Skip to main content
    All Episodes
    Episode 008 · January 7, 2025 · 30m listen

    Startups, Regulations, & Risk: Insights from MedTech Guru Etienne Nichols | Ep. 7

    Etienne Nichols
    Head of Industry Insights and Education
    Greenlight Guru

    Episode Summary

    This episode of The Med Device Cyber Podcast features Etienne Nichols, Head of Industry Insights and Education at Greenlight Guru, a company specializing in Quality Management Systems (QMS) for medical devices. Joined by Trevor, Director of Medical Device Cybersecurity at Blu Goat Cyber, the discussion provides valuable insights for product security teams, regulatory leads, and engineers. The conversation demystifies acronyms prevalent in MedTech, such as QMS, ISO 13485, and 21 CFR Part 820, and introduces the upcoming Quality Management System Regulation (QMR). Nichols emphasizes the critical role of a QMS in ensuring consistent, reliable, safe, and effective medical devices, especially for startups navigating regulatory landscapes. The episode delves into the importance of designing cybersecurity into medical devices from the outset, highlighting the interconnectedness of safety risk management (ISO 14971) and security risk management (TR57). Practical advice is offered on leveraging QMS for traceability, managing legal and ethical risks, and streamlining processes like Corrective and Preventive Actions (CAPA) in response to vulnerabilities. The speakers also address the challenges large companies face with inadequate documentation systems and the growing demand from hospitals for robust cybersecurity assurances.

    Key Takeaways

    • 01A Quality Management System (QMS) is crucial for medical device companies, regardless of size, to ensure consistent, reliable, safe, and effective products and to manage regulatory compliance.
    • 02Cybersecurity must be designed into medical devices from the initial development phase, not bolted on afterward, to ensure effective risk management and regulatory compliance.
    • 03Safety risk management (ISO 14971) and security risk management (TR57) are distinct but interconnected frameworks, and understanding their overlap is essential for comprehensive medical device security.
    • 04The Corrective and Preventive Action (CAPA) process within a QMS is vital for addressing identified vulnerabilities and preventing their recurrence, ensuring continuous improvement in product security.
    • 05Even if not explicitly required for initial FDA clearance, demonstrating robust internal cybersecurity practices and manufacturing environment security is increasingly important for market adoption, especially with hospitals.
    • 06Effective documentation control and traceability within a QMS are critical to avoid repeat work, legal risks, and to simplify audits by regulatory bodies like the FDA.

    Frequently Asked Questions

    Quick answers drawn from this episode.

    • This episode of The Med Device Cyber Podcast features Etienne Nichols, Head of Industry Insights and Education at Greenlight Guru, a company specializing in Quality Management Systems (QMS) for medical devices.

    • A Quality Management System (QMS) is crucial for medical device companies, regardless of size, to ensure consistent, reliable, safe, and effective products and to manage regulatory compliance. Cybersecurity must be designed into medical devices from the initial development phase, not bolted on afterward, to ensure effective risk management and regulatory...

    • The conversation demystifies acronyms prevalent in MedTech, such as QMS, ISO 13485, and 21 CFR Part 820, and introduces the upcoming Quality Management System Regulation (QMR). It's most useful for medical device manufacturers, cybersecurity engineers, regulatory affairs professionals, and MedTech founders preparing for FDA review.

    • A Quality Management System (QMS) is crucial for medical device companies, regardless of size, to ensure consistent, reliable, safe, and effective products and to manage regulatory compliance.

    Listeners also asked

    Quick answers pulled from related episodes.

    Share this episode

    Pre-fills with: "A Quality Management System (QMS) is crucial for medical device companies, regardless of size, to ensure consistent, reliable, safe, and effective products and to manage regulatory compliance."

    Hi, welcome to another episode of The Med Device Cyber Podcast. Today we have a guest from Greenlight Guru. We've got Etienne. Etienne works with Greenlight Guru and they specialize in Quality Management Systems. We also have Trevor, who you've seen before on our podcast. Trevor works for Blu Goat Cyber. He's our Director of Medical Device Cybersecurity, our in-the-weeds tech person who does a lot of the hacking and leads our hacking team. So, welcome to the podcast. Etienne, you want to introduce yourself a little more formally than I did? Absolutely, thank you so much for having me on. My name is Etienne Nichols. I'll tell you a little bit about what I do at Greenlight Guru. So, my position as the Head of Industry Insights and Education at Greenlight Guru means I get to talk to a lot of professionals such as yourself. I head up a lot of different articles and content that we produce and try to just add that insight to the industry. At Greenlight Guru, a lot of people look at us as a content provider in some ways, and in a lot of ways we are. Ultimately, the way we make money, I suppose, is to sell software solutions to the industry, and what we specialize in is quality management system and clinical investigation solutions. I've seen a lot of your podcasts, and you guys do create a lot of content. Well, it's good that you've seen it, at least. Hopefully, it's been helpful or beneficial in some way. It has, because when I first started doing this stuff, I didn't know what a QMS was or what ISO 13485 is. There's a lot of acronyms like QSR, QMS, 21 CFR 820. If you're new to MedTech, it can be super confusing because from cybersecurity, we have all these acronyms, and then combine that with MedTech, and then the FDA and the MDR. Those are acronyms within themselves. It becomes a very confusing space, plus then you have the medical acronyms that people use as well, so it's very acronym-rich. Even when the regulatory agencies themselves are an acronym, there's kind of a problem going on, an obsession with acronyms. And there's a new one coming on too, QMR. Which you mentioned ISO and the FDA's QSR, if you combine those, you've got QMR. That's what's coming next: Quality Management System Regulation from FDA. We could talk a little bit about that if you want, however you want to go, happy to go whatever trail you like. I think it would probably be useful just to establish a baseline and let people know from a high level what a QMS is and why they would even need one. A lot of our clients are startups, and they probably haven't even thought down the road like,

    Hosted by

    More from your hosts

    Other episodes diving into Christian and Trevor's areas of focus.

    Episodes covering similar ground.

    Why this matches covers similar themes around 14971, documentation, interconnectedness.

    Why this matches covers similar themes around improvement, safe, part.

    Listen to this episode