Rimsys Announces Rimsys AI. Smarter, Faster, and Built for Medtech!

Blogs

MedTech

Medical device audits - preparation and responses

By

Wendy Levine

May 2, 2023

4 min read

The word “audit” can strike panic in poorly prepared medtech companies. However, audits serve an important purpose in ensuring a compliant and effective quality system and production of safe and effective medical devices. And organizations can limit the stress and risk around audits through proper preparation. 

The key to a positive audit is to ensure that your organization’s focus is on building and implementing quality processes and procedures that cover the entire product life cycle and are continuously evaluated and improved upon. Not only is it the right thing to do, but focusing too closely on simply passing an inspection or audit may leave gaps in your processes and present a false sense of compliance. This article covers audit basics, how to prepare for them, and what to do when you receive an audit finding.

What is an audit?

Per ISO 19011 an audit is a systematic documented and independent process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Audits can be internally conducted, externally conducted by interested parties (i.e., customers/ suppliers), and externally conducted by government agencies and notified bodies to ensure that product design, manufacturing, safety, and documentation requirements are being met. Audits will verify compliance with regulatory and quality system/GxP (Good Manufacturing Practices, Good Distribution Practices, etc.) requirements. GxP standards are dictated by the US FDA, European Medicines Agency (EMA), the UK Medicines and Healthcare Products Regulatory Agency (MHRA), and other regulatory bodies which rely on country-specific regulations as well as standards developed by the International Organization for Standardization (ISO). 

Audits are required regardless of device class, but audit requirements in the EU and US, along with most other markets, can be dependent on the device classification. For most medium to high-risk devices in the US and EU, the following audits take place:

  • Audits by EU Notified Bodies: Audits by EU Notified Bodies focus on compliance with MDR 2017/745 or IVDR 2017/746. Notified Bodies are also responsible for certifying quality management systems (QSR) against the requirements of ISO 13485:2016. Periodic “surveillance audits” will also be performed, based on the classification of the medical device(s).
  • FDA Inspections: The FDA will conduct inspections to ensure compliance with the quality system regulation, 21 CFR 820, and to confirm that a facility is capable of manufacturing the medical device. The FDA will conduct pre-approval inspections to verify data included in a market submission, along with periodic routine inspections, following the Quality System Inspection Technique (QSIT) as required by regulation (currently every two years for Class II and Class III USA-based device manufacturers and every five years for international device manufacturers).
  • Unannounced and “for cause” inspections: Manufacturers in the US and EU, and many other markets, are subject to different types of inspections triggered by consumer complaints, reported non-conformities, or other issues. These “for cause” inspections may be scheduled or unannounced.

How to prepare for an inspection

Audit preparation is a continuous process that should be built into your quality system and regulatory processes. Some items to consider:

Internal Quality audits

The best way to prepare for an upcoming audit or inspection is to use the internal audit program to your benefit. The FDA QSR, FDA 21 CFR 820, calls for medical device manufacturers to perform regular internal audits of their systems and to provide evidence of these audits and their effectiveness. When possible, conduct internal audits as if you’re the regulatory body and take them seriously. Internal audits should find the issues before the regulators do. Issue nonconformances and address them in a timely manner.

Performing “mock” audits is another great way to prepare for external inspections/audits from the FDA, notified bodies, and other regulatory authorities. Mock audits are a rehearsal for your team to prepare them for the real thing. They can act as try-outs to determine who is equipped to handle being audited and those that are too nervous or offer too much information when asked a question, requiring additional training. Mock audits are typically separate from the internal audit program since they are conducted based on different objectives and for training purposes.

It’s common to contract an independent third party to perform mock audits. Consider conducting unannounced mock audits to get the truest picture of your company’s preparedness. In short, the tougher medical device manufacturers are on themselves while preparing for the audit, then the less stressful the actual audit will be.

Self-identify issues as they appear and do not wait for the internal audit. If an issue is identified during the audit preparation or mock audit, implement corrective and preventive actions (CAPA) to address the issue. This is vital to demonstrate that you are aware of an issue and have begun remediation or corrective actions if and when those issues are uncovered during the real inspection or audit.

