Is there enough culture in your compliance strategy?

I've been thinking about the relationship between quality compliance and quality culture, after studying organisational culture. In medtech you often hear the phrase "quality is everyone's responsibility". But is it sufficient just to state this?

Organisational psychologist Edgar Schein described culture as operating on three levels. The surface level is artefacts - SOPs, QMS records, KPIs. Medtech firms have these in abundance - if you didn't, you wouldn't survive your first audit. The second level is espoused values — what the organisation says it believes - things like "quality is everyone's responsibility", "patient safety is our north star". The third level, the one that actually determines behaviour, is underlying assumptions — what people in the organisation genuinely believe, often without being able to articulate it. Schein's central insight was that the artefacts and espoused values are largely irrelevant if the underlying assumptions contradict them. The gap between what an organisation says and what it does is, I'd argue, where most quality failures originate.

How do the organisation's underlying assumptions relate to leadership behaviour? If quality and regulatory compliance are not a priority to leadership - if projects are prioritised above them - staff will follow suit. Organisations naturally read what leadership actually values, as opposed to what it says it values, and calibrate their behaviour accordingly.

The famous and extreme case is Theranos. Though fraud was confirmed, it's an illustrative study. The leadership clearly valued commercial delivery over all other aspects, and the organisation understood that assumption, despite espoused values and artefacts to the contrary. There are many less famous cases, those where companies have more complaints, more recalls, accumulating audit findings. In those cases, the artefacts were present and the espoused values were probably framed as a proud quality mission on a wall somewhere. The underlying assumptions were the problem. 

What does fixing this actually look like? It is not, I'd suggest, a values workshop or a town hall speech about patient safety, which are themselves just more artefacts; visible signals that can coexist comfortably with unchanged underlying assumptions (see: doublethink).

It starts with leadership clearly understanding and demonstrably valuing quality and regulatory compliance. Conversations in which concerns are followed up on - not just noted. Leaders who see quality and regulatory KPIs dipping due to inadequate resource, and give these teams the resource that is needed to service the organisation. A substantial test for leadership in this area is to ask if a commercial project could ever be pushed back to ensure that safety, quality and regulatory deliverables are not just available, but robust.

Organisations that can do this are strong — they build trust with regulators, healthcare practitioners and patients. The ones that can't? They're not managing quality. They're managing the appearance of it.