Episode 65 · April 2, 2026 · 35m listen · 1,978 words · ~10 min read
Start QMS Early to Avoid Reverse Documentation with Dr. Basant Bajpai | Ep. 64 - Full Transcript | The Med Device Cyber Podcast
Read the complete, searchable transcript of Episode 65 of The Med Device Cyber Podcast - expert conversations on medical device cybersecurity, FDA premarket and postmarket guidance, SBOM management, threat modeling, and penetration testing.
Prefer the listening experience? Open the episode page for the synopsis, key takeaways, topics, and Apple / YouTube listen links.
Episode summary
In this episode of The Med Device Cyber Podcast, host Trevor Slattery with guest Dr. Basant Bajpai, CEO of Compliance MedQar, delve into the crucial role of early Quality Management System (QMS) implementation for medical device manufacturers. Dr. Bajpai emphasizes that early adoption of a simple, traceable QMS from the concept and R&D stages is vital to avoid costly “reverse documentation” and ensure regulatory compliance. The discussion highlights the common mistake of companies opting for overly complex QMS tools when a simpler, automated system is more effective for building a strong foundation and enabling scalability. The conversation then shifts to the innovative integration of AI into QMS, explaining how AI can enhance efficiency by drafting documentation, flagging non-compliance with standards like 21 CFR Part 820, EU MDR, and MDSAP, and identifying gaps in clinical evidence. However, both speakers stress the critical importance of a "human in the loop" to validate AI-generated content, especially for traceability and evidence of compliance, addressing concerns about AI hallucinating critical documentation like penetration test reports. The episode also touches on the growing trend of regulatory bodies, particularly in the EU, adopting AI for submission reviews to improve efficiency, while noting the FDA
Key takeaways from this episode
Start QMS implementation as early as possible, ideally during the concept or R&D stage, to establish a strong, traceable foundation and avoid costly reverse documentation later.
Opt for simple, automated QMS tools that fit your regulatory journey and ensure traceability, rather than complex or "fancy" systems that may be difficult to implement with limited resources.
Utilize AI as a tool to enhance QMS efficiency by drafting documentation, checking compliance against regulations like 21 CFR Part 820 and EU MDR, and flagging gaps, but always maintain a 'human in the loop' for validation and accountability.
Recognize that traceability and evidence of compliance must remain a manual, human-controlled process to prevent AI from fabricating critical artifacts like penetration test reports.
Prioritize cybersecurity early in the product development lifecycle, as it is a critical component of quality and regulatory compliance, and late integration can lead to significant delays and costs.
Understand that regulatory bodies are increasingly adopting AI for reviewing submissions, signaling a future where both medical device manufacturers and regulators leverage AI, necessitating a clear understanding of its appropriate and responsible use.
Full episode transcript
Page 1 of 3· Paragraphs 1 - 6
The biggest mistake medtech companies make today when implementing their QMS tool is looking for a product that is perceived as heavy or fancy. What they truly need is a simple, traceable tool that fits their regulatory journey. The challenge often arises during audits when they fail due to an inability to prove traceability. I always recommend starting as early as possible. You do not need fancy systems; what you need is a simple, automated system that suffices your needs and helps build your foundation. Once the foundation is built, it is easy to scale. We always recommend not using AI until you have fully established and implemented your QMS.
We do not want AI to take ownership of this process. We want to use it as a tool to assist and guide us. I think as long as we are doing that, it is an incredibly effective and incredibly powerful tool. Welcome back to The Med Device Cyber Podcast. I am your host, Trevor Slattery. Unfortunately, our other co-host, Christian Espinosa, is not able to make it today. He is currently flying back from Seoul after a whole gambit of travel delays. We are joined today by a very special guest, Dr. Basant, who is coming in from Dubai with Compliance MedQar. I would love to hear a little bit about yourself, some of your background, and what you are working on over there.
Hi, Trevor, thank you for having me. My name is Dr. Basant, I am the CEO at Compliance MedQar. We are located in Dubai. I have a background in medical devices and a PhD in neuromonitoring and neuroscience. We are a regulatory consulting company, and we also have an automated quality management system. Within the med industry, we believe that QMS is not just software, but a business system for survival. In the current trend of medtech services, or within ISO 13485, the tool required for a quality management system is not just a tool. It requires maintaining traceability, documentation, and compliance, which is becoming more and more challenging for medical device companies.
The biggest mistake medtech companies make today when implementing their QMS tool is looking for a product that is fancy or heavy, when what they need is a simple, traceable tool that fits their regulatory journey. This is the challenge. Normally, when we communicate with multiple medtech founders or CEOs at an early stage, they always ask when they should implement a quality management system. That is one of the challenges many founders come across at an early stage. What we always advise them is that you need to start as early as possible, meaning when they are at the concept stage or their R&D stage, they have to start there. Regardless, if they do not start, the design control already starts. So they have to document that and do it in a controlled, version-controlled, as well as traceable manner. That is something challenging, especially among startups and early-stage companies.
Many companies, for example, opt for a system, or some even use a shared drive or Google Drive when implementing their quality management system. But the challenge hits when they go for the audit and fail because they cannot prove that what they have done is traceable, that there is a sufficient audit trail, that the documentation is done correctly, that different processes have been implemented and are traceable and documented according to different regulatory requirements. Some companies are still able to make it by using Excel sheets and manual documentation by hiring multiple people. However, that hits them hard when they scale, because when they have multiple products, multiple processes, records, and work instructions, it becomes challenging. So I always recommend starting as early as possible. You do not need fancy systems. What you need is a simple, automated system which can suffice your needs, which can help you build your foundation, and once you build the foundation, it is easy to scale.
So from day one, if you are a startup, if you are looking for a complex quality management system, you might not have the resources to implement it, and you might not be able to accommodate all the processes and black-box processes that are already designed by these QMS providers. As a company, as a solution provider, we provide a customized, AI-integrated tool designed based on where medtech companies are in their journey. For example, in their compliance journey, whether they are going for FDA, EU MDR, or looking to initially implement a QMS to get QMS certification, it is the same hand-in-hand as with cybersecurity. There are challenges. If you look at cybersecurity, if there is no sufficient audit trail and then the test and penetration test, if you fail to document that you have done sufficient cybersecurity testing, whether you go to any regulatory authority, you will be challenged.