Choose the right audit host

When you have an upcoming audit or inspection, you must choose the right company representative to host the auditor(s). The person you choose will represent your company, so be deliberate about selecting those who know the company, its quality management system, and its products well. It should also be someone you’re confident can perform well under pressure and remain mission-focused in managing the audit and not necessarily answering every question immediately. The audit host can significantly impact the audit for the better or worse, so be certain that you have the right person in place who will be able to represent the organization’s values and facilitate an efficient audit.

While the person or people working directly with the auditor(s) are often from your quality team, they will need to be supported by subject matter experts (SMEs) from other functions for the duration of the audit – this will include the regulatory, engineering, operations, and marketing teams – who can answer specific questions and gather requested documents. These SMEs must be pre-identified along with alternates as part of the audit preparation. They should be comfortable facing an auditor and answering the auditor’s questions.

Gather all the necessary documents

As part of the audit process, the auditor(s) will expect access to information that they need to determine your organization’s compliance with all quality system and regulatory requirements. Based on the requirements, audit guidance, and previous audits, commonly requested documents should be known. This documentation should be pre-identified, compliant, and available before the start of an audit. This can be in the form of hard copies or electronically through files or links. The goal is to have documents readily available to avoid audit delays.

"If it takes too long to get documents to the auditor when they ask for them, you’re not making a good overall impression that everything is under control, making things more difficult for the auditor(s). Auditors have schedules to meet and follow certain audit trails. The last thing you want is your auditor getting agitated because they are spending a lot of time waiting for information." - Bruce McKean, Rimsys Director of Regulatory Affairs

It is critical that all regulatory information related to your products is readily available during an audit, such as registration status, certificates, regulatory impact assessments, and essential principles, along with submission content and post-market data. A central RIM system that stores all regulatory data and links to (or references) the current versions of records from other systems, such as PLM, eQMS, and ERP systems, can smooth the audit process significantly.

During an audit

As an organization, you will want to manage as much of the audit process as possible. Your audit host will greet the auditor(s) and give them a brief overview or presentation of your company, and most likely conduct a facility tour. After this, while the auditor(s) will direct the process, the more your host can assist and guide them, the better.

In the case of unannounced inspections/audits, there must be a procedure in place that defines how to receive and handle these types of audits. This will include who is the primary contact during such an inspection (often a Quality Management team member or representative), as well as Executive Management, and alternates when those people are not available.

Ideally, you should have more than one company representative with the auditor(s) during the audit and auditors should not be left alone at any point. Most companies have a team in the “front room” with the auditor(s) led by the audit host. The main job of this team is to transcribe every question, answer, and activity that occurs during the audit. The “front room” team will communicate with other team members in the “back room” in real-time (often via instant messaging), relaying to them any open questions, requested documents, or queuing up SMEs the auditor(s) need to speak with.

Best practices for sharing information with auditors

During an audit, employees should be cooperative and helpful, but should only share information that is specifically requested by the auditor. If information is requested that seems outside the scope of the audit, such as corporate strategic or financial documents, employees should notify the appropriate executive before providing such information.

Auditor(s) should be given access to requested information through photocopies or limited computer system access. Original documents can be presented if requested, but should never be kept by the auditor(s). All information provided should be prepared, verified, and recorded in the “back room” and then passed through to the audit host so that it can be controlled. The “back room” should mark the copies “Confidential” or “Proprietary,” as appropriate. They should also make an extra copy for the audit file, so the exact documentation given to the auditor(s) is known for future reference.

Addressing missing or incorrect information

Ideally, any potential issues with the existing quality system and related procedures are identified before an audit and corrective actions are identified and put in place. Even in cases where an issue has not been fully resolved, being able to point to awareness and appropriate actions is important.

Some findings may be able to be corrected during the audit. These findings are typically isolated issues (one-offs) that do not pose significant risks. For instance, a missing revision number, missing signature, or outdated reference. If corrected during the audit, it may negate a finding, but the auditor may want to understand why the issue occurred and what actions you have or will be, taking to ensure that it does not recur.

In cases where you are unable to produce the information requested by an auditor, or when there are questions about the validity or accuracy of the information, your internal team should acknowledge the issue but should not immediately speculate on the cause or the effect of the missing or inaccurate information. A discussion of appropriate actions under the existing quality system may be appropriate.

