Regulatory Affairs

Diagnosis

I start by understanding your current regulatory position, your timeline, and the gaps between where you are and where you need to be. No assumptions, no templates.

Strategy

I build a regulatory roadmap that fits your actual situation, not a generic framework. Priorities are set by risk and business impact.

Implementation

I work inside your team to implement the required documentation, processes, and systems. I do not hand over a report and leave.

Capability Transfer

The goal is for your team to carry the regulatory function independently after the engagement. I build internal knowledge, not external dependency.

A typical diagnostic startup starting from zero — two to five people, active development work, no prior QMS — is in a better position than they think. The core requirement of ISO 13485 is not documentation for its own sake. It is a management system that ensures your processes are controlled and traceable. For a small team this can be designed to be lean from the start rather than retrofitted later.

The three most common mistakes when building regulatory compliance retrospectively: designing documentation around how things were done rather than how they should be done, treating the QMS as separate from the actual R&D workflow, and underestimating how much internal time implementation requires alongside active development work. All three are avoidable with the right structure early.

GenTSV §28 project management intersects with ISO 13485 wherever work with genetically modified organisms is part of the development or manufacturing process. The GenTSV §28 Projektleiter carries legal responsibility for biosafety compliance; ISO 13485 requires that the same activities are embedded in a controlled quality management system. In practice, these two frameworks need to be designed together, not separately.

A realistic timeline: nine months is achievable for a startup with a clear scope, dedicated internal resource, and no legacy documentation to unpick. Eighteen months is realistic for a company running parallel development programmes while building compliance. For diagnostic device companies pursuing CE marking under IVDR, ISO 13485 certification is a prerequisite — and the time investment in building a functioning QMS early pays back directly in audit readiness and investor confidence.

What is the difference between ISO 13485 and ISO 9001 for a diagnostic company?

ISO 9001 is a general quality management standard. ISO 13485 is specifically designed for medical device and in vitro diagnostic manufacturers and includes additional requirements around risk management, post-market surveillance, and regulatory compliance. For any company developing a CE-marked IVD, ISO 13485 is the relevant standard.

When should a diagnostic startup begin building its QMS?

Ideally at the point of first structured development work, not at the point of audit preparation. A QMS built retrospectively under time pressure produces documentation that is technically compliant but operationally useless. Starting early means compliance becomes a by-product of good work rather than an additional burden.

What does a GenTSV §28 project manager actually do?

The GenTSV §28 project manager is legally responsible for ensuring that all genetic engineering activities within a facility comply with the Gentechnik-Sicherheitsverordnung. Responsibilities include risk classification of organisms, oversight of safety documentation, communication with the relevant biosafety authority, and training of staff working with GMOs.

How long does ISO 13485 certification take for a startup?

Realistically, 9 to 18 months depending on starting conditions, team capacity, and scope of activities. A company starting from zero with an active R&D programme running in parallel should plan for 12 months minimum.