Post-Market Surveillance
Regulated development and commercialization journeys where clinical, quality, and market access align.
Inside this journey
-
Pre-Discovery
Align the room on outcomes, decision process, and constraints before deeper discovery.
-
Stakeholder Alignment
Confirm decision roles, timelines, primary compliance obligations, and what 'good' looks like for each stakeholder.
Alignment Questions
A Quick Hello — Who's in Front of Us?
- What's your title and primary responsibility for post-market activities?
- Which product families or device lines will you be focused on for this program? (list product names or codes)
- Who else on your immediate team is expected to be involved day-to-day?
- What is the most important outcome you personally want from improving PMS now?
- When you think about past platform projects, what has made you trust a vendor quickly — or lose trust?
Who Could Quietly Stop This Project?
- Which stakeholders outside your core team have the power to say ‘no’ or put this on hold, even if everyone else agrees?
- Why do you think each of those stakeholders might object—budget, risk, resource, validation burden, or something else?
- Tell us about a time a project stalled because an unexpected stakeholder raised concerns—what happened and how was it resolved (or not)?
- Which of these stakeholders would you want us to engage early to avoid surprises?
- If one of those stakeholders could only be shown a single thing to gain their buy-in, what should that be (e.g., cost avoidance, audit trail, validation package)?
Timelines That Will Make or Break Us
- If the timeline slips even a little, where will you feel the pain first—and why?
- What specific external deadlines are non-negotiable for you in the next 6–18 months (e.g., MDR report due dates, FDA submissions)?
- What internal milestones or board check-ins must we align with?
- Realistically, how much calendar slack do you have between a project delay and the first regulatory impact?
- If we commit to a target go-live date, what are the single biggest internal blockers that usually prevent you from hitting it?
What Are We Assuming About Compliance That Might Be Wrong?
- Where do you feel the team has been 'making do' with processes that wouldn’t pass a close regulatory or auditor review?
- Which regulations are you most anxious about meeting with this project—pick all that apply
- Have you ever received a finding or observation tied to post-market surveillance or vigilance? What was the nature and impact?
- Which compliance artifacts do you currently lack or find weakest (e.g., traceability matrix, validation evidence, audit logs)?
- How would you describe your comfort level with the current ability to show 'audit-ready' processes to an inspector?
When Everyone Says 'Good'—Do They Mean the Same Thing?
- If we asked Legal, Quality, and the Head of Product to define 'good' for this program, how different do you think those answers would be?
- For each stakeholder group, what would a successful outcome look like? (List stakeholder → measurable sign of success)
- Which stakeholder’s definition of success is most likely to require trade-offs, and what trade-offs do you foresee?
- How important is preserving existing manual workflows versus moving to automated processes?
- If forced to prioritize, which success metric must we hit first (choose one)?
The Data Gatekeepers — Who Controls Your Sources?
- Who controls access to your primary complaint and adverse event feeds (CRM, field service, clinical safety, literature monitoring)?
- How confident are you that the data owners will agree to mapped exports and ongoing integration?
- What are the common reasons data owners say 'no' to integrations in your organization?
- Which data source do you expect to be the trickiest to normalize for signal detection (CRM notes, field service logs, literature, legacy databases)?
- If a key data owner resists, what compromise would be acceptable to you (e.g., delayed integration phase, partial extracts, anonymized records)?
How Will We Know We’ve Succeeded (Beyond Feeling Better)?
- What concrete KPIs will you use to decide this project is a success at 3 months, 6 months, and 12 months?
- Which of the following outcome measures matter most to your regulators and auditors?
- What level of reduction in manual effort (hours/week or FTE) would justify the investment to your finance sponsor?
- How do you prefer acceptance criteria to be documented—detailed test cases, executive sign-off checklist, or both?
- Who will have final sign-off authority for acceptance—name role(s) and their tolerance for risk?
Governance: Who Keeps This Ship on Course?
- If we set up a steering committee, who do you insist must be on it and why?
- How often should governance meetings occur to keep momentum without creating meeting fatigue?
- What decisions need to be escalated versus handled by the project team?
- Who do you trust to make trade-off decisions when compliance, budget, and timeline conflict?
- What forum or artifact (e.g., decision log, RAID register) has helped you avoid repeated scope churn in previous programs?
Unspoken Deal-Breakers — Tell Us the Hard Stuff
- What is a non-negotiable constraint for this program that would cause you to stop the project immediately if unmet?
- Are there commercial terms or procurement red lines (e.g., liability limits, data residency) that must be resolved before technical work begins?
- What internal political sensitivities should we avoid when engaging teams or communicating progress?
- If this program fails, what’s the worst organizational consequence (regulatory action, product recall, leadership fallout)?
