Home · Insights · Minimum Viable QMS — the five core building blocks for startups

MVQLean-QAStartupISO 9001

Minimum Viable QMS — the five core building blocks for startups

16 May 2026 · 6 min read · by Andreas Linder

A QMS that passes its first audit doesn't need 200 documents. It needs five building blocks designed properly and lived consistently. The other 195 — if ever — come later, driven by real demand.

Why a "Minimum Viable QMS"?

Startups face two pressures at once: they need to scale fast and look professional. When the first major client, the first investor or the first certification body knocks on the door, there's rarely time for a 12-month QM build-up. On the other hand, building a system designed for 500 employees when the company has 25 is expensive and pointless.

We recommend the path of a Minimum Viable QMS (MVQ): the smallest set of building blocks that is enough to be audit-ready while staying out of daily operations' way.

The five mandatory building blocks

1. Process map

An A3 overview of all core, management and support processes. At most 12–15 processes. Each with an owner, an input, an output and a KPI. This map is the table of contents of your QMS — and the most important document in the first conversation with an auditor.

2. Roles and responsibilities

An org chart isn't enough. We need a RACI matrix or a function description per key role: management, quality officer, production lead, supplier-management owner, internal-audit lead. Who is Responsible, who Accountable? This answers every second audit question.

3. Document control and DMS

"DMS" sounds like a big system — it isn't. A structured SharePoint, Confluence or Google Drive setup with version control, approval workflow and clear storage locations is enough for most startups in the first two years. The tool matters less than the rule: everyone knows where the valid document lives, and outdated versions disappear reliably.

4. CAPA — corrective and preventive actions

No CAPA, no learning system. We need a mechanism to capture, analyse and treat deviations, complaints and risks. For a startup, a simple list or a Jira/Linear board is enough, with fields: trigger, root-cause analysis (5-Why or Ishikawa, no PhD needed), containment, corrective action, effectiveness check, status. Maintain it honestly and you've delivered 30 % of an audit's substance.

5. Supplier management

The moment you buy something that affects product or service quality — raw materials, packaging, IT services, contract manufacturing — you need a supplier process. Evaluation, selection, annual review, escalation on issues. Without this block, every audit stumbles on clause 8.4 (ISO 9001) or on pre-supplier requirements (FSSC 22000).

What you deliberately leave out

As important as what's in: what stays out — until needed:

No 200-page quality manual. A 6–10-page summary of the five blocks is enough.
No FMEA for every product variant. A process FMEA for the main line is enough at the start.
No elaborate training management. An Excel list with date, topic, attendees, trainer is enough.
No dedicated QM software. Only when the system grows and Excel tips over does a tool pay off.

Roadmap to MVQ in 6 sprints

Sprint 1: Process map (workshop, visualisation, owners named).
Sprint 2: Roles and RACI, quality policy, org chart.
Sprint 3: Document control, DMS structure, approval workflow.
Sprint 4: CAPA process, templates, first real cases captured.
Sprint 5: Supplier management, evaluation form, risk classification.
Sprint 6: Internal audit against ISO 9001 or sector standard, management review.

Twelve weeks, a working QMS. Not perfect — but audit-ready and right-sized for the company.

What comes after the MVQ?

An MVQ isn't a destination — it's a platform. As the company grows, more Features come: risk assessment per business area, deeper supplier auditing, FMEA for new product lines, business-continuity planning. Each extension follows the same logic — Epic → Feature → User Story → Done.

An MVQ isn't the minimum for an audit. It's the minimum for a system that wins the audit — and that helps the company in daily life.

More from the insights section

14 March 2026

FSSC 22000 v6 — what changes for manufacturers

The new version tightens requirements on food loss management, allergen control and quality culture. What you specifically need to change — and which topics we already see as critical in audits.

Continue reading →

10 February 2026

MES selection for mid-market — 7 criteria that really matter

Between SAP DMC, Werum, Critical Manufacturing and smaller providers, a sober comparison pays off. Seven criteria we consistently weight in selection processes.

Continue reading →

May 2026

Structured problem analysis & problem solving — 4-day intensive training

An inhouse training for production, quality management and engineering. Four days, 10–15 participants, with a consistent methodological thread: from the 8D process through root-cause analysis to FMEA and Poka Yoke. Coaching on real cases from your own production.

Continue reading →

22 May 2026

Agile QM: Epics, Features and User Stories for ISO 9001 and FSSC 22000

A QMS built in a 12-month waterfall ends up as a stack of files — and a team that doesn't own it. We translate clauses into Epics, sub-processes into Features and individual requirements into User Stories. The result: a QMS in 2-week sprints — audit-ready and effective in daily operations.

Continue reading →

08 May 2026

ISO 9001 in 9 Sprints — the sprint plan to certification

Nine two-week sprints — