Documenting is Not Demonstrating: Why Most SaMD Teams Learn The Hard Way

For some SaMD companies, quality documentation can feel like the holy grail. SOPs (Standard Operating Procedure), training logs, signed-off forms—they’re painstakingly written,  stored, and re-reviewed before a quality assurance audit.

However, when the auditor shows up, many teams discover the hard truth: documentation alone doesn’t prove your quality system works.

Too many SaMD teams are caught off-guard by just how quickly an auditor can poke holes in a seemingly pristine-looking QMS.

The Real Question: Can You Show It Happened?

An SOP that says you review risk every quarter isn’t enough. An auditor might ask:

• Can you show me the last three reviews?
• Who participated?
• What risks were added or removed?
• What changed as a result?

That’s where many quality teams stall. They have the “what”, but not the “how,” “when,” or “by whom.” The gap between your policies and your proof of action is often where audits fall apart.

Why the Gap Between Policies and Proof Happens

There’s a big difference between documenting your intent and demonstrating your implementation of that intent. Here’s where most quality systems go wrong:

• Static documentation: Policies are written once, stored, and forgotten. There’s no workflow to ensure they’re actually implemented or followed.
• Disjointed evidence: Teams manage documentation and evidence in spreadsheets, emails, and local folders. More mature organizations use QMS platforms. In most cases, auditors can’t trace a clear line from policy to execution.
• No system of record: There's no centralized repository that shows how quality activities were performed, when, or by whom.

Even if you're doing everything right operationally, you’ll fail to demonstrate it if you don’t have a connected, traceable system of record.

How to Operationalize Your Documentation

To move from documentation to demonstration, think of your QMS as a living, breathing operationalized system.

Using an electronic system is tables stakes. Make sure the system or platform you select has at least the three following functionalities:

1. Tie policies directly to evidence of activity.
   Don't just store a CAPA (Corrective and Preventive Action) policy—link it to actual CAPA records, assignments, and resolution dates. Use a system that lets you trace real actions tied to every FDA or regulatory requirement.
   
2. Version control isn’t enough—track activity.
   Auditors want to know who reviewed, who approved, and what decisions were made along the way. Implement audit trails that go beyond document versioning.
3. Build workflows that force action.
   Your QMS shouldn’t just store information. It should move things forward—remind users, assign tasks, escalate when needed. That’s how you make quality repeatable.

Want to Know What Auditors Will Ask?

If you’re preparing for an audit—or just want to pressure-test your current program—start with our 30-Point Audit Readiness Checklist for SaMD Companies. It outlines the critical areas most quality teams miss when they rely on documentation alone.