- What's one thing you haven’t told other vendors that we should know to avoid blind spots?
Early Commitments — Small Bets That Demonstrate Progress
- Which of these low-risk early wins would be most persuasive to your stakeholders?
- Who needs to see those early wins and in what format (demo, deck, validated report)?
- What is a realistic 30/60/90-day success plan that would get broad stakeholder confidence?
- Would you be open to a short pilot with real data under an NDA to validate assumptions quickly?
- What resources can you commit in the near term (e.g., SME hours, IT support, validation reviewer) to make a fast pilot possible?
Close the Loop — Clear Next Steps and Owners
- Based on this conversation, what are the top three immediate actions you expect from us?
- Who on your side will be the day-to-day project owner and who will be the executive sponsor (name/role)?
- What decision or deliverable would make you comfortable signing an initial statement of work?
- When should we schedule a follow-up meeting to review the pilot plan and stakeholder engagement strategy?
- Is there anything we missed in this discussion that could change your priorities or timeline?
-
Current State Mapping
Inventory data sources (CRM, field service, adverse event feeds, literature), reporting gaps, and regulatory risk exposures to prioritize.
Current State
Quick Snapshot: Who’s on the Field?
- Who on your team will be the day-to-day owner for post-market surveillance and integrations?
- Which markets and competent authorities does your product portfolio currently report into?
- Roughly how many distinct medical device SKUs or device families are in active post-market surveillance today?
- What systems currently store complaint and field data (select all that apply)?
- Who is your single point of contact for integrations and IT security approvals?
Are You Missing the Signals That Matter?
- Tell us about a time when a safety issue emerged late—what signs existed beforehand that were missed?
- How do you currently define an emerging signal versus routine variation?
- How confident are you that your current process would detect a low-frequency but high-severity signal in time to meet reporting requirements?
- Which types of signals do you worry are most likely to be overlooked?
- How often do you review sensitivity and specificity of your trending methods?
Where Does the Noise Live? Mapping Your Data Blockages
- What percentage of complaint and service records are digitized and accessible for automated analysis today?
- Which of these best describes where your most valuable surveillance data is stored?
- Do you have consistent device identifiers (UDI, catalog numbers, serial) across systems to enable traceability?
- Which technical connectors are available for the systems you want integrated?
- Describe the most common data quality issues you see (e.g., missing fields, inconsistent coding, duplicates).
- Who currently owns reconciliation and remediation when data quality issues are found?
When Reports Become a Bottleneck
- How long does it typically take to produce a full PSUR or EU MDR periodic report from initial data pull to final sign-off?
- Which steps in your reporting process are most manual or error-prone?
- Have you missed statutory reporting deadlines in the past 3 years? If yes, what caused the delay?
- How do you currently document audit trails and traceability for report contents?
- In a crisis requiring urgent vigilance submission, what is your typical time-to-submission today?
What’s Really Risking Your License to Operate?
- If a regulator audited your post-market surveillance tomorrow, where would you expect the toughest questions to land?
- Have you received any regulatory observations, CAPAs, or warning letters related to post-market surveillance in the last five years? Please summarize.
- How formalized is your method for prioritizing regulatory risk exposures (e.g., risk matrix, RAG status)?
- Who signs off on acceptance criteria that determine when a signal becomes a reportable event?
- How stressed or resourced is your team during peak reporting periods?
What Would Audit-Ready, Automated Surveillance Look Like?
- Imagine your ideal state: how sensitive should signal detection be (e.g., favor fewer false positives vs. maximize catch rate)?
- Which automated outputs would deliver the most value for you right away?
- What measurable success signals would show you the solution is working (choose up to three)?
- What level of explainability do you require for trending algorithms in audit (e.g., statistical detail, adjustable thresholds, human-readable rationale)?
- How would achieving that ideal change day-to-day life for your team and stakeholders?
What Would It Really Take to Change?
- If we proposed an integration and pilot, what would be the single biggest internal obstacle to moving forward?
- Which groups must be involved and signed off for you to proceed (select all that apply)?
- What is your target decision timeline for selecting a post-market surveillance platform?
- What level of integration and validation support would you expect from a vendor to consider a pilot successful?
- What budget posture exists for this initiative and who controls allocation?
- What would ‘success’ look like at the end of a 3-month pilot (be specific)?
One Last Thing: Practical Next Steps and Quick Wins
- Which small, high-impact data source could we integrate first to prove value quickly?
- Who should be on a 30-minute technical discovery to confirm connectors and security requirements?
- Would you find it helpful to run a short data health checklist together to estimate effort and timelines?
- What is the best way to show early ROI to your leadership (select top two)?
