifecycle itself is similar to what we already know from other industries. Our experience in the automotive sector has been – once again – invaluable. We’ve been working with the A-SPICE and Functional Safety standards that are notoriously strict, so we already had processes and trusted methods in place. We can now use this foundation and adapt it when working on medical products. We didn’t have to start from scratch, we’ve been filling in the gaps as we’re moving along.

The most important thing when it comes to quality management is creating an environment where exceptional products and solutions can be created. The additional value for us that we get just from working with different international standards, is that we apply commonly recognised best engineering practices and as a result, we enhance our engineering skills.

Are we working on any internal processes and methods?

Each company is set in a slightly different context and environment, but I’d say that Spyrosoft follows a ‘learning organisation’ concept because we already have vast experience in working in various industries. One of the examples may be that we’re currently covering the risk management process for medical devices with already proven and verified methods.

We also have a team of specialists who have been working with A-SPICE and Functional Safety standards for years, so they’re not surprised when my team tells them about the healthcare sector requirements. What’s different is certain terms and specific requirements, so it’s a matter of adapting to a slightly different context.

Another big aspect in the medical industry are regulations and requirements for launching a product on the European or US market. So far, we’ve been handling these with support from external consultants, but we’re also planning to have such competencies internally just to keep track of frequently changing national regulations. This is very important for our consulting activities – we want to guide our clients from their very first requirements via the software development process that would be created in line with the standards, through to backing them as they introduce a new product on the market.

Quality management standards are formal frameworks that define how you design, develop, manufacture, and maintain medical devices in a controlled and compliant way. They form the foundation of a Quality Management System that governs the entire product lifecycle.

For you as a manufacturer or software provider, they set clear expectations around documentation, risk control, traceability, and continuous improvement. In a regulated environment, this structure is essential rather than optional.

Medical devices directly influence patient safety, so every stage of development and production must be carefully managed. Quality management standards help you reduce risk, prevent errors, and ensure that your processes are auditable and transparent.

They also support regulatory compliance with frameworks such as the EU Medical Device Regulation. This means you are not only protecting patients but also safeguarding your market access and reputation.

ISO 13485 is the central standard for quality management systems in the medical device industry. It defines how your organisation should structure processes, manage risk, and maintain documentation to meet regulatory expectations.

Depending on your product, you may also need to align with standards covering risk management, software lifecycle processes, or usability engineering. The exact scope depends on your device classification, intended use, and target markets.

A Quality Management System is a structured way of running your organisation. It covers everything from initial product concept to post-market activities. This includes defining responsibilities, controlling documents and changes, validating processes, managing suppliers, and monitoring product performance after release.

When you implement quality management standards effectively, you create clarity across teams. Everyone understands their role, decisions are traceable, and risks are addressed proactively rather than reactively.

Software development brings its own challenges, including frequent updates, cybersecurity concerns, and complex verification requirements. Quality management standards ensure that your development lifecycle remains controlled and fully documented.

According to Spyrosoft, embedding quality management standards into your software engineering processes from the beginning reduces costly rework and simplifies audit preparation. It also increases confidence during regulatory assessments, because your evidence is structured and complete.

While compliance is a primary driver, the benefits go further. A well-implemented system improves operational transparency, reduces inefficiencies, and supports faster, more predictable product releases.

In the long term, quality management standards strengthen trust with regulators and partners, improve your competitive position, and create a solid base for scaling your healthcare solutions responsibly.

arrow_circle_right Table of contents

Marek Palka

Marek Palka

Head of Quality Management, TISAX Lead Implementer

Related articles