What to do in case of a finding

Be prepared to receive findings from any inspection. Ideally, the auditors should be working to ensure that you are compliant with regulatory requirements and that your records accurately state what you do. However, “By the nature of the beast,” says Bruce McKean, “they’re there to find instances of noncompliance.” This means that auditors will be focused on documentation that can prove or disprove adherence to your stated procedures and policies.

All findings should be disclosed before the audit closing meeting. There should be no surprises. Ensure that the findings are understood by both parties. If they are not clear, perhaps the auditor misunderstood or did not see specific objective evidence and you should discuss or review the issue with the auditor as this may negate a finding. Be sure to debrief upper management before the closing meeting. At the audit closing meeting, there should be no debate over findings. Any finding, whether major or minor, should be addressed diligently.

Audit findings or observations will result in the regulatory body in charge of the audit issuing a document that lists those findings. In most cases, you will have limited time to respond with a satisfactory plan for correcting and preventing the recurrence of the identified issues.

In the case of the FDA, multiple enforcement actions are available to the agency, ranging from warning letters to criminal prosecution. Note that many regulatory agencies will not respond further to your actions if they agree with the actions you prescribe for addressing audit observations. However, additional actions may be triggered if your response is not found to be satisfactory.

Rimsys is a holistic regulatory information management system designed for and by regulatory affairs professionals. Rimsys makes it easier to create and track submissions, keep up with product registrations and certificates, and even share pertinent data across ERP, PLM, and eQMS software platforms to ensure data integrity. Learn more about how Rimsys can help you face audits with the confidence that you have all of your regulatory ducks in a row.

Featured

Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams

Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.

Similar posts

Company

Rimsys Launches the Regulatory Execution Engine for MedTech

By

May 5, 2026

4 min read

Spring 2026 embeds submission authoring, AI-powered regulatory monitoring, and configurable impact workflows inside a single RIM platform, the first step toward Rimsys' AI vision for global regulatory operations.

 

PITTSBURGH, PA, May 5, 2026 – Regulatory Information Management (RIM) software was built to store records. That foundation has served its purpose and reached its limit. Today, Rimsys announces the Spring 2026 release: a platform designed not to hold regulatory data, but to execute on it.

Submission volumes are growing. Markets are multiplying. Regulatory change is accelerating. Spring 2026 gives regulatory teams the tools to keep pace: embedded authoring, reusable submission content, configurable impact workflows, and AI-powered intelligence, all inside a single platform.

"Our vision for Rimsys is a platform that makes regulatory expertise go further, companies move faster, and products reach more markets than any team could accomplish alone. Spring 2026 is another meaningful step toward that vision. We are embedding the tools and intelligence that allow regulatory affairs professionals to operate at a different level, doing more strategic work, entering markets faster, and staying ahead of regulatory change rather than reacting to it. What we are building next makes this release the starting line." – James Gianoutsos, CEO

What Spring 2026 Delivers

A brand new website that provides in-depth information about the Rimsys offering and the benefits to MedTech manufacturers, including details on these new products:

Intelligence: AI-Powered Regulatory Monitoring

Rimsys Intelligence provides access to regulations, guidance documents, safety alerts, and legislation across more than 90 countries. AI triage and prioritization surface the updates most relevant to each customer's specific products and markets, eliminating hours of manual surveillance and putting the right information in front of the right people.

When a change requires action, teams can move directly from regulatory signal to impact assessment without a manual handoff. Intelligence represents Rimsys' first production deployment of context-aware AI operating across a customer's live regulatory data, a foundation that will expand significantly in future releases.

Advanced Submissions: A Unified Submission Execution Workflow

Advanced Submissions consolidates everything required to create, manage, and publish a regulatory submission into a single workflow inside Rimsys, eliminating the disconnected tools, manual reformatting, and version fragmentation that have defined submission work for too long. Three capabilities anchor it:

Rimsys Editor

The Rimsys Editor is the cornerstone of Advanced Submissions and the most significant capability in this release. It brings word-compatible authoring and editing natively inside Rimsys, fully compatible with Microsoft Word®, allowing regulatory teams to create, co-author, review, and publish submission content without leaving the platform for the first time.

