<a href='https://www.clickcease.com' rel='nofollow'> <img src='https://monitor.clickcease.com' alt='ClickCease'/> </a>
Accessibility.GoToContent
  1. WorkPoint
  2. Knowledge Hub
  3. Blog
  4. How A WorkPoint 365 Solution Is Supporting Medtech Security And Compliance In Sweden

How A WorkPoint 365 Solution Is Supporting Medtech Security And Compliance In Sweden

Scroll

Medicon Village in Lund, Sweden, is the largest science park in Scandinavia. It’s home to more than 180 medtechs, including a number of startups and smaller companies. Mikael Marionsson, Master Architect, at Nordlo – a regional leader in cloud and a certified WorkPoint Partner – has worked with many of these organisations. 

 

Medtech is a highly regulated industry, Mikael’s seen first-hand the size and scale of the compliance burden for startups and small businesses. Through close cooperation and responsible choices of innovative technology, Nordlo helps these companies strengthen their competitiveness and drive digitisation forward.

Part of Mikael’s role involves implementing the right digital tools to enable companies to confidently manage data security and regulatory compliance. One of the solutions he deploys is WorkPoint 365. 

When I first saw WorkPoint 365 and how it worked, I instantly recognised its value as a platform for supporting regulatory compliance and data security in medtech.

- Mikael Marionsson, Master Architect at Nordlo

Holding up under the regulatory burden

When it comes to medtech companies, we tend to think of the major players like Johnson & Johnson, Medtronic, and Philips. But sitting beneath that top layer, are hundreds and thousands of smaller companies and startups. Like any product-driven business model, a medtech usually begins life as a great idea. In this case, it’s a medical device or product that improves healthcare or saves lives. 

Under the EU’s Medical Device Regulation (MDR) and the Food and Drug Administration (FDA) in the US, the certification process for medical devices is complex and time-consuming. It can take months or even years to bring a product to market. Most small companies don’t have the resources for a dedicated regulatory expert; it’s usually done by someone performing multiple roles within the company.  

Understanding the regulatory requirements and how they relate to your specific product is a job in itself. And it’s an important one. It’s the difference between bringing a medical device to market and keeping it there – or not. In Mikael’s experience, smaller companies with limited resources need all the help they can get to ensure their processes, Quality Management Systems (QMS), and data security are robust and compliant. 

Instantly improve supply chain transparency 

It’s not enough for a medical device company to simply know its regulatory responsibilities. They also have to deliver a comprehensive dossier to the relevant authorities (Notified Bodies in the EU) to receive the certification needed to enter a market. 

On top of that, there’s an ongoing need for post-market surveillance (PMS) and change management to keep a product compliant and on the market. It’s in this respect that Mikael spotted the need for a secure and structured document management system that could handle ever-increasing volumes of documents and emails. 

SharePoint is undoubtedly a good starting point, but WorkPoint 365 adds that much-needed connectivity with Outlook, and the ability to bring everything related to a particular aspect of compliance into one place. A good example of this is the responsibilities that legal manufacturers now have with respect to supply chain transparency. 

WorkPoint 365 enables all documents – including contracts, agreements, and reviews – to be tagged and securely stored in one location in the Azure Cloud. Everything related to a supplier can be stored chronologically by year. Companies can also bring other documentation from outside the system into WorkPoint 365 – giving them the complete picture and a single pane of glass over each supplier.

Always in control; always audit-ready 

With documents and data given a standardised structure inside WorkPoint 365, those people responsible for regulatory compliance – the Quality Assurance and Regulatory Affairs (QA/RA) officer and Person Responsible for Regulatory Compliance (PRRC) – can quickly find relevant documents and data when they need them, such as when the company has unannounced audit from a Notified Body. 

The same applies to the Network and Information Systems Directive (NIS2), the EU law that aims to improve cybersecurity across its member states. With documents scattered across your organisation – no matter how small – it can take time to compile the information needed for reporting. With WorkPoint 365 everything you need is tagged and accessible to those with the rights to access it. 

Following the same principle, a WorkPoint 365 solution can also be implemented to support compliance with international standards such as ISO 13485: Medical devices. Whilst not mandatory, completion of this certification can be a useful way to demonstrate that a product meets regulatory requirements. Likewise, it can also be beneficial for structuring and storing documentation around Good Laboratory Practice (GLP) for non-clinical health and environment safety studies.

Security and compliance is not an afterthought

Small companies don’t tend to do security by design – even those in the medtech industry. Their tech stack usually evolves with business needs, such as communication platforms and emails. Even built-in security features or Microsoft 365 can be easily overlooked in the early stages. The same goes for hardware, such as a server used to control freezers. 

The common need in all of this is the ability to control documents and data within the organisation to ensure they’re accessible to those people who need them, yet securely stored to avoid a costly data breach. At the same time, a level of technical expertise is needed to correctly configure the security features available from Microsoft. 

WorkPoint 365 brings a layer of structure and security to documents and data for companies in medtech – or any other industry – running a Microsoft-based solution. The ability to set appropriate access rights based on role, security level, and so on, ensures that people have just enough access to information to get their work done. This is also important as companies begin to introduce AI-powered tools – like Microsoft Copilot – into their workflows.

Bring order to the chaos of compliance

With huge volumes of documents and data flowing in and out of medtech firms, it doesn’t take long for the digital mess to get out of hand. This is no one’s fault. In fact, often it’s due to good intentions that related documents become fragmented and dispersed across the business. 

Here’s a common example that Mikael has seen many times in different organisations: Someone starts off by saving all the documents in one folder, and creates a structure. Then that person leaves the organisation (and all their emails related to the project are lost). Now someone else comes along and starts building on top of the original folder structure. Then another person decides to move the folder to Teams. And so on. Mikael describes this as ‘the popcorn method’. New ideas keep popping up until the pot is full and overflowing, and there’s chaos. 

With WorkPoint 365, medtech companies can build a structure around procedures, policies, or processes. That means when a person leaves the organisation, their documents, data, and communication around different projects or cases remain visible. On top of that, it’s easy to onboard new starters to a system that’s customised to the business needs, clearly organised and structured, and standardised so that anyone can understand it.   

Think your medtech company could benefit from a WorkPoint 365 solution? Nordlo’s IT services can help. Visit their website: https://nordlo.com/en 

Curious about how WorkPoint and Nordlo can add value to your business?

Talk to a Specialist