Practice Group

Quality Systems and Compliance

Helping medical device and pharmaceutical developers, manufacturers and distributors succeed by implementing and maintaining
processes and products that are effective, efficient and compliant with regulatory requirements.

The U.S. Food and Drug Administration (FDA), other countries’ equivalent agencies to the FDA, and Notified Bodies, regulate pharmaceutical and medical device companies and their products, including drug / device “combination” products. They oversee every aspect of your product’s life cycle from initial design concept through manufacturing, distribution, and post-market activities as well as your company’s quality systems and documentation. That’s why bringing seasoned experts onboard to assist and guide you through each aspect of these requirements is critical from day one.

Addressing Needs and Challenges

While the journey from concept to market varies,the roadblocks, detours and hazards mostly fall into these three broad categories:

  • Compliance structure: Depending on the product’s type, classification, and risk factors, getting authorization for new or updated products can be a long and drawn-out process. Having a complete and accurate compliance structure in place can shave off weeks, months, or even years.
  • Evidence of compliance: Equally important, companies need to be able to present objective evidence — proof — of compliance every step of the way. Setting up complete and reliable compliance systems including all required documentation will dramatically save your company time, effort, and money.
  • Ever-changing regulations: We tend to see government agencies as slow and plodding. While they certainly can be, the regulations, guidelines, and priorities can shift and change at a dizzying pace. A strategic partner with a deep industry background can see how these agencies will interpret what they find and see what’s on the horizon and ensure that you’re prepared for what the future brings.

Granite GRC’s Quality Systems and Compliance practice group works with clients to ensure compliance every step of the way from initial concept through design and development; clinical trials, manufacturing, packaging, labeling, marketing, distribution, and post distribution activities. We strive to ensure that safe andeffective products get authorized (approved / cleared) and make it to market.

“We help you and your company understand which regulatory and standards requirements apply, and how they apply to your products and processes with the goal of ensuring regulatory agency and notified body expectations are satisfied and products are safe and effective.”

– from Ken Geskes, Director, Quality Systems and Compliance

Regulatory Compliance Is Complicated

Companies often take different approaches towards regulatory compliance based on their specific needs and product types, however too often, companies misinterpret the requirements, how they need to be implemented, and what objective evidence is required.

Here are just three examples of common, and wholly avoidable obstacles to getting and maintaining regulatory compliant products and processes.

  • Impatience with requirements: Some companies regard regulations and documentation requirements as a nuisance — and granted, they can be complex and time-consuming. But attempting to find a loophole that exempts your company from a requirement very often backfires. Why? Because regulatory bodies are the ones who determine what’s required by the regulations. “You’re rarely going to win that argument,” warns Granite GRC’s Director, Quality Systems and Compliance Practice Group Lead Ken Geskes.
  • Having just one person or department “own” compliance: A common mistake made by companies is to call upon a single person or department to “own” compliance, so when things go wrong, it is that person’s or department’s fault. What’s wrong with this approach? Regulations affect every part of the process from top management down to the manufacturing floor, so it’s best to take a more holistic approach. Everyone involved is responsible for compliance and needs to be trained to shoulder compliance responsibilities and perform the procedures necessary to satisfy requirements.
  • Assuming the regulators won’t look at outside suppliers and distributors: Regulatory terminology can often trip even the companies up, especially when dealing with overseas suppliers. While regulators rarely audit supplier and distributor partners, they have the power to do so, and may do it when they have concerns about a company properly doing it. Every company must ensure that suppliers are aware of and compliant with all applicable regulations. Even product and system software developers can be subject to this scrutiny.

We help you identify, address, and avoid these pitfalls.

Client Relationships

Addressing potential issues proactively, Granite GRC’s Quality Systems and Compliance Practice Group partners with companies to reduce or eliminate the likelihood of compliance issues. Companies can’t address gaps in compliance unless they know what they are, of course. That’s why Granite GRC is fully qualified to conduct detailed audits of a company’s compliance systems, documentation, and organizational structure to determine the level of regulatory risk exposure. Granite GRC’s experts have a successful track record for being proactive. Companies have benefited from the approach we take, which ensures:

  • Employees understand the “why”, not just the “what” of regulatory requirements.
  • Companies understand the benefits of beingproactive vs. reactive from a financial, legal and reputation perspective.

Telling a company what it wants to hear won’t solve your problems. If any concerns exist, we’ll let you know about them immediately, including the suspected or confirmed reasons underlying those concerns. Identifying and addressing potential issues proactively is always more cost-effective than reacting to them after the fact, in terms of time, effort, and bottom-line dollars.

Whether your company engages Granite GRC as a supplement to your compliance staff, to craft procedures and protocols, or, if necessary, to lead all required compliance activity, we can help you do the following:

  • Develop an understanding of applicable regulatory requirements by understanding when, how, and why they apply.
  • Define commonly used — and commonly misused — terms related to compliance, so they align with how regulatory agencies interpret them.
  • Learn the importance of objective evidence and documentation. Simply telling the FDA that you did something is not sufficient.
  • Grasp the underlying need and benefits of taking proactive measures toward regulatory compliance. Preventing product and/or process problems instead of reacting to those problems is beneficial from compliance, market reputation, and financial perspectives.
  • Understand that executive and middle management must take ownership of compliance.

Granite GRC strives to build an open, honest, respectful, and collaborative relationship with clients large and small. We want to help every client realize that regulatory compliance doesn’t operate in a world of “shoulds” — effective compliance is always a must for companies that want to take safe and effective products to market successfully.

Our Success Stories

Granite GRC advises life science companies on activities for the remediation of existing compliance gaps, as well as activities to prevent potential future compliance gaps.

Granite GRC’s consultants can assist and advise companies throughout audits being performed by the FDA, other countries’ equivalent agencies to the FDA, and Notified Bodies.

Granite GRC professionals have a history of performing assessments of life science companies’ compliance to FDA regulatory requirements. These range in scope from focused assessments of single regulatory elements to full assessments of full systems. This includes initial product design concept through post-market activities.

Examples include:

  • Full and/or focused Quality System assessments to identify:
    – Nonconforming system / documentation issues so corrective and / or preventive actions can take place.
    – Opportunities for improvement to help avoid confusion and potential observations when FDA or notified bodies audit.
  • Root causes, corrections, corrective actions, and preventive actions to address concerns raised by FDA or notified bodies.


“I have been immensely fortunate to collaborate with Granite GRC’s Ken Geskes on regulatory affairs and medical device quality systems. His keen ability to dissect complex issues and develop solutions is coupled with an innate ability to work collaboratively with and mentor others. His extensive global experience in risk management and regulatory compliance, paired with his unique perspective gained from sitting on both sides of the audit table, was an invaluable combination. The chance to collaborate with Ken again is a prospect I wholeheartedly welcome.”

– from Robbie Booth, Founder, Chief Strategy and Research Officer Glytec, LLC

Meet the Quality Systems and Compliance Team Lead

Ken Geskes Headshot

Ken Geskes

Director, Quality Systems and Compliance

Ken Geskes, Director, Quality Systems and Compliance, is an experienced life sciences executive and consultant, who brings more than 40 years of skills and insight to the Quality Systems and Compliance practice group. In addition to having expertise in quality system design, implementation, assessment, and remediation experience, Ken has managed operational activities associated with initial design concept through production, labeling, marketing, distribution, and post-distribution activities. This includes on site experience across the US, Canada, Europe, the Middle East, Latin America, and Asia and includes firsthand experience with both face-to-face and behind the scenes activities associated with regulatory and notified body audits.

Download service overview PDF or schedule a free consultation