SoftComply: Atlassian add-ons for medical device companies to keep us safe

We want our medical devices to be safe, don’t we? We don’t think of software as a medical device, but if the software in medical devices is not running smoothly, we face risks which might do us harm or be potentially fatal. SoftComply was born out of the necessity for very simple integrated tools that would help in the regulatory approval process.
The founders of SoftComply describe their products as the first Atlassian platform add-ons addressing the needs of life-science, medtech and pharma.

“If a medical device company wants to enter the market, they need a quality management system and a risk management process. We have developed software tools that can help companies in these two aspects in particular,” says Marion Lepmets, co-founder and CEO of SoftComply.

All three co-founders are somehow connected with the fields of medical devices, market regulation or software development. Lepmets herself has an extensive academic background in medical device software development. She has seen many medical device companies struggling with the regulatory process. “I realized that what they really needed was a very, very simple set of integrated tools that would help them in the regulatory approval process. We sat down and tried to figure out what the most important tools for these companies are. I worked with Matteo Gubellini, whose background is in regulatory affairs and who knows the needs of these companies, and Margus Nael, who knows the platforms most software developers use and how these aspects integrate or relate with each other. So, that’s how the solution was born,” explains Lepmets.

“The whole regulation process is highly complicated and there are a lot of regulations in place which companies have to consider. There are also some variations in regulations between Europe and USA,” adds Gubellini. “I worked both with large corporations and small start-ups. Smaller companies struggle with regulations as they don’t have the resources to look after everything, especially if they don’t have knowledge of this framework or the regulations. They might hire consultants, but this process takes time and is not cheap. There are some tools on the market, but usually they are stand-alone and large systems, offering complete solutions, which small companies cannot afford,” he points out.

“In general, the software development area in the regulatory field is pretty huge. We cover just a small bit of that,” explains Nael.

Essential differences compared to others

SoftComply’s solution has some essential differences compared to other tools. According to Nael it provides a software option on the Atlassian platform: “Atlassian provides various tools for software developers, starting from source-code repositories to knowledge management tools. It is one of the most popular platforms among software developers and basically, we are providing our add-ons for an existing eco-system. Some of our competitors are add-ons for some larger eco-system, and some are stand-alone systems. There are always pros and cons – which tools and platforms support your software and how you can integrate your software into processes. Since we decided to move forward with the Atlassian platform, we are basically trying to streamline the whole development process into one, from start to the product release.”

Lepmets points out that software itself can also be considered a medical device. That means the application itself must comply with the relevant regional regulations and international standards for medical devices. “Software developers might not completely understand the quality regulations or requirements and they don’t realize these regulations might be a bottleneck to get their products to the market. Also, a lot of these regulatory tasks are done manually. This is fine, but if we want to see how regulatory aspects are integrated with the software development, it might be tricky to trace back to software items that developers are building. We started to think of the regulatory approval process as part of the software development itself rather than a stand-alone task, so that developers could get the regulatory tasks in line more quickly and easily. That is the biggest difference: we built the first add-ons for the Atlassian platform particularly for the medtech industry because they need to integrate with software development.”

Educating start-ups but also aimed at larger companies

According to Nael, SoftComply is targeting small and medium sized companies because today a medical device might also be a smartphone application. “Lots of start-ups are planning to develop some cool new apps which will offer great health benefits. But they are not aware how hard it is to launch certified medical device software, that they need to meet standards’ requirements to pass the audit,” he says.

“We have slightly different customer segments for the different add-ons. SoftComply eQMS is meant for smaller and medium sized companies who are quite new to the medtech or medical device field – they might not know about all the requirements. The first thing they have to implement is a quality management system with a quality policy and procedures. So, we offer SoftComply eQMS, which fast-tracks the implementation of a compliant quality management system, and helps users fulfil their requirements. For them it is much quicker and cheaper compared to having a consultant on board.

SoftComply Risk Manager, on the other hand, suits also the larger and more established companies, and perhaps even other regulated industries like aviation or automotive – any field where software needs to be analysed and risks assessed in a very detailed manner before the product can be brought to the market. Therefore, SoftComply Risk Manager might also be targeted to larger companies who use Atlassian JIRA,” notes Lepmets.

Gubellini gives an example of how difficult it is to get regulatory approval from his own experience. It could take up to six months to get the regulatory approval. The other aspect he points out is that risk management is often done by using Excel. “Excel is a worksheet but not really designed to do risk management. If you have a complex product you could be tracing thousands of lines in Excel because every subsystem will have its own risk management. It takes hours or days to make sure that everything is connected. As it is done manually, something goes missing, something gets lost, there are typos or inconsistencies. It’s gigantic work and that’s why we came up with our solutions,” he concludes.