The Editor supports real-time co-authoring, tracked changes and redlining, rich content including tables and images, document comparison, and PDF publishing with standardized headers, footers, and company branding applied automatically. AI-assisted authoring is available as a configurable option, enabling teams to summarize, refine, expand, and translate content within their workflow. Rimsys AI is human-in-the-loop by design.

Universal Submissions

Universal Submissions enables teams to build from a single universal template (an IMDRF Technical Document) with content automatically mapped into market-specific templates. One master structure, many markets, without rebuilding from scratch.

Reusable Submissions

Reusable Submissions takes a completed submission from one market and uses it as the starting point for a new one. The system automatically maps content into the target market's template, carrying applicable sections forward reducing the content creation time up to 90% and compressing the time required to enter each additional market.

Configurable Impact Surveys: Governed Change Assessment at Scale

Impact Surveys are now fully configurable. Templates can be defined for specific change event types, tied to countries or registrations, and triggered automatically from Rimsys Intelligence findings replacing ad hoc assessments with repeatable, governed workflows. This integration creates a direct line from change event to regulatory scope, with results tracked in a single audit-ready trail.

A Platform Built for What's Next

Spring 2026 establishes more than a set of new capabilities. It establishes the execution infrastructure, structured data model, and embedded AI foundation on which Rimsys' longer-term vision is being built.

That vision: a world where regulatory experts are amplified by intelligence, not constrained by information. Where the knowledge required to enter a new market, interpret a regulatory change, or scope a submission is instantly available to every member of the team. Where regulatory operations scale not by spreading experts thin, but by giving them tools that multiply their impact.

Spring is the first production step in that direction. Every submission authored inside the platform, every intelligence signal triaged by AI, and every impact assessment connected to structured regulatory data deepens the foundation. Future releases will build on it directly, expanding AI capabilities, automating more of the regulatory workflow, and ultimately enabling teams to do work that today requires external expertise to be done inside Rimsys.

Regulatory Execution as a Business Lever

Spring 2026 is built to move metrics that matter: reduced submission cycle time variance, improved approval predictability, lower marginal effort per market, and increased team capacity without proportional headcount growth. For executive leadership, earlier approvals translate directly into faster market access and accelerated revenue recognition.

Availability

Spring 2026 is now Generally Available. Existing customers on the Organizer product will retain access to their current experience.

To learn more about the Spring 2026 release and how Rimsys can accelerate your regulatory operations, visit rimsys.io or contact your Rimsys representative.

About Rimsys

Rimsys is the heart of regulatory operations for the medical device industry and the platform at the center of an AI-driven transformation in how regulated products reach global markets. A living, connected regulatory platform, Rimsys keeps regulatory intelligence, product data, approvals, and change management continuously connected, enabling organizations to expand into global markets with speed, precision, and confidence. Enterprise-ready yet intuitive to use, Rimsys is trusted by 6 of the top 12 global MedTech manufacturers to accelerate time to market and scale regulatory operations worldwide. To learn more, visit rimsys.io.

Media Contact

letschat@rimsys.io

rimsys.io

MedTech

Nonconformance reporting for medical device manufacturers

By

Wendy Levine

March 30, 2023

4 min read

Defining nonconformance

Very simply, a nonconformance occurs when a specification is not met. The FDA defines a specification in 21 CFR 820.3 as “any requirement with which a product, process, service, or other activity must conform,” and ISO 13485:2016 as a “need or expectation that is stated, generally implied, or obligatory.”

While managing nonconformance starts with fully defining specifications; it is the identification, tracking, and resolution of nonconformance that is a focus of medtech quality and regulatory teams and a requirement of both ISO 13485:2016 and the FDA’s 21 CFR Part 820 quality system regulation.  

Identifying nonconformance occurrences

As part of a compliant quality system, medical device manufacturers should implement procedures to identify and address both major and minor non-conformances. Nonconformances may be identified through processes found in multiple subsystems that are part of an overall quality management system within the organization.