- Is there any other context, sensitive issues, or recent changes we should know before proposing a pilot?
-
-
Outcome Discovery
Define target outcomes—signal detection sensitivity, automated report cadence, and audit-ready traceability—and measurable success signals.
Discovery Questions
Quick Intro: Your Post-Market World
- In one sentence, what is your top priority for post-market surveillance this year?
- Which geographic markets and product lines are highest priority for meeting MDR/IVDR and FDA obligations right now?
- How large is the core team accountable for post-market surveillance and regulatory reporting?
- Which systems currently hold your complaint and adverse event data?
- How would you describe your team’s current emotional state about PMS work—confident, stretched, reactive, or resigned?
Are We Missing the Signals?
- What safety signals do you suspect have slipped under your radar in the past 12 months?
- How frequently do you believe a meaningful signal emerges that your current process fails to detect?
- Where are the blind spots most often: complaint classification, trend thresholds, literature, field service, or cross-system correlation?
- Who usually notices a potential signal first (role or team), and what typically happens next?
- If you had to quantify the chance that an emerging issue is missed before it becomes reportable, what percent would you assign?
- What emotions surface when you think about a missed signal (fear, frustration, embarrassment, financial worry, other)?
What's the Cost of 'Good Enough'?
- If an auditor or regulator reviewed your PMS program right now, which gap would most likely trigger a finding?
- What has been the most tangible consequence of current PMS gaps—late reports, rework, CAPAs, recalls, or near-miss citations?
- How many person-hours per month does your team spend assembling or validating post-market reports?
- Where do you see the worst waste of time—manual data pulls, inconsistent classification, algorithm tuning, or report formatting?
- Describe a recent near-miss or scramble that made you think 'we need a better system'—what happened and who paid the price?
What Keeps Your Team Awake at Night?
- Which single post-market process would you call 'most likely to fail under pressure'?
- How often do urgent regulatory questions derail your planned work—daily, weekly, monthly, rarely?
- When timelines compress, what do you cut or compromise on—validation steps, documentation completeness, or stakeholder review?
- Who are the internal stakeholders that most resist changes to PMS processes and why?
- How does the stress of these pressure points show up in team behavior or morale?
- What would be the immediate operational benefit if that highest-risk process never failed again?
Imagine Audit-Ready Confidence
- What would it look and feel like if every safety signal, report, and change had audit-ready traceability by default?
- Which measurable success signals matter most to you: earlier detection, fewer false positives, percent automation of reports, or auditor pass rate?
- For signal detection sensitivity, which trade-off do you prefer: higher sensitivity (more alerts) or higher specificity (fewer false alarms)?
- What automated report cadence would meaningfully reduce your workload—ad hoc on signal, monthly, quarterly, annually, or per-regulator schedule?
- If we proved a 30–50% reduction in report preparation time, what would that enable your team to do differently?
The Data Story: Where Truth Lives
- How confident are you that key data mappings (device identifiers, complaint categories, timelines) are accurate across systems?
- Which data quality issues cause the most problems: missing fields, inconsistent taxonomy, duplicate records, or delayed ingestion?
- Which systems must integrate for a successful implementation (select all that apply)?
- Who owns data quality and mappings today, and how quickly can they support an integration project?
- When data conflicts appear, what governance or escalation path do you use?
- Describe a recent example where poor data lineage led to rework or regulatory risk—what was the root cause?
What Would Change If We Could?
- If you could remove one bottleneck from the PMS lifecycle in 30 days, which would create the biggest regulatory and business impact?
- What internal barriers would we need to clear to make that 30-day change stick (budget, resources, validation, executive buy-in)?
- How do you prefer to pilot changes: single product family, single market, or single process (e.g., trending) first?
- What short-term KPIs would prove success in a pilot (time to signal, report automation %, reduction in hours)?
- Who are the internal champions and blockers you would want involved on day one?
Agreeing What Success Means and Next Steps
- If we put an implementation plan on the table today, what is the single non-negotiable acceptance criterion you’d require at handover?
- Which validation deliverables must be included for your quality system to accept a new PMS capability?
- What commercial or timing constraints could block a decision this quarter?
- Realistically, when would your team be ready to start a pilot or integration project?
- What would you like our next interaction to deliver—a demo using your data, a mapping workshop, a pilot proposal, or an executive briefing?
- Is there anything we haven’t asked that would change how you evaluate PMS solutions? If so, please tell us.
-
Solution Experience
Apply the customer’s data and scenarios to demonstrate how the platform detects signals, consolidates complaints, and produces MDR/PSUR/vigilance outputs to achieve outcomes.
