The term "Continuous Compliance" gets thrown around a lot in the Quality Management System (QMS) space. But if you look closely at how legacy providers apply it, it usually translates to little more than "frequent audit readiness" or "better issue-tracker integrations." For Software as a Medical Device (SaMD), especially AI SaMD, that definition falls dangerously short.
If your engineers are copying test and eval results from their terminals and pasting them into your QMS, the risk of drift is very real. You aren't continuously compliant. You are just continuously catching up.
The real enemy of compliance in modern software development is drift, the widening gap between what your documentation says and what your code actually does. When tests and requirements live in a siloed QMS while the actual work happens in a repository, drift is inevitable.
It’s time to redefine Continuous Compliance.
For Lightworks, we define true Continuous Compliance as GitHub Actions (CI/CD) running automatically on every single merge into your AI SaMD's repo. This process seamlessly upserts records directly into your QMS for:
- Test and eval results for rigorous traceability.
- Dependencies and vulnerabilities for a real-time Software Bill of Materials (SBOM).
- Literally any repo-to-records pipeline your team needs to automate.
Automating compliance from the raw source of truth directly into your binder is the only real mitigation against drift. Issue trackers like Jira and Linear are phenomenal tools for managing work, and linking records to a ticket is valuable. But they shouldn't be the fundamental engine for your compliance state. When your QMS natively understands the relationships between requirements and tests pulled straight from the code, you unlock an entirely new level of velocity and certainty.
Here is how this looks in practice: you shouldn't have to build this infrastructure from scratch. Instead of writing your own GitHub Action workflows, teams should be able to install them as part of a Premium Template, like our Traceability Matrix, to get everything running out of the box.
At Lightworks, we believe Continuous Compliance isn't a marketing phrase; it's a technical standard. It's the absolute assurance that your system of record is always exactly in sync with your codebase.