From Lab Bench to Licensed Product: The Hidden QMS Hurdle


From Lab Bench to Licensed Product: The Hidden QMS Hurdle
Today's issue dives into what it takes to build a regulatory compliant manufacturing facility from the ground up, inspired by UCT's new SAHPRA license...
SYNAPTIC DIGEST
TUESDAY, MAY 26, 2026  |  8 MIN READ
At a Glance: Today's issue dives into what it takes to build a regulatory compliant manufacturing facility from the ground up, inspired by UCT's new SAHPRA license. We'll also look at how established players like Hamilton Medical are using new tools to automate traceability and keep their design history files audit proof. It is all about building the systems that let you ship safe products.
RECALL ANALYSIS
From Lab to Launch: Building a QMS That Regulators Trust

You have a brilliant prototype that could change patient care. But how do you cross the chasm from a promising university project to a licensed, manufacturable medical device? The University of Cape Town just built that bridge, and the story is a masterclass in tackling the biggest non technical hurdle in medtech: building a quality system from scratch.

What This License Actually Means

According to their announcement, UCT’s Biomedical Engineering Research Centre (BMERC) has secured a medical device manufacturing license from the South African Health Products Regulatory Authority (SAHPRA). This is not just a piece of paper. It is a formal validation that their entire process, from design and development to manufacturing and distribution, meets rigorous international standards. It gives them the legal and ethical authority to move devices from their labs into South African hospitals.

For years, UCT, like many academic incubators, faced a structural barrier. They could invent, patent, and even spin out companies, but without a certified manufacturing pathway, their devices designed for the African context had to be shelved or produced elsewhere. This license is the culmination of a massive effort to build that pathway in house, turning institutional knowledge into institutional capability.

The Real Engineering Challenge: It's Not the Device

The most telling quote from the UCT team is this: “What began as a compliance project quietly became an institutional capability.” The real engineering challenge was not designing a specific gadget, but designing and implementing a robust Quality Management System (QMS). It is the unglamorous, painstaking work of establishing document control, embedding risk based thinking, and aligning procedures that makes or breaks a product launch.

This is a familiar story for any engineer who has been part of a startup or skunkworks project. Moving from a culture of academic freedom and rapid prototyping to one of rigorous, documented process control is a monumental task. Every procedure needs a standard operating procedure (SOP), every design choice needs a rationale, and every risk needs to be tracked and mitigated. This is the curriculum that turns researchers into product engineers.

Regulatory & Standards Context

At the heart of this achievement is ISO 13485:2016, “Medical devices — Quality management systems — Requirements for regulatory purposes.” This is the international playbook for building a medical device QMS. The SAHPRA license is effectively a declaration that UCT’s BMERC has successfully implemented the principles of this standard. It is the foundation upon which all other device specific regulations are built.

Think of ISO 13485 as the blueprint for your company’s operational DNA. Key clauses that UCT would have focused on include Clause 7.3 (Design and Development), which mandates a structured process with defined stages, reviews, and transfer to manufacturing. They also would have spent countless hours on Clause 4.2 (Documentation requirements), which includes establishing a medical device file (the equivalent of a DHF) and controlling all documents and records. This standard is not just about compliance; it is about creating a repeatable, predictable system that builds safety and quality into a product from day one.

Design Playbook - Learning from the Event

Audit: Is your Design History File (DHF) an afterthought or a living system?

Too often, the DHF is a collection of documents frantically assembled before an audit. Your QMS should treat it as a dynamic, living entity. If your engineers see DHF updates as bureaucratic chores instead of essential design tools, it points to a major process gap that needs to be fixed before your next regulatory inspection.

Check: Does your risk management file (ISO 14971) directly influence design requirements?

Risk management is not a separate activity. Identified risks and their required mitigations must be fed back as concrete design inputs. For example, if a use error is identified as a high risk, a design input specifying a poka yoke feature or an interlock must be created and verified. This loop must be documented and unbreakable.

Audit: If you are in a startup or academic setting, have you budgeted for a full time quality/regulatory role?

UCT's journey shows this is not a part time job. A dedicated quality/regulatory lead is essential to navigate the complexities of ISO 13485 and national regulations. They are not the police; they are the expert guides who build the road that lets you move fast without breaking things, or laws.

Check: Are your design inputs unambiguously linked to design outputs and verification tests?

This is the core of traceability. Every single requirement in your System Requirements Specification (SRS) must map to a specific design output (like a drawing or a firmware module) and then to a specific verification test protocol that proves it was met. Gaps in this chain are the number one source of audit findings.

• • •
RECALL ANALYSIS
Your DHF is a Time Bomb: Taming Traceability with Modern Tools

Your Design History File is not a folder; it is a web of interconnected decisions, risks, and test results. For many teams, especially those scaling quickly, that web is a tangled mess of Word documents, Excel spreadsheets, and disconnected Jira tickets. Here is why a leading ventilator company, Hamilton Medical, is investing in a major systems overhaul to prevent this exact problem.