The systems and subsystems in which nonconformances are identified typically include:

  • ERP
  • Regulatory information management (RIM)
  • Product lifecycle management (PLM)
  • Document management
  • Customer service / customer management  
  • Complaint handling
  • Device history records
  • Audit management
  • CAPA
  • Training/learning management  
  • Calibration/preventative maintenance
  • Development change management

Evaluating nonconformance

Once a nonconformance is identified, it should be evaluated in a timely manner, and a determination made as to the disposition of any affected products. Requirements for additional investigation and reporting should also be identified. Based on the severity of the nonconformance and its effect on the safety and efficacy of devices being manufactured or already in the market, a CAPA (corrective/preventative action) record may need to be created. In the U.S., this is defined in the quality regulation 21 CFR Part 820.100.

To disposition a nonconformance, consider the following:

  • Will the existing system detect the nonconformance if it recurs in time for remediation?
  • How likely is it that this issue will recur?
  • What is the impact of the non-conformance (i.e., could it affect patient health)?

Issues that are more severe or are more likely to recur should trigger a more immediate and comprehensive response.

Nonconformances that are escalated and handled under CAPA are based on risk and can include those that have or could have an impact on a product or process that is:

  • Not easily corrected
  • Recurring
  • Severe

In addition, nonconformances that rise to the level of a CAPA require significant resources and typically result in a full project to identify root cause(s), containment, and corrective actions, and monitoring for effectiveness.  

Nonconformances that don’t require a CAPA have simpler resolutions that include documenting actions taken to correct the issue (or justification for no action). If the issue is not recurring, there may be no other action required. For example, a nonconforming material received from a vendor may be a singular issue that was easily identified through existing inspection procedures and is not expected to recur. In this case, the material is returned to the vendor and no additional action is required.

Processes that are out of conformance are often resolved through improved documentation and/or additional user training. However, be sure that the true root cause of the nonconformance is identified as procedural nonconformances can signal additional issues.

Documenting nonconformances

An important part of nonconformance procedures is the nonconformance report (NCR) or other documentation procedures.  Nonconformances are typically documented within the subsystem in which they were identified. Some organizations will have a nonconforming system in which issues originating from all subsystems are documented. Centralized nonconformance systems allow for trending and other analysis across all subsystems, the results of which may generate CAPAs.  

The requirements for documenting a nonconformance may vary by subsystem. In general, however, nonconformance documentation records:

  • The requirement/specification that was not met.
  • The objective evidence supporting the determination.
  • The action that is being taken to address the nonconformity.

Nonconformances are a common point of focus during quality audits by regulatory bodies, including the FDA, and should follow a well-documented process. Auditors will often try to determine if the quality system is functioning effectively by looking at self-identified nonconformances and comparing them to externally reported nonconformances. This is to ensure that nonconforming products were not released, or that the appropriate actions were taken to resolve issues in the field.

The importance of nonconformance reports

Nonconformances related to distributed products of higher risk result in nonconformance reports issued to government authorities through vigilance reporting, medical device reporting, and field action/recall reports. For example, the FDA requires that a medical device report be submitted within 30 days of a serious adverse event (see 21 CFR Part 803 Subpart E). Strong reporting procedures for nonconformances of all types are important in identifying trends, addressing issues before they become critical, and as part of a complete quality management system.

A nonconformance reporting procedure is only part of a strong quality system. Read An overview of 21 CFR part 820 and ISO 13485 overview for more information on establishing quality systems for medtech companies.

Company

Why we developed Rimsys from the ground up

By

Wendy Levine

May 26, 2022

4 min read

Rimsys has had quite a year already! In early December, we closed on $16 million in Series A financing and since then we have been carefully growing the company to better serve our customers and the regulatory affairs community. We have almost doubled our employee count and redesigned the Rimsys system to deliver deeper functionality that is even easier to use. We had our first in-person employee meeting here in Pittsburgh at the end of April where we introduced our new mission statement, and we are all excited to be doing our part to improve global health!

All of these changes made us think back to the founding of Rimsys and how far we have come. So - I sat down with Rimsys Founder and CEO, James Gianoutsos, to talk about the genesis of the company and how he knew that a new type of system designed for medtech regulatory affairs professionals was needed, and needed to be built from the ground up.

Q: What was the biggest challenge you faced as a regulatory professional that led you to form Rimsys?

James: The biggest challenge I saw while working at Philips for many years was completely understanding the complexity and the nuances around everything regulatory from a product standpoint. This really came to light whenever we acquired products. Just seeing firsthand how inefficient and out of compliance these manufacturers really were, and how hard it was from an administrative standpoint just to get into compliance and then to stay compliant, was striking. 

I was working with a smaller medical device company which had acquired products from Philips. Philips provided the company with a list (a color-coded Excel spreadsheet)  of all of their products that the company had acquired along with the registration status of those products globally. After digging into the spreadsheet for several months, we found that about 50% of it was wrong, incomplete, or just completely missing. The company was trying to keep track of registration information, but the available tools were making it nearly impossible. I realized that this was the challenge, and that there really wasn’t a solution on the market that could solve that problem in an easy manner and in a medtech regulatory-focused way.

Q: There were solutions on the market that were geared more towards the pharmaceutical industry, correct?

James: Yes. So I did what every other regulatory professional did, which was to Google “regulatory software,” and I saw that there just really wasn’t anything on the market that fit our needs. The solutions on the market really were pharma-specific, even those that said they worked with medical devices. The workflows and regulatory requirements for medtech are very specific for each market, depending on the product type and risk class and so many other factors. To use a pharma system that was already on the market  just wasn’t even an option because it was like comparing apples to oranges. It is completely different from the regulatory and workflow side of things.

Q: There are existing tools used by the regulatory community, such as quality management and document management systems. Did you envision the new RIM system integrating with existing tools, replacing them, or a little of both?  

James: I never set out to replace those types of systems, no. In fact, I knew that existing system architecture and infrastructure couldn’t handle the specific medtech regulatory workflows but needed to connect to those systems. There have always been PLM (Product Lifecycle Management) systems that contain a company’s product master data, but those systems were never meant to be workflow-driven based on regulatory requirements. At the same time, they are critical for organizing and maintaining product-specific metadata. Then there are ERP systems, which are really about making sure companies have sales flags (i.e. regulatory blocks) in place, appropriate shipping codes, or selling status linked to product registration status. Regulatory professionals are concerned about answering two questions for ERP users; one, “does the product have a valid and current registration within the country or market,” and two, “if it is registered, are we selling and shipping into that market.”  Lastly, quality/document management systems house critical documentation and records needed for registrations. The problem with these systems is that there are no regulatory workflows and no way to compile technical documentation, leaving the documents and records siloed from the regulatory filings.

To do the things that a regulatory affairs professional, in a critical regulatory department, does for their company, the system really had to be built from the ground up with all of these systems in mind. It had to be product-centric. It had to integrate with all these other sources of information, because there really wasn’t a common connection point between your products, your documentation, and the records that you needed to compile and how that relates to getting products on the market. We had no way to communicate to our other systems that a product is actually available for sale in that market or that it confidently can, or more importantly cannot, ship to that market.

Q: What was the most difficult piece of functionality to implement in Rimsys?  

James: Well, at the time it kind of all seemed difficult! No, really the most difficult part was thinking thoughtfully and strategically about how data was going to be mapped and used in conjunction with other data elements, in order to make the system most helpful from a user perspective. We wanted to single-source information to enhance and streamline regulatory workflows, but then also make sure that it was as user friendly as possible. There are a lot of stakeholders that need information or have input into regulatory workflows. Quality assurance, marketing operations, R&D, engineering, sales - all of those specific stakeholders need to view information in a way that is understandable to them.

We worked hard to bring all that information, streamline complex regulatory workflows, and all of those internal and external data sources together in an understandable and user-friendly way.

Q: How important has the technology itself been in the creation of Rimsys?

James: Technology has been a huge advantage for us from day one. Our team had quality and regulatory backgrounds, so we knew what companies would expect from us. We knew we had to be 21 CFR Part 11 compliant. We knew we had to be ISO 27001 certified. We knew we had to have SOC2 Type 2 reports. We knew we had to integrate with a company’s existing IT infrastructure. We really had to build this thing from the ground up on a GxP compliant platform that we could build upon and expand, without having to go back and reinvent the wheel every time we added new functionality. 