Experience Meetings
- Data & Scenario Readiness (Pre-Experience Alignment)
- Live Signal Detection Workshop (Diagnosis → Proof → Validation)
- Complaint Consolidation & Regulatory Output Generation
- Validation & Acceptance Review (Pilot Decision)
- Customer: Provide 3–5 high-priority scenarios (example incidents) to be used as validation cases in the live demo.
- Identify any remaining data gaps or scenario exceptions to be addressed before regulatory report generation.
- Seller: Produce a report of all signals detected during the workshop with rationale and performance metrics (precision/recall estimates).
- Customer: Provide feedback on each validated signal and supply any missing context or follow-up documents.
- Seller: Implement agreed tuning changes and re-run detection on full sample dataset; deliver results.
- Customer: Confirm additional scenarios or edge cases to be included in the next run.
- Frame Regulatory Acceptance Criteria
- Prove the platform can generate MDR/PSUR/vigilance outputs that meet the customer's documented acceptance criteria.
- Validate audit-ready traceability from raw complaint to regulatory submission artifacts.
- Agree the list of template changes and owners to finalize regulatory outputs for pilot testing.
- Seller: Export and deliver the draft MDR, PSUR, and vigilance documents generated during the session for legal/regulatory review.
- Customer: Review drafts against internal regulatory checklist and return detailed feedback within X business days.
- Seller: Update report templates and workflows per agreed adjustments and document versioning for validation.
- Customer: Assign regulatory SME to confirm acceptance or list required edits for each report type.
- Recap Success Signals and Acceptance Criteria
- Obtain final acceptance (or conditional acceptance) that the Solution Experience proves the defined future state outcomes.
- Agree remediation tasks with owners and timelines for any gaps needed to reach acceptance.
- Confirm handoff requirements and artifacts needed for the Deployment and Validation Checklist stages.
- Seller: Compile a validation pack (data lineage, signal metrics, consolidated case logs, draft reports) and deliver to customer.
- Customer: Provide formal sign-off or a prioritized remediation list with owners and due dates.
- Seller & Customer: Schedule follow-up gating call to confirm remediation completion and pilot go/no-go decision.
- Capture a single-sentence current state that every participant agrees is accurate.
- Document the explicit consequence of the current state in measurable terms (time, cost, regulatory risk).
- Agree on a single-sentence future state outcome that the Solution Experience must prove.
- Confirm availability and delivery timeline of masked sample data and representative scenarios needed for the live session.
- Customer: Deliver masked sample extract(s) (complaints, service logs, adverse events, literature) covering X months by [date].
- Seller: Prepare ingestion pipeline and mapping template for the provided sample(s).
- Introductions & Meeting Objectives
- Seller: Share pre-demo checklist and run a dry ingest in a staging environment before the live workshop.
- Recap Preconditions (Current state, Consequence, Future state)
- Demonstrate with customer data that the platform identifies the prioritized signals that map to the customer's future-state outcome.
- Validate, in-line, that detections and consolidations reflect customer expectations for signal accuracy and triage workload reduction.
- Agree on algorithm thresholds and rule changes required for pilot acceptance.
- Confirm Current State (one sentence)
- Demonstrate Complaint Consolidation to Case Drafts
- Presentation of Validation Evidence
- Live Ingest & Mapping Confirmation
- Gap Review & Remediation Plan
- Detection Walkthrough: Algorithm Behavior on Customer Data
- Generate Draft MDR/PSUR/Vigilance Reports
- Surface Consequence (one sentence)
- Formal Acceptance or Conditional Sign-off
- Audit Trail & Traceability Review
- Triage & Consolidation: Case Creation and De-duplication
- Define Future State Outcomes (one sentence)
- Data Inventory & Sample Mapping Review
- Validation Checkpoint: Force Customer Confirmation
- Validation Check: Compare Drafts to Acceptance Criteria
- Next Milestones and Handoff to Deployment
- Adjust Thresholds & Re-run (if needed)
- Agree Template and Process Adjustments
- Pre-demo Validation Checklist & Responsibilities
- Summary of Findings & Agreed Tuning
-
Solution Scope
Define modules, integrations, trending algorithms, report templates, validation deliverables, and responsibilities for compliance and operations.
Scope Configuration
- Ingest and Normalize CRM Complaint Data
- Integrate Field Service Records and Logs
- Map, De-duplicate, and Consolidate Cases
- Configure Trending and Signal-Detection Algorithms
- Deploy Automated FDA MDR Submission Workflows
- Deploy Automated EU MDR/Vigilance Report Generation
- Set Up Literature and External Source Monitoring Feeds
- Generate Post-Market Surveillance Reports (PMSR)
- Generate Periodic Safety Update Reports (PSUR)
- Link Surveillance Events to CAPA Workflows
- Configure Product-Family Performance Dashboards
- Provide Validation Packages (IQ/OQ/PQ) and Traceability
- Enable Role-Based Access Controls and Audit Trails
- Migrate Historical Complaint and Adverse Event Archives
Scope Questions
Ingest and Normalize CRM Complaint Data
- Which CRM systems or complaint intake sources must be ingested?
- What is the expected daily/weekly complaint volume to ingest?
- How is complaint data currently exported from your CRM (API, CSV/Excel, DB dump, other)?
- Do you require mapping of custom CRM fields to surveillance data model?
- Which coding standards or normalizations are required (e.g., MedDRA, custom codes, free-text NLP)?
- If there are privacy or data residency constraints for CRM data (e.g., EU data residency, HIPAA), describe them.
Integrate Field Service Records and Logs
- Which field service systems or formats must be integrated?
- Do field service records include device serial numbers or lot identifiers for linkage?
- What is the frequency of field service data updates (real-time, daily batch, weekly)?
- Are telemetry or sensor logs part of the field data set that should be parsed?
- Do you require linkage rules between field service events and complaint/adverse event cases?
- Please list any proprietary file formats, schemas, or APIs the field service integration must support.
Map, De-duplicate, and Consolidate Cases
- What primary identifiers should be used for case matching (serial number, patient ID, contact, incident date)?
- What is your preferred de-duplication rule: strict match, fuzzy match, or human review threshold?
- Do you want consolidation across sources (CRM, field service, literature) into a single case record?
- What minimum data elements must be present for an automated consolidation to proceed?
- What tolerance for false positives/false negatives in dedupe do you accept (e.g., allow 1% manual review rate)?
- Who should own final consolidated case review and approval (role/title)?
Configure Trending and Signal-Detection Algorithms
- Which product dimensions should trending be stratified by (model, lot, manufacturing site, geography)?
- Which algorithm types do you prefer or require (e.g., disproportionality, control charts, Poisson CUSUM, Bayesian)?
- What sensitivity vs. specificity tradeoff is preferred for alerts (high sensitivity - more alerts, high specificity - fewer alerts)?
- What baseline historical window should algorithms use for comparison (e.g., 6 months, 12 months)?
- Do you require algorithm parameter tuning and documentation for regulatory validation?
- Are there specific signals or event types that must be prioritized (e.g., serious injury, death, malfunction)?
Deploy Automated FDA MDR Submission Workflows
- Do you currently submit MDRs electronically (e.g., FDA eMDR, legacy methods)?
- Which submission types should be automated (5-day reports, 30-day follow-ups, supplemental reports, MDR narrative generation)?
- What information must be included in automated submissions (reporter identity, manufacturer contact, device identifiers)?
- Do you require pre-submission human review/approval gates for automated MDRs?
- Are there internal escalation rules or timelines tied to MDR generation that the workflow must trigger?
- What validation or audit evidence is required to demonstrate correct MDR generation and submission?
Deploy Automated EU MDR/Vigilance Report Generation
- Which EU reports must be generated automatically (PSUR, Periodic Safety Reports, Serious Incident Reports, Field Safety Corrective Actions)?
- Do you need EUDAMED submission support and which modules are relevant?
- Should report narratives and templates be localized (languages, national competent authority formats)?
- Do you require a draft-for-review step before finalizing EU reports?
- What cadence is required for periodic reports (annual, quarterly, custom)?
- Are there specific MAH/Distributor responsibilities or sign-off requirements to capture in the workflow?
Set Up Literature and External Source Monitoring Feeds
- Which external sources should be monitored (PubMed, clinicaltrials.gov, MAUDE/FAERS, regulatory advisories, social media)?
- What frequency of literature scanning do you require (daily, weekly, monthly, continuous)?
- Should literature-derived signals automatically create surveillance cases or only surface as alerts for review?
- Do you require language translation or multi-language monitoring?
- How should literature matches be de-duplicated against internal cases (link by DOI, study ID, keywords, patient details)?
- Please list any subscription-based sources or paywalled services the integration must support.
Generate Post-Market Surveillance Reports (PMSR)
- What PMSR template or regulatory structure must reports follow?
- What reporting cadence and reporting window should be used for PMSR generation?
- Which sections must be auto-populated (signal analysis, trends, corrective actions, benefit-risk conclusions)?
- Do you require reviewer sign-off workflows and electronic signatures on PMSRs?
- What level of traceability is needed between report content and source data (e.g., data lineage to individual complaint records)?
- Who are the internal owners for PMSR review and approval (roles/titles)?
Generate Periodic Safety Update Reports (PSUR)
- Which jurisdictions require PSURs or equivalent periodic safety reports from you?