What the Announcement Says

Hamilton Medical, a major player in critical care ventilation, just announced they are adopting PTC's Codebeamer, an Application Lifecycle Management (ALM) solution. They are integrating it with their existing Windchill Product Lifecycle Management (PLM) system. The goal is to replace legacy systems and paper based processes to create what the industry calls a “single source of truth” for product development.

This move is designed to create automated traceability across their engineering, risk, quality, and V&V teams. In short, they are building a digital thread that connects every requirement to every piece of code, every risk mitigation, and every test case. It is a proactive move to ensure they are always prepared for an audit and can manage the immense complexity of modern medical device development.

The Failure Mode They're Preventing

This is not a story about a recall; it is a story about preventing one. The silent failure mode that Hamilton Medical is addressing is broken traceability. When an auditor asks you to prove that a specific software requirement was tested and that the test passed, the scramble begins. Engineers dig through old emails, search network drives for test reports, and manually piece together the story. This is not just inefficient; it is dangerous.

A broken traceability chain means you cannot be certain that you have tested every risk control or implemented every safety critical requirement. It makes it nearly impossible to assess the impact of a proposed change. A seemingly small software update could have unintended consequences on a critical risk mitigation, and without a connected system, that link can be easily missed until it is too late. This investment is an insurance policy against that kind of systemic failure.

Regulatory & Standards Context

This initiative hits directly at the heart of FDA 21 CFR 820.30 (Design Controls). This regulation requires manufacturers to establish and maintain procedures to control the design of the device in order to ensure that specified design requirements are met. A key part of this is the requirement for traceability from user needs all the way through to validated design.

For a software intensive device like a ventilator, IEC 62304 is also paramount. This standard for medical device software lifecycle processes is obsessed with traceability. It demands clear links between software requirements, software architecture, detailed design, and the tests that verify them. Manually maintaining this level of documentation for hundreds or thousands of requirements is brutally difficult. ALM tools like the one Hamilton Medical is adopting are purpose built to enforce the discipline required by these standards.

Design Playbook - Learning from the Event

Audit: Can you instantly generate a complete traceability matrix for any requirement?

If an auditor picked a random high level user need from your file, how long would it take you to show them every downstream design input, design output, risk control, and V&V test case associated with it? If the answer is measured in days of manual effort instead of minutes of running a report, your process is a liability.

Check: When a test case fails, does your system automatically flag the associated requirements?

Modern ALM platforms can create these links. A single failed verification test should ripple backward, putting a hold or question mark on all the requirements it was meant to satisfy. This prevents a product from being released with known gaps in its verification evidence, a common and critical manufacturing escape.

Audit: How much engineering time was spent manually compiling DHF documents for your last audit or submission?

Calculate the cost of that activity in man hours. That number is the ROI for investing in a more integrated system. Engineers should be spending their time solving technical problems, not acting as document librarians. This is a direct measure of the friction and inefficiency in your current process.

Check: Are your risk controls from your FMEA explicitly linked to the verification tests that prove they are effective?

It is not enough to just list a risk mitigation like “add an alarm.” You must have a formal link from that mitigation in your risk file to a specific test case in your V&V plan that challenges the system and proves the alarm works as intended under defined failure conditions. This link is non negotiable.

"That's a wrap. Both stories today boil down to one thing: your process is the product. Go ask your quality manager if your traceability matrix is automated or an Excel nightmare. See you next week."
© 2026 Synaptic Digest. All rights reserved.
Share this newsletter

Synaptic Digest

Synaptic Digest is the daily intelligence stream for medical device engineers who value precision over hype. We track the collision of AI, biology, and compliance, delivering a fluff-free analysis of the industry's technical wins, supply chain realities, and regulatory hurdles.

Read more from Synaptic Digest

FDA's AI 'Black Box' Crackdown and Augmented Reality in the OR Today's issue dives into the FDA's new unspoken rule for AI submissions: explainability is now non-negotiable. We also break down the engineering chal... SYNAPTIC DIGEST WEDNESDAY, JUNE 3, 2026 | 8 MIN READ At a Glance: Today's issue dives into the FDA's new unspoken rule for AI submissions: explainability is now non-negotiable. We also break down the engineering challenges behind SKIA's newly cleared AR surgical guidance system....

Impella's 35-Second Shutdown, Manifold Contamination, and Custom-Fit CPAP Masks Today's issue dives into a critical software failure in J&J's Impella heart pumps causing a 35-second shutdown. We also analyze a Class I recall for M... SYNAPTIC DIGEST THURSDAY, MAY 28, 2026 | 16 MIN READ At a Glance: Today's issue dives into a critical software failure in J&J's Impella heart pumps causing a 35-second shutdown. We also analyze a Class I recall for Medline manifolds due to particulate...

A Failed Clasp, an AI Sleep Doctor, and the Next-Gen Liquid Biopsy Today's issue breaks down a Class I recall where a stent graft's delivery system failed to release, explores the complex engineering behind a newly cl... SYNAPTIC DIGEST THURSDAY, MAY 21, 2026 | 12 MIN READ At a Glance: Today's issue breaks down a Class I recall where a stent graft's delivery system failed to release, explores the complex engineering behind a newly cleared AI-powered home sleep test, and examines the shift to...