It’s continued to pay dividends for us because it was something that we thought about from the beginning and that gave us a lot of flexibility. We already had the system and infrastructure in place that we could then expand upon a lot more quickly than we would have been able to otherwise. It’s like the difference between building a house today and trying to remodel a house that was built in the year 1900. If you break down a wall in the older house, there might be so many hidden issues behind that wall - load bearing issues, knob and tube wiring, asbestos, etc. With new modern infrastructure, it is just night and day in terms of adapting quickly with changing regulations and a fast-paced market.

Q: Was there any specific technology you can talk about that became important to the development of Rimsys?

James: Our choice of technology was driven by our desire to build a system that was user friendly and built on a modern infrastructure that felt familiar to our users. So, we took a lot of the Google framework to build an application that didn’t look like enterprise software, but looked and felt more like a consumer product that is inviting, not overwhelming. 

The other thing is that we built the system from day one to integrate because we knew we had to connect with a lot of different sources of information. We strategically built the system with API’s in mind.

Q: What is Rimsys doing differently than other software companies in the regulatory space?

James: We are creating a holistic solution, which is different from what is out there now. We know that registration management is just one key aspect of what regulatory affairs teams need. In order to create a proper regulatory system, we had to take into account all of the data and dependencies and build a system specifically for medtech regulatory teams and other key consumers of regulatory data. There has to be a single source of truth for this data, because otherwise it becomes a nightmare at the end of the day. Existing software solutions were siloed and purpose-built for other industry needs, such as eQMS, PLM and ERP. None of those systems can do what a holistic RIM platform can do. Because of the complex workflows, the regulatory needs are far too broad and interdependent, that data infrastructure is completely different, data sources are too numerous, and the systems offer limited support to bring everyone and everything together into a cohesive, streamlined, compliant and medtech-specific solution.

Another key component of what we are doing is to institutionalize regulatory knowledge and resources into Rimsys—this is at the heart of who we are and what we do. Having the only purpose-built, holistic RIM platform built by and for regulatory professionals specific for the medtech industry really couldn’t be done without internalizing that experience within our own team.

Q: What are you most proud of when it comes to Rimsys? 

James: I think there are two things that immediately come to mind. Having our Rimsys 5 platform launch is really exciting. This is the fifth iteration of our platform, and we did it by listening to our customers and iterating over and over again to get it right. We had to go back to the drawing board a couple of times, not because what we had written wasn’t working, but because our customers that were using the system every day gave us better ways to do things. Rimsys 5 is a really proud moment because this is the platform that we are taking into the future, that will let us get to the next level where we are truly empowering regulatory professionals to make critical decisions and do the job that they are meant to do. 

The ability for us to listen to our customers, take that feedback and move fast is the second thing I’d mention here. We know that this has to be a validated system, but we are able to make changes and add features in a way that is thoughtful and gets our customers what they need right away. Regulatory professionals are very particular. I know since I am one, and making sure they are comfortable using Rimsys from day 1 is critically important. Being a customer-centric company really makes our experience as a team extremely rewarding.

Q: Where is Rimsys going next?  What are you most excited about?

I think I am most excited about Rimsys being an advocate for the medtech regulatory community and helping them wherever we can. Regulatory has a seat at the table now and it is a great feeling to see that we’re able to help these companies to streamline their workflows, accelerate time to delivery for life-saving products and maintain that compliance to keep those products on the market. Regulatory affairs is a mission critical department that the medtech industry cannot underestimate. It’s empowering because while we are helping our customers, they are helping us and every single one of our other customers through the journey of regulatory uncertainty that everyone is going through right now. It feels like a real partnership between us, our customers, and the industry as a whole and I am excited to see where that will take us.

I am also really excited about where we are going with regulatory intelligence. We are just scratching the surface of this now, but you will see regulatory intelligence data built into Rimsys and providing RA professionals with tools that can really provide a competitive advantage for their company. The release of Rimsys 5 platform (“Phase 1”) provides us that platform that will take us into “Phase 2” of Rimsys, with embedded intelligence that will further empower regulatory professionals to make decisive, correct and confident decisions for their products and their company.

I agree to the privacy policy including to Rimsys using my contact details to contact me for marketing purposes.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Hand holding smartphone showing email app with 12 unread messages notification.