- What is the required periodicity and reporting window for PSURs?
- Should PSURs include integrated literature review and aggregated trend data?
- Do you require automated drafting of benefit-risk narratives and proposed actions within the PSUR?
- Are there specific sign-off, distribution, or submission channels for PSURs (e.g., QMS, MAH, distributors)?
- What archival and versioning requirements do you have for PSURs?
Link Surveillance Events to CAPA Workflows
- Which CAPA or QMS system do you use (e.g., MasterControl, TrackWise, Jira, ServiceNow)?
- What criteria should automatically trigger a CAPA creation from a surveillance event?
- Should CAPA creation be fully automated or require human approval prior to creation?
- What fields and data must be mapped from the surveillance case to the CAPA record?
- Do you require closed-loop verification that actions from CAPA are reflected back in surveillance metrics?
- Who are the stakeholders/roles that must be notified or assigned when a CAPA is created?
-
Mutual Commit
Finalize commercial terms, acceptance criteria, timelines, and governance required to meet EU MDR, IVDR, and FDA reporting obligations.
Agreement Modules
- Statement of Work (SOW)
- Master Services Agreement (MSA)
- Order Form / Subscription Agreement
- Pricing & Payment Schedule
- Acceptance Criteria & Test Plan
- Regulatory Compliance Annex
- Data Processing Agreement (DPA)
- Service Level Agreement (SLA) & Support
- Validation Deliverables & Traceability Matrix
- Implementation Timeline & Milestones
- Change Order & Scope Management
- Governance & Steering Committee Charter
- Security & Penetration Testing Agreement
- Training & Knowledge Transfer Plan
- Warranty, Liability & Indemnification
- Termination, Renewal & Exit Plan
- Audit Rights & Documentation Access
- Regulatory Submission Support Agreement
-
Deployment
Operationalize rollout with readiness checks, enablement, and compliance validation.
-
Pre-Deployment Readiness
Confirm data mappings, access rights, environments, validation plan, and regulatory controls are in place before execution.
Readiness Questions
Start Here: A Quick Snapshot of Your World
- Who is in the room for post-market decisions at your company (names or roles)?
- Which markets and regulations are highest priority right now?
- Roughly how many active device SKUs or product families does your PMS program cover?
- What are the top three immediate deliverables that keep your team up at night (e.g., MDR reports, PSURs, trending, audits)? Please list.
- How would you describe your current approach to signal detection?
- How confident do you feel today that your current PMS process would stand up to a regulatory inspection?
What Could Be Hiding in Plain Sight?
- If a safety signal today led to a recall, how likely is it that the root cause was visible in your existing data but simply not found?
- Which data sources do you currently rely on for surveillance (select all that apply)?
- How regularly are those sources consolidated into a single surveillance view?
- Tell us about a time you missed an emerging issue—what signs were present and what stopped the team from acting?
- How much manual work goes into taking a raw complaint to a reportable event today?
- Which part of the data pipeline feels most fragile or error-prone to you?
Who Really Pulls the Trigger on Safety Actions?
- When a potential signal appears, what usually determines whether it becomes an investigation rather than a note in a tracker?
- Which roles must sign off on an MDR or vigilance submission in your organization?
- How aligned are timelines between compliance, operations, and commercial teams when an event needs escalation?
- Describe how disputes about reportability are resolved today and how long resolution typically takes.
- What acceptance criteria do you currently use to close a signal as 'no action'—and how often are those criteria formally documented?
- If decision roles could change tomorrow, what single change would most speed up safe, compliant action?
Where the Compliance Paper Trail Breaks (and How That Feels)
- When auditors ask for traceability from complaint intake to regulatory submission, where do you most struggle to produce clean evidence?
- Have you had recent audit findings, warning letters, or regulatory feedback related to post-market surveillance? If yes, what were the themes?
- How complete are your validation artifacts for the systems used in surveillance (IQ/OQ/PQ, traceability matrices, test scripts)?
- Tell us about a moment when documentation or process gaps created extra risk or rework—what happened and how did it land on the team?
- Which regulatory controls do you consider non-negotiable to demonstrate before go-live?
- How does it feel internally when an audit exposes PMS weaknesses—embarrassing, urgent, paralyzing, motivating, or something else?
If Reports Came Out Right, Every Time—What Would Change?
- Imagine MDR/PSUR/FDA reports are delivered accurately and on time for the next 12 months—what immediate business outcomes do you expect?
- What specific metrics would convince you the platform is delivering value (e.g., reduction in manual hours, time-to-report, signal detection lead time)? Please prioritize top 3.
- How important is automated linkage between PMS events and CAPA/engineering workflows to your success?
- If you could reduce one downstream cost or burden by 50% (e.g., report prep, audit prep, manual triage), which would you choose?
- What would signal to your executive team that the surveillance program is strategic rather than purely operational?
- How would your customers or end users notice a meaningful improvement in post-market surveillance?
What Implementation Really Looks Like (Not the Sales Pitch)
- If implementation revealed three hidden integration tasks, how would that change your timeline or budget appetite?
- Which systems must be connected at go-live (select all that apply)?
- Do you have a validated test environment strategy (SIT/UAT/PRE-PROD/PROD) and if so, which environments are available today?
- Who will own data mappings, and what internal capacity exists for mapping and data cleanup?
- What are the must-have validation deliverables for your launch (e.g., test scripts, traceability matrix, performance reports) and which are most likely to slow you down?
- How ready is your IT/security team to grant the access rights needed for integration and ongoing operations?
One Thing We Could Remove Today—Where Would You Start?
- If you had to name the single biggest blocker to a smooth go-live, what is it?
- Which internal stakeholders do we need onboard for a successful pilot and who is the likely executive sponsor?
- What would success look like after a 90-day pilot (concrete outputs and acceptance criteria)?
- How much runway (time and budget) do you realistically have to validate, train, and transition teams before regulatory deadlines force prioritization?
- Which types of training or enablement help your teams adopt new surveillance workflows fastest?
- Are you open to a staged rollout (pilot product family first) or do you require a big-bang approach? Why?
-
Deployment Enablement
Execute integrations, configure algorithms and report templates, deliver user training, and coordinate cutover tasks with owners and milestones.
-
Validation Checklist
Complete verification: data lineage, trending performance, test MDR/vigilance submissions, documentation for auditors, and formal acceptance.
Validation Questions
Quick Intro: Who’s in the Room?
- Please tell us your name, role, and which part of the product portfolio you represent (brief).
- Which function best describes where you sit?
- Which regulated markets are highest priority for your organization right now?
- How many active marketed device families would this program initially cover?
- Roughly how many FTEs are dedicated to post‑market surveillance, vigilance, or complaint handling today?
- In one sentence, what outcome would make you say this engagement was worth it?
Are You Comfortable Flying Blind?
- How often have you felt confident that you would catch an emerging safety signal before it became a regulatory event?
- Tell us about a moment when your team discovered a safety issue late—what happened and what was at stake?
- How frequently do you identify potential signals that later turn out to be meaningful (true positives)?
- When a potential signal arises, what is your typical time to triage and escalate (from detection to decision)?
- What emotions come up for you when you think about missed signals, late reports, or surprise audits?
Where Your Data Is Hiding (and Why It Matters)
- If an auditor asked for a full lineage on a complaint today, how many separate systems would you need to query to assemble the story?
- Which data sources currently feed your post‑market surveillance view? (select all that apply)
- Which CRM or complaint system is the primary source today?
- How would you describe the quality of your existing data mappings and unique identifiers across systems?
- What percent of your complaint records are structured (fields) versus unstructured (free text, attachments)?
- What are the top three technical or organizational blockers to connecting those systems? (list)
What Would a Regulator’s Worst Day Reveal About You?
- If a regulator requested all records and rationale behind a MDR/MAUDE submission made in the past 12 months, how confident are you that you could provide an audit‑ready trail?
- Have you had recent audits, FDA inspections, or Competent Authority inquiries that flagged PMS, trending, or reporting gaps?
- What formal validation documentation do you currently maintain for your surveillance workflows (e.g., algorithm validation, data mapping verification, user acceptance test scripts)?
- Who in your organization is accountable for regulatory acceptance criteria and final sign‑off for MDR/vigilance submissions?
- Describe one traceability gap you worry would show up in an audit and what would be required to fix it.
What If Your System Actually Found the Next Problem?
- Imagine an early signal that prevents a recall—what would that success look like for your team and patients?
- Which outcome matters most when measuring signal detection effectiveness?
- How tolerant are you of false positives (noise) if it means catching more true signals?
- Which cadence do you need for automated reporting and dashboards to feel useful?
- What measurable success signals would make you comfortable to expand a pilot into full deployment? (select up to 3)
What Needs to Be In Scope to Make This Real?
- Which functional modules must be included in scope for an initial implementation?
- Which integrations will be required as part of scope (select all that apply)?
- What kinds of trending algorithms or analytic approaches are you most interested in testing?
- Which validation deliverables are must‑haves for your QA/regulatory teams?
- Who must own operational responsibilities post‑deployment (data steward, surveillance analyst, regulator liaison)? Please name roles and one primary owner each.
- Are there any hard deadlines (regulatory filings, audits, product launches) that constrain scope or timeline? Please specify dates.
Can We Agree on a Practical Pilot That Proves Value?
- If we designed a pilot to demonstrate value in 8–12 weeks, what single objective would make it a success for you?
- What dataset(s) are available for a focused pilot? (select all that apply)
- What acceptance criteria would you require to sign off the pilot? (select up to 3)
- Who are the decision makers who must approve pilot continuation or commercial terms?
- What budget posture exists for a pilot and follow‑on deployment?
- What would be a realistic launch window for a pilot given your internal constraints?
How Will This Change Feel Day‑to‑Day?
- Who will be the daily users of the platform and what are their primary frustrations with current tools?
- What training or enablement format helps your teams adopt new systems fastest?
- Which internal change blockers do you expect (culture, process, tooling, headcount)?
- How will you measure user confidence and adoption after deployment? (select up to 3)
- If adoption stalls, what escalation path or incentives have historically worked to get teams back on board?
Next Steps: What Would Success Actually Look Like?
- Summarize in one paragraph what would need to change for you to declare this project successful at 6 months.
- Which three KPIs should we track together during implementation and beyond?
- Who else should we bring into the conversation to make decisions faster (names and roles)?
- What are your biggest remaining concerns about moving forward—technical, regulatory, people, or financial?
- Finally, what would you like us to prepare for the next meeting to make it as valuable as possible?
-
-
Success
Review outcomes against success signals, close remaining gaps, and maintain a shared channel for issues and enhancements.
Success Reviews
- Success Outcomes Review — Executive Alignment
- Gap Resolution Workshop — Tactical Closeout
- Continuous Improvement & Enhancements Planning
- Audit & Regulatory Acceptance Review
Issues & Enhancements
- Welcome & Objectives
- Schedule validation test runs and assign validators from regulatory/quality teams.
- Implement agreed temporary controls for any gaps posing immediate regulatory risk.
- Update traceability matrix to link remediation tasks to acceptance criteria and audit artifacts.
- Synthesis of User Feedback & Metrics
- Create a prioritized backlog of enhancements balancing compliance risk and operational value.
- Define the shared channel usage, triage, and escalation rules with SLA targets.
- Agree pilots and validation approach for high-impact enhancements.
- Publish prioritized enhancement backlog with estimated effort and compliance impact.
- Configure the shared issues/enhancements channel and document triage/escalation SLAs.
- Schedule pilot validation windows and identify sample datasets and success metrics.
- Assign product/engineering owners for top 3 enhancements for next cycle.
- Validation Deliverables Review
- Confirm audit pack completeness and that evidence satisfies MDR/IVDR and FDA expectations.
- Obtain formal sign-off for regulatory readiness or agree an action plan to reach readiness.
- Agree handover tasks to audit and operational teams with owners and timelines.
- Finalize and upload the audit pack to the controlled repository with version control.
- Obtain required sign-offs from QA, Regulatory, and Product for regulatory acceptance.
- Schedule a mock audit and assign attendees from product, IT, and regulatory to validate readiness.
- Close any remaining doc gaps and update the validation traceability matrix.
- Validate measured outcomes against each success signal and surface any deviations.
- Ensure executives understand consequence of remaining gaps and approve remediation or formal acceptance.
- Establish owners, timelines, and the shared communication channel for ongoing issues.
- Produce a concise outcomes report mapping each success signal to measured metrics and gaps.
- If required, approve and publish the prioritized remediation plan with owners and deadlines.
- Create the shared issues/enhancements channel and invite named stakeholders.
- Record formal acceptance decision and archive in project governance folder.
- Pre-work & Context Check
- Agree remediation approach and owner for each top-priority gap.
- Define concrete validation steps and acceptance criteria to prove each gap's closure.
- Establish timelines and interim mitigations to reduce regulatory exposure.
- Publish the remediation task list with owners, dependencies, and delivery dates.
- Current State (one-sentence)
- Top Gaps Review with Consequence Quantification
- Prioritization Framework (Compliance Impact/Risk/Value)
- Data Lineage & Traceability
- Test MDR/Vigilance Submissions & Evidence
- Measured Outcomes vs Success Signals
- Root-Cause Analysis & Option Mapping
- Roadmap & Resource Planning
- Shared Channel & Escalation Workflow
- Define Remediation Tasks, Owners, & Timelines
- Gap Summary with Consequence
- Outstanding Documentation Gaps & Regulatory Consequence
- Pilot/Validation Approach for Enhancements
- Proof Cases — Diagnosis → Proof → Validation
- Formal Acceptance Checklist & Handover
- Validation Plan & Acceptance Criteria
- Decision & Acceptance Discussion
- Risk Mitigation & Temporary Controls
- Next Steps & Governance