Product Development March 30, 2020

Struggles with ISO 9001

Ayush Kumar @akumar0630

I've been working on Vitrix Health (vitrixhealth.com) for about a year now and we are now looking into getting our manufacturing ready for scale. However, I was informed I need to be ISO 9001 and ISO 13485 compliant. (I know no experience in either of these two systems)

I downloaded the standards off the ISO website and am pretty lost on how to actually set up a compliant QMS system. I know there's some software out there but all of it seems rather cumbersome to set up if you do not know how to set up one already.

Does anyone have any resources for how to set up a solid QMS system?

  1. 3

    Certification companies usually provide consulting too, but as another commenter pointed out it's expensive. My father worked his whole life for several firms in this field, so I'll ask him if he has any documentation on these particular standards - Pavin.

    1. 1

      Thank you so much! It seems like consulting is the only way to go but im sure alot of startups cant afford it. I wonder what they do in the mean time.

      1. 1

        I've forwarded a bunch of documents (as 8 emails, sorry!) for ISO 9001, you'd need to adapt it for your industry and requirements - Pavin

        1. 1

          thank you!

  2. 3

    I second @Blake_Emigro's opinion. Get consulting. You'll thank yourself later when the product sells well and you haven't wasted weeks on writing documentation

    1. 1

      Im curious how alot of hardware startups who are bootstrapped have been able to get by without having a consultant.

      1. 1

        I don't think bootstrapped hardware startups are very common, so congratulations.
        "Hardware is hard." - possibly Marc Andreessen or Tony Fadell

        Are there any grants you can go after to put towards this cost?

        1. 1

          I've been looking into NSF SBIR as well as NIDCR grants. However, I just spoke to the program director who loves our idea and product but feels like our team is too young (ie we are all under 23).

          1. 1

            Maybe if you had an advisory board of industry experts that would help. Obviously that's a lot easier to say than do. I know of a cleantech company that has an advisory board and it gives them a lot of credibility and opens doors for them.

            It's different from a board of directors in that they have no voting power or fiduciary responsibility. They are literally just giving advice that you can chose to ignore if you want.

            1. 1

              right right ill take a look at that.

  3. 3

    There are consultants for this, at a hefty cost, of course. But all the time you try to navigate this on your own, fail your audit(s), and don't produce product... well, that also comes at a hefty cost.

    1. 1

      Do you recommend any software? I've been trying to use templates but they seem to be more confusing than anything else.

      1. 2

        I've never used software for this, and I haven't been involved in ISO certification for a long time. So I don't have anything for you there, sorry. Make sure you watch for "should do", and "shall do", and understand the difference. Hopefully that helps a little :-P

        1. 1

          I hate the naming that they have in the standards!

  4. 2

    Hi, from experience as a student consulting, I can recommend to look at the PDCA cycle. For every iso certificate it is relevant to document your processes, controls and polices and audit it by yourself and later by a certifier. Look at the objectives that you should achieve to be complaint, implement measures if you need and improve in a continuous cycle. Good luck!

    1. 1

      Got it ill take a look at that thank you!

  5. 1

    Curious.....did you get through this? What approach did you take, consultant or DIY?

  6. 1

    I've worked on ISO 27001 certifications, in cybersecurity, and would be happy to share what I've learned. Can't speak directly so QMS 9001, but I think you should be able to tackle it yourself.

    Worst case scenario, you don't get certified by and accrediting body and fix stuff, then get accredited.

    If you need any help with cybersecurity I'd be glad to advise, or check out my talent marketplace www.getblueteam.com

    1. 1

      do you use a software offering for iso 27001?

      1. 1

        Hi Akumar0630, I launched my ISO 27001 course actually today. https://www.smbcompliance.com/sales-page1592884942177
        Only $4,000.

      2. 1

        I do not, but there are plenty of offerings like that out there. Here's one that I've heard is good ($6k/yr): https://tugboatlogic.com/certification/iso-27001

        Honestly, you can probably get by fine with a spreadsheet and the policies in this book (~$250): https://www.amazon.com/Information-Security-Policies-Made-Version/dp/1881585093/ref=sxbs_sxwds-stvp?dchild=1&pd_rd_i=1881585093&pd_rd_r=d7c0ad55-4768-47c3-97fe-fd8e3c90b3dd&pd_rd_w=AUBm2&pd_rd_wg=jOCK6&pf_rd_p=967d8720-e4cf-4d5d-9da3-53f47ca634a3&pf_rd_r=SP2AJV94WKTDF14BEPK0&psc=1&qid=1585856845&refinements=p_27%3AInformation+Shield&s=books&sr=1-2-dd5817a1-1ba7-46c2-8996-f96e7b0f409c&text=Information+Shield

        I know Charles from Information Shield and can put you in touch if you'd like. His website is down right now, for some reason, but he's very friendly

  7. 1

    Have you looked if you need other certifications or approvals? It is quite common that you also need to comply with FDA rules.

    1. 1

      Yup we are looking at a whole QMS system. Looked at greenlight guru, etc. but i felt like i could do iso 9001 inhouse.