Startups, Regulations, & Risk: Insights from MedTech Guru Etienne Nichols | Ep. 7 - Full Transcript | The Med Device Cyber Podcast

Host: Hi, welcome to another episode of the Med Device Cyber podcast. Today we have a guest uh from Greenlight Guru. We've got Etienne. Uh Etienne works with Greenlight Guru and they specialize in quality management systems. Uh we also have Trevor uh who you've seen before on our podcast. Trevor works for Blue Goat Cyber. He's our director of medical device cybersecurity, our in the weeds tech person who's does a lot of the hacking and leads our hacking team. So welcome to the podcast. Uh Etienne, you want to introduce yourself a little more formally than I did? Guest: Yeah, absolutely. Thank you so much for having me on. Uh yeah, my name is Etienne Nichols. Um, Greenlight Guru, well, I'll tell tell you a little bit about what I do at Greenlight Guru. So my position is the head of industry insights and education at Greenlight Guru. So I get to talk to a lot of professionals such as as yourself and uh um I head up uh a lot of different articles and content that we produce and try to just add that insight to the industry. So at Greenlight Guru, a lot of people look at us as a content provider in some ways. Uh and a lot of ways we are, but uh ultimately the way we uh make money I suppose is to sell software solutions to the industry and and what we specialize is in quality management system and clinical investigation solutions. Host: Yeah, I've seen a lot of your podcasts and you guys do create a lot of content. Guest: Yeah. Yeah, well, it's good that you've seen it at least. Hopefully it's been uh, you know, maybe helpful or beneficial to some way. Host: It has because when I first started doing this stuff, I didn't know what a QMS was or what ISO 13485 is. There's a lot of like acronyms and like there's QSR, QMS, uh 21 CFR 820. You know, there's all these things and it's it's it's it's if you're kind of new to med-tech, it can be super confusing. Because we we from cybersecurity we have all these acronyms and then you combine that with the med-tech and then the FDA and the MDR, you know, those are acronyms within themselves. It becomes a very confusing uh space. And plus you then you have the the medical acronyms, you know, that people use as well. So it's very acronym rich. Guest: Yeah, even when the regulatory agencies themselves are an acronym, you know, there's kind of a problem going on. An obsession with with acronyms. And there's a new one coming on too, QMSR, which you mentioned ISO and uh uh and FDA's uh QSR. If you combine those, you've got QMSR. That's what's coming next, uh quality management system regulation from FDA. And we could talk about a little bit about that if you want, uh just however, however you want to go, happy to go whatever trail you like. Host: Yeah, I think it would probably be useful just to establish a baseline and let people know from a high level what a QMS is and why they would even need one. A lot of our clients are startups and they probably haven't even thought down the road like we need a QMS. You know, they're they're they're busy trying to innovate their product and get it to market. So maybe you can explain like why they would need one and how it's beneficial to them. Guest: Yeah. So a quality management system isn't something that's unique to Medtech. It's uh, uh, I think the some of the fathers of quality, Deming and uh uh Crosby, you know, the quality is free guys from the 1980s. They really pushed this quality concept, the idea that, um, you can uh produce consistent, reliable product if you put certain processes in place and manage those uh with a very consistent way of managing. Host: Is this like Six Sigma? Didn't Deming come up with Six Sigma? Guest: Yeah, yeah, I think that's right. I I get them all mixed up. I've I've gone through different ones. Um, they start to crisscross over and and but but yeah, so it's so the the quality management system idea is not necessarily unique, but in most industries they have something called ISO 9001, which is the international standard for how you would lay those processes out. So you would have management review, you would have customer service, you would have a certain way of designing the product, a certain standard flow. Well, for Medtech, they built on top of ISO 9001 something called ISO 13485, which is the international standard for how medical devices should approach their quality management. You asked what is a quality management system? That's a good question. It's the company's defined uh way of approaching quality. How are you going to produce consistent, reliable, safe and effective medical devices?