MDSAP - the ultimate guide to the medical device single audit program

Smith & Nephew is a global medical device manufacturerwith a broad portfolio spanning orthopedics, sports medicine, and woundmanagement, sold and registered across markets worldwide. Before Rimsys,regulatory data was scattered across spreadsheets, shared drives, anddisconnected systems.

When Smith & Nephew selected Rimsys, they deployed itenterprise-wide from day one. Executive reporting moved from manual fire drillsto real-time dashboards. Change impact assessments became faster and moreconsistent. The regulatory team made the shift from reactive compliancefunction to strategic partner to the business.

The Challenge

Regulatory data at Smith & Nephew lived in multiplespreadsheets, shared drives, SharePoint sites, emails, and disconnectedsystems. Without a centralized record, the team could not reliably trackregistration timelines, measure on-time submissions, assess change impacts, orunderstand the downstream impact of product changes across markets. Preparingexecutive reporting meant manually assembling data from multiple sources, aprocess that consumed time and introduced risk each time.

‍

The Solution

Smith & Nephew selected Rimsys for its configurable, notcustomized, platform: an intuitive user interface, centralized submissionmanagement, robust metrics, change assessment capabilities, and UDI supportwith machine-to-machine transmission. Rimsys’ interconnected modulearchitecture linked products, registrations, projects, change assessments, andUDI in a centralized location.

Rather than piloting in one business unit, Smith &Nephew deployed Rimsys across the entire regulatory organization from day one.The decision was deliberate: a partial deployment would have preserved thefragmentation. Enterprise-wide adoption established consistent metrics,standardized processes, and a single source of truth from the start.

‍

The Results

Executive and board reporting, previously built from manualdata pulls, now flows directly from Rimsys in real time. What had been adisruptive, recurring effort is now a routine view. Leadership has thevisibility to make faster, more confident decisions, and the regulatory team isno longer pulled into reporting fire drills.

Change management has also been transformed. Direct linkagebetween products, registrations, and projects means impact assessments arefaster and less dependent on individual knowledge. UDI operations havesimilarly improved: machine-to-machine transmission has reduced manual uploadsand centralized DI record visibility supports global UDI requirements.

The most significant shift is strategic. With centralizedregulatory intelligence and real-time data, Smith & Nephew’s regulatoryteam now actively supports commercial planning: informing budget cycles,guiding renewal and launch sequencing, and advising on regulatory pathways toaccelerate market entry. Regulatory is no longer a downstream compliancefunction. It is a business partner.

Smith & Nephew now runs four modules across its RIM operation:

• Registrations— Centralized license tracking across 250 countries and 30+ business units
• Change Assessments— Direct product-registration linkage for faster, consistent impact assessments
• Executive Reports— Real-time dashboards replacing manual data pulls and board reporting fire drills
• UDI— Machine-to-machine transmission reducing manual uploads across global markets

Take this to your team

If you’re evaluating how to modernize RIM operations at scale, the Smith & Nephew case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.

Download the Case Study

Philips Healthcare operates one of the largest regulatory portfolios in global MedTech: products registered across 250 countries, with a footprint that grows with every acquisition. Before Rimsys, that complexity was managed through email and spreadsheets. Submission packages moved through inboxes with no audit trail, no performance data, and no reliable view of where products were authorized to ship.

Philips selected Rimsys in 2022 as the enterprise RIM platform to bring regulatory order to that complexity. Since go-live, active product registrations have scaled more than 20x, user adoption has doubled in the last six months, and the regulatory affairs function now operates from a single source of truth spanning the entire enterprise.

The Challenge

Without structured data, Philips could not measure regulatory performance, track license expiration across the portfolio, or identify where submission work was stalling. Every acquisition made it worse: incoming business units arrived with their own workflows and systems, absorbing more fragmentation rather than resolving it.

‍

The Solution

Philips evaluated multiple platforms against requirements built with both market-facing and business regulatory affairs teams. Rimsys won on two dimensions: an interface that made complex product and registration data immediately visible, and more enterprise-ready features than competing platforms at the right price point.

Philips went live with Rimsys Registrations and Submissions modules in July 2022. The team deployed platform experts for train-the-trainer sessions and launched regular drop-in sessions where users could ask questions and surface issues. Standing up a dedicated Regulatory Operations team focused exclusively on rest-of-world registration accelerated adoption further.

When an early business unit pushed back on workflow efficiency, Philips and Rimsys worked through it together. A hands-on process walkthrough identified exactly what needed to change, a resolution plan was shared, and that transparency and collaboration became the foundation for sustained user buy-in across the enterprise.

‍

The Results

Since go-live, Philips has scaled active product registrations more than 20x, with further growth already underway. What started as a single deployment now spans 30+ business units across 250 countries, with Rimsys serving as the single source of truth for regulatory data across the enterprise, including businesses acquired since implementation.

For the first time, Philips can measure its own regulatory performance. KPIs flow directly from the platform, giving leadership real-time visibility into registration health. When anomalies surface, they drive data correction and user training, closing gaps that previously went undetected until they affected revenue.

Now with Rimsys AI-assisted Submissions and RegulatoryIntelligence now in use, Philips expects to accelerate further: reducing administrative burden so skilled regulatory professionals can focus on strategy.

Philips now runs four modules across its RIM operation:

• Registrations— Centralized license tracking across 250 countries and 30+ business units
• Submissions— AI-assisted submission workflows replacing email-based package management
• Intelligence— Real-time KPI dashboards giving leadership visibility into registration health
• Standards— Essential Principles and standards tracking aligned to global market requirements

‍

Take this to your team

If you’re evaluating how to modernize RIM operations at scale, the Philips Healthcare case study is a practical reference to share internally. It covers the full implementation story, module breakdown, and results data in a format built for stakeholder conversations.

