Niavicta builds nianav OS in the open, with the people who use it.Talk to us ›
Niavicta nianav OS
Talk to us
Audit & systems consulting

ISO 13485 internal audits and systems implementation.

Niavicta runs internal audits, regulated audit readiness, systems implementation, and management consulting for teams that need work to run without them. Regulated or not. You keep working the whole time.

Certified ISO lead auditors
Chani Galgut, founder of Niavicta and certified ISO 13485 lead auditor
Chani GalgutLead auditor · QA/RA
Jasmine Beukema, founder of Niavicta
Jasmine BeukemaLead auditor · QA/RA
Can we do what you need? The short answers, first. Open any card for the detail.
Can you run our ISO 13485 internal audit? Yes. Both founders are certified ISO 13485 lead auditors. How it works

We run it as a formal internal audit against your standard, not a light opinion. You get documented findings, the objective evidence behind each one, and a clear route to close.

ISO 13485 requires internal audits on a schedule. We run them for you, every year, whether or not you build anything else with us. Full detail on what we audit is below.

Are you actually qualified to audit us? Yes. CQI/IRCA certified lead auditors, both of us. See credentials

Both founders hold the CQI/IRCA Certified Lead Auditor qualification for ISO 13485:2016, backed by MDR, MDSAP, and clause-by-clause training, and years of hands-on QA/RA inside regulated medtech.

We run it properly: a documented audit plan and programme, full scope against the clauses, and we get trained on your own internal audit procedure first, so the audit is done to your process, not a generic checklist. We arrive with the competency and independence evidence your certification body will ask to see, so your internal audit holds up when they audit it.

And if you are the QA reading this: we know. We have been you, the one holding the whole system together the week before an audit. We have sat through the same ones you have, so we know what the external auditor reaches for when they open your internal audit file, and we make sure it is already waiting for them.

Our full certifications, courses, and competency evidence are listed at the foot of this page, available for your QA or notified body on request.

We are not regulated. Is this for us? Yes. The pain is the same shape either way. Read more

Regulated teams get the audit depth and the compliance built in. Everyone else gets a company that runs itself instead of running through one or two people and a stack of spreadsheets.

If your business still lives in your head and your inbox, this is for you.

Do we have to commit to the whole thing? No. Stop at any phase with a finished deliverable. See the phases

The engagement runs in four phases: diagnose, map, build, hand over. Each one ends in something complete and useful on its own.

Take only the diagnostic. Take the map to your own team. Or have us build the whole thing and hand it back. You decide at every gate.

Do you build the systems, or only advise? Both. We build, or hand your team the map. Read more

We can implement the automations ourselves, taking the manual, repeated work off your desk. Or, if you have an internal team, we hand them a map clear enough to build from.

Your first working automation goes live early in the engagement, not at the end.

Do we have to stop working while you do this? No. We work alongside you, then hand it over. Read more

We work with your team a couple of days a week. The business keeps running. When we leave, the system runs without us, and your people know how to keep it that way.

How long does it take, and how do you charge? You agree the price and the time before each phase begins. Never a surprise. Read more

For an internal audit: you tell us the scope you have in mind, a single day or several, and we build that into the audit plan and the quote up front. The fee and the dates are fixed before we start.

For a larger build: the first call sizes your company and sets the diagnostic. From there, each phase is scoped, priced, and dated at its gate, and nothing moves forward until you have agreed both.

Every phase carries a fixed fee. No open meter, no surprise invoice. You always know the cost and the timeline before you commit.

Still not sure we are the right fit? One short call answers it. Book a call and we will tell you straight.
If this sounds familiar The company outgrew the way it was being held together.

You already know this feeling.

Everything runs through you.Your approval is a calendar event. Your memory is the process. When you step away, the company slows to the speed of one inbox.
The same thing, logged three times.One customer call becomes a ticket, a record, and a note. Three tools, three owners, nothing holding them together.
The knowledge lives in heads.People are doing the work and things get done. The how lives in side conversations and habit, never written down anywhere you could improve it.
Compliance became a second job.The rules live a parallel life, kept up after hours, until an audit arrives and turns months of catching up into one scramble.
How we work One journey, four phases. Each phase ends in something finished, so you choose to continue with your eyes open.
01 Diagnose 02 Map 03 Build 04 Hand over
Phase 01 · Diagnose

We learn how your company actually runs.

You get: a written diagnostic report and a one-page map of how the work really moves, with the first jobs worth fixing named in order.

Regulated? The diagnostic includes a full internal audit against your standard, run by a certified lead auditor.

Complete deliverable. Stop here, or continue.
Phase 02 · Map

We design the system that should run it.

You get: the target design and a prioritised fix list, laid out so any competent team could build from it. The whole garden, drawn.

Take the map to your own team, or continue with us.
Phase 03 · Build

We build the fixes, one workflow at a time.

You get: working automations that take the manual, repeated, error-prone jobs off your desk. Your first one goes live early, not at the end.

We build it, or your internal team builds from the map.
Phase 04 · Hand over

Your team runs it without us.

You get: a trained team and the documentation to keep it running. The system belongs to you, and it holds when we leave.

The engagement ends where you stop depending on us.
You can stop at any gate. Some clients want only the diagnostic. Some take the map to their own team. Some want the whole thing built and handed back. Every exit leaves a finished deliverable in your hands.
Two ways in Regulated or not, the engine is the same. The front door is different.
If you are regulated

Start with an internal audit.

You have a standard to hold: ISO 13485, ISO 9001, or EU MDR. We run a formal internal audit against it, then map and build the fixes. The audit is real evidence you can put in front of a notified body.

What we audit › Medtech internal audit page ›
If you are not

Start with a diagnostic.

No standard to answer to, just a company running through too few people. We diagnose how the work really moves, map the target system, and build it. The same discipline, without the audit machinery.

How we work ›
Internal audits Everything a QA officer checks before trusting an auditor.

Certified auditors. Real device experience.

An internal audit is only worth what the auditor is. Both founders are CQI/IRCA certified ISO 13485 lead auditors, with hands-on QA/RA experience across regulated medtech, not classroom-only credentials.

We audit as independent internal auditors: documented findings against the clause, the objective evidence behind each one, and a route to close. Our competency evidence is available on request, the way a notified body or a customer's QA would expect.

Standards we audit

The frameworks.

  • ISO 13485:2016, medical device QMS
  • ISO 9001, quality management
  • EU MDR 2017/745
  • MDSAP and FDA QMSR familiarity
Devices we know

The technology.

  • Software as a medical device, with hardware
  • AI-enabled and autonomous devices
  • Implantable devices
  • IVD, chemistry, and combination products
What you get

The output.

  • Audit plan and scope agreed up front
  • Findings graded, with objective evidence
  • CAPA-ready, with a route to close
  • Run on your annual audit schedule
A scientist in a white coat working at a laboratory bench
Process, on the floor
An engineer probing a circuit board with a multimeter at a workbench
Evidence, at the bench
A small team reviewing findings together over notebooks
Findings, reviewed
How we charge A fixed price for each phase. No open meter, no surprise.

You pay for the result, one phase at a time.

Every phase has a fixed fee agreed before it starts. You always know what you are spending and exactly what you get for it.

The diagnostic is what makes this safe. It measures the size of the job, so the price for the map and the build is quoted from what is really there, never a guess.

Anything outside an agreed phase is quoted as its own phase, so a fixed price stays fixed. You commit one phase at a time and decide at each gate whether the next one is worth it.

Fixed per phaseA set fee for each phase, agreed up front. The meter never runs.
Scoped by the diagnosticThe build is priced from what the diagnostic found, so the number is real.
Opt out at every gateContinue when the last phase earned it. Stop with a finished deliverable when it did not.
Find your auditor Five quick questions. We point you to the right one of us to start with.
One auditor, or the full pair. A standalone internal audit is run by whichever of us fits, on your terms. For the full engagement, diagnostic, mapping, implementation, and handover, we work as a pair. Either way, every certification is backed by a certificate and competency record, available for your QA or notified body on request.

Stop being the system.
Start with a diagnostic.

One conversation tells us whether this fits. The diagnostic tells you where you stand and what to fix first.