Project Context
You are the program manager for MedPulse, a mid-size digital health company building a Class II connected wearable that continuously monitors cardiac rhythm and flags potential atrial fibrillation episodes. The product includes: (1) a wearable sensor, (2) a mobile app (iOS/Android), and (3) a cloud service that runs signal processing and generates clinician-facing reports. MedPulse plans to launch in the US and EU with an initial production run of 25,000 devices, targeting $18M ARR in year-one contracts with 6 health systems.
The company has strong prototype traction, but leadership has committed to a hard external date: a notified body surveillance audit aligned to an investor milestone and a major health-system pilot. To ship, you must demonstrate a functioning Quality Management System (QMS) aligned to ISO 13485 and a complete risk management file per ISO 14971 that is traceable through requirements, design, verification/validation, and post-market plans. The audit is in 14 weeks, and the launch window is 18 weeks.
The cross-functional team is 22 people: 8 software engineers (mobile + backend), 4 firmware engineers, 2 data scientists (signal algorithm), 2 QA/validation engineers, 1 UX designer, 2 product managers, 2 regulatory/compliance specialists, and 1 manufacturing engineer. You also depend on an external test lab for IEC 60601-1/EMC testing and a contract manufacturer (CM) for final assembly.
Stakeholder Landscape (and Competing Priorities)
- VP Product wants to hit the pilot date and is pushing for “feature complete” scope including a new clinician dashboard export feature requested by the largest health system.
- Head of Quality/Regulatory (QA/RA) is accountable for audit outcomes and insists on closing documentation gaps (design controls, DHF, DMR, CAPA, complaint handling) before any broader rollout.
- Engineering Director is concerned about velocity loss due to process overhead; the team has historically shipped like a consumer product org.
- Clinical Affairs Lead wants stronger clinical evaluation evidence and tighter labeling/IFU language to reduce misuse risk.
- Manufacturing/Operations is dealing with a component shortage (lead time uncertainty) and wants design freeze earlier to avoid scrap and rework.
You are expected to drive alignment, make trade-offs, and deliver a credible plan that passes audit scrutiny while still enabling a market launch.
Constraints
| Constraint | Details |
|---|
| Timeline | 14 weeks to audit; 18 weeks to launch (pilot starts Week 19) |
| Budget | $450K remaining for external lab testing, consultants, and tooling changes |
| Team capacity | No net-new headcount approved; 2 engineers are already committed 30% to sustaining/on-call |
| Regulatory/QMS | Must demonstrate ISO 13485-aligned design controls and QMS processes; risk management per ISO 14971 must be end-to-end traceable |
| Dependencies | External IEC safety/EMC test lab slots (next available in 6 weeks); CM requires design freeze 8 weeks before first build |
| Technical | Legacy cloud pipeline lacks full audit logs; mobile app currently has limited traceability from user stories to test evidence |
Complications (Realistic Curveballs)
- Midway through Week 5, your notified body requests additional evidence that your risk control measures are verified for effectiveness, not just documented (ISO 14971 emphasis). They specifically ask for traceability from top hazards to verification tests and residual risk acceptability rationale.
- In Week 7, a key firmware engineer announces they are leaving in 3 weeks. They own the BLE reliability work and the device-side logging needed for complaint investigations.
- In Week 9, Sales escalates: the largest health system will only sign if you include the CSV export feature in the clinician dashboard by launch. Engineering estimates 4 weeks of work plus validation.
Your Task (Deliverables)
Produce a program plan and decision framework that demonstrates practical experience with ISO 13485 and ISO 14971 execution.
-
Integrated Roadmap & Critical Path (14–18 weeks)
- Lay out the phases, key milestones, and the critical path across: design controls, risk management file, V&V evidence, manufacturing readiness, and audit preparation.
- Explicitly call out what must be done before the audit vs. what can be completed before launch vs. post-launch under controlled change.
-
ISO 13485 Execution Approach
- Describe how you will operationalize design controls and QMS artifacts (e.g., DHF/DMR, document control, training, supplier controls, CAPA/complaints) with a team that is not used to regulated processes.
- Provide a strategy for ensuring documentation is not “paper compliance” but tied to engineering reality.
-
ISO 14971 Risk Management Plan
- Define how you will structure the risk management file (hazard analysis, risk estimation, risk control measures, verification of controls, residual risk evaluation, benefit-risk where needed).
- Explain how you will drive traceability from hazards → requirements → design → tests → release criteria, including ownership and review cadence.
-
Trade-offs and Scope Decision (CSV Export Feature)
- Decide whether to include the CSV export feature by launch, defer it, or deliver a limited version.
- Justify the decision using risk, compliance impact, validation burden, and business impact. Include a stakeholder management plan for the Sales escalation.
-
Launch Readiness, Monitoring, and Rollback
- Define launch gates (audit pass criteria, V&V completion thresholds, manufacturing release criteria).
- Provide a post-market surveillance plan aligned to ISO 13485/14971 (complaints, vigilance, trend reporting) and a rollback/field action playbook if a safety issue is detected.
Your answer should demonstrate how you’ve executed regulated launches: how you sequence work, manage evidence, handle audit scrutiny, and make hard calls under time pressure.
