For many research organisations, hospitals, and medtech startups, the regulatory landscape can feel like a maze of acronyms — ISO 9001, ISO 15189, ISO 13485, GLP, GCP, TGA, MDR, and more.
Everyone knows compliance is important, yet few teams feel confident about what they actually need at their current stage of development.
The result?
Organisations either over-engineer systems they don’t need, burning time and grant money, or under-prepare, only realising too late that critical requirements were missed.
Regulatory readiness isn’t just about meeting a standard.
It’s about understanding which standard applies, when, and why — and building a practical roadmap to get there.
Demystifying the Standards: Which One, When?
Different teams have different regulatory obligations depending on the type of work they do, the maturity of their product, and how close they are to clinical or commercial deployment.
Here’s a simplified overview:
ISO 9001 — Quality Management (General)
Best for:
- Research labs
- University core facilities
- Early-stage medtech startups
- Any organisation needing structured processes
ISO 9001 provides a broad, organisation-wide quality framework. It doesn’t dictate technical specifics — which is why it’s often the starting point for teams building foundational quality systems.
Think of it as the scaffolding for more specialised standards.
ISO 15189 — Medical Laboratories
Best for:
- Hospital pathology labs
- Diagnostic R&D groups
- Labs generating data used for clinical decision-making
ISO 15189 emphasises medical laboratory competence, validation, traceability, and quality control. Translation-focused labs often underestimate how early they need to align to these requirements.
ISO 13485 — Medical Devices
Best for:
- Medtech startups
- Digital health companies
- Combination product developers
- Any team building a device that may be regulated
ISO 13485 is more prescriptive than ISO 9001 and demands rigorous documentation, risk management, design controls, supplier oversight, and post-market processes. If you’re building anything that could one day be a regulated device — start aligning early, even if you don’t yet certify.
GLP — Good Laboratory Practice
Best for:
- Preclinical studies
- Contract research organisations
- Any lab generating data for regulatory submissions
GLP ensures study integrity, traceability, and reproducibility. ISO and GLP are not mutually exclusive — they serve different purposes.
ISO = organisational quality
GLP = study quality
Understanding the distinction prevents wasted effort and misaligned expectations.
The TGA Pathway: Earlier Than You Think
Many startups think about the Therapeutic Goods Administration (TGA) only when their product is “ready.”
In reality, readiness starts far earlier.
The TGA expects evidence of:
- Clear design and development processes
- Risk management (ISO 14971)
- Verification and validation
- Clinical evidence
- Manufacturing controls
- Post-market obligations
Teams that delay this thinking often end up redoing work — a costly setback.
A staged roadmap avoids this trap.
Staged Adoption: Build Quality Without Overwhelm
Trying to become “fully compliant” overnight almost always fails.
The smarter approach is progressive adoption — matching quality maturity to organisational maturity.
Stage 1 — Foundations
- Basic documentation
- Version control
- SOPs for critical processes
- Training records
- Internal accountability
This aligns with early ISO 9001 principles and lays the groundwork for later specialised requirements.
Stage 2 — Fit-for-Purpose Processes
- Risk management
- Change control
- Internal audits
- Clear roles and responsibilities
- Defined workflows
Ideal for translational labs and pre-commercial startups.
Stage 3 — Regulatory Alignment
Depending on your sector:
- ISO 15189 validation pathways
- ISO 13485 design controls
- GLP compliance
- TGA pre-submission readiness
At this stage, quality becomes an enabler of commercial success — not a burden.
Common Pitfalls (and How to Avoid Them)
1. Not Knowing Which Standard Applies
Many organisations attempt to comply with the wrong standard or over-invest in areas irrelevant to their work.
Solution: Map regulatory obligations to your actual workflow, customers, and market pathway.
2. Over-building Too Early
Implementing ISO 13485 before product definition, for example, creates unnecessary overhead.
Solution: Adopt a staged maturity model aligned with development milestones.
3. Under-educating Staff
A system is only as strong as the people using it.
Solution: Provide practical, scenario-based training so staff understand why quality matters, not just what to do.
4. Ignoring Customer and Partner Expectations
Hospitals, CROs, pharma partners, and investors each expect different compliance levels.
Solution: Identify external stakeholder expectations early — and align accordingly.
Regulatory Readiness Begins With Understanding Your Journey
Compliance isn’t binary. It’s a continuum.
Teams that thrive are not the ones who chase certifications blindly — they are the teams that understand:
- Where they are now
- Where they are heading
- Which requirements matter
- What level of compliance their partners, customers, and investors expect
A well-planned quality roadmap protects funding, accelerates translation, enhances reproducibility, and builds trust with regulators and collaborators.
How ZTQ Helps Teams Become Regulatory-Ready
At Zero to Quality, we help research teams and medtech innovators:
- Understand which standards apply to them
- Build staged, right-sized quality systems
- Educate staff in practical, accessible ways
- Prepare for ISO and TGA requirements without over-engineering
- Turn ad hoc processes into structured, reliable, auditable systems
Final thought
Regulatory readiness isn’t about fear, paperwork, or checklists.
It’s about clarity, confidence, and capability.
And ultimately, it’s about helping your science — and your organisation — reach its full potential.