Download the Case Study

Last week, the MedTech regulatory community gathered in Lisbon for RAPS Euro Convergence 2026: nearly 100 sessions, hundreds of professionals, and one overriding theme: transformation.The European regulatory landscape is shifting faster than it has in two decades, and the pressure is on every RA team to keep pace.

We were there. And here is what we took away.

The Dominant Signal: Change Is Accelerating

For MedTech manufacturers, the immediate reality is demanding. MDR 2.0 is advancing. The EU AI Act is creating new compliance obligations for software-enabled devices. EUDAMED continues to mature. And teams are being asked to absorb all of this while still meeting existing registration and renewal deadlines.

The practical implication is clear: RA functions that rely on manual tracking, disconnected spreadsheets, and tribal knowledge are being outrun by the pace of change. Across the industry, teams are moving from talking about AI to actively experimenting with it, using it to handle the volume and complexity that manual processes simply cannot absorb. The teams emerging as strategic forces are the ones who have connected, real-time regulatory infrastructure and are putting AI to work within it.

AI Is No Longer Optional Thinking

The conversation at Euro Convergence made one thing clear: AI has moved from future-state to present-tense. Regulatory professionals were encouraged to embrace AI while maintainingaccountability for the outcome and challenging the algorithms.
‍

" Our role is to make sure that the AI does the right interpretations appropriate to our products, to our business."

— João Martins, Director of Regulatory Affairs at Abbott at RAPS Euro Convergence 2026 Opening Plenary
‍

That framing resonates deeply with how we have built AI into Rimsys. The goal was never to replace regulatory judgment; it is to amplify it. Rimsys AI is domain-specific, built on the regulatory data structures and logic that reflect real-world requirements, country-specific nuances, and product context. It proposes, analyzes, and alerts. Your team reviews, approves, and decides.

For teams that are ready to accelerate, Rimsys AI accelerates regulatory intelligence monitoring and submission authoring, removing the repetitive, detail-heavy work so skilled professionals can focus on strategy, market expansion, and the higher-order decisions that increasingly complex regulations demand.
‍

"As future regulators, we will need to be scientifically strong, comfortable with complexity, open to innovation, and also be able to work in increasingly complex environments."

— Rui Santos Ivo, President of Portugal's National Authority of Medicines and Health Products (INFARMED) and chair of the EMA management board, RAPS Euro Convergence 2026 Opening Plenary
‍

MDR 2.0: Reform With Guardrails

A panel of experts representing regulators, industry, and notified bodies gave their views on the proposed revision of the EU Medical Device Regulation at the conference. While their sentiments were largely supportive, notified body representatives urged the European Commission to maintain proactive surveillance of devices to protect patients.

The discussion acknowledged the complexity of balancing reform with patient safety. Simplification and innovation go hand in hand, though if it is overly complicated or overly simplified, it becomes difficult to innovate. Structured dialogues in MDR/IVDR will provide transparency and predictability for manufacturers, especially in early product development.

Regulatory Workflows Cannot Be an Afterthought

A recurring observation across sessions was that MDR 2.0, EUDAMED, and the EU AI Act are only as effective as the operational workflows behind them. Structured dialogues, risk-proportionate pathways, and submissions all require teams to move quickly with accurate, up-to-date product data. That is simply not possible when that data lives across email threads, spreadsheets, and disconnected systems.

The workflows that came up most in Lisbon (change control, renewals, new product introductions, and registration management) are exactly the areas where manual processes create the most risk. A missed renewal. A design change that triggers 40 country-level impact assessments with no system to coordinate them. A registration record that no one has updated since the last audit.

Rimsys keeps these workflows connected and proactive. Renewal expiration reminders fire before deadlines become a risk. Change control impact surveys are configurable to your SOPs, so teams can assign tasks and coordinate work across regions without relying on someone to manually track progress. New product introductions move faster because previous submission content can be reused across markets. Target market data, registration history, and approval status are already centralized, so teams are building on existing work rather than starting from scratcheach time.

The result is regulatory operations that reduce time to market by weeks to months, not add to it. Access information in seconds rather than hours. Regulatory release authorization in minutes rather than weeks. More than 90% reduction in regional regulatory reporting time. These are not projections. They are outcomes reported by Rimsys customers operating in exactly the kind of complex, multi-market environments that dominated the conversation in Lisbon.

The Regulatory Professional Is Evolving

Perhaps the most striking thread across sessions was the evolution of the RA function itself. Regulatory work was once seen mainly in terms of compliance procedures and submissions. Today, the profession is much broader than that.

This evolution is exactly the transition Rimsys is designed to support. When regulatory data is centralized, connected, and visible in real time, RA teams stop spending their days chasing down registration status and start contributing to commercial strategy: market expansion decisions, launch sequencing, change control planning, and executive-level risk communication.

The heart of regulatory operations is not a filing cabinet. It is a living, connected system that elevates the entire function.

What It All Points To

RAPS Euro Convergence 2026 made one thing clear: the organizations that will thrive are those who have invested in regulatory infrastructure that can absorb change without breaking. Rimsys is the platform built for exactly this moment: enterprise-grade, intuitive enough for global teams to actually use, and trusted by 6 of the top 12 global MedTech manufacturers worldwide.

Book a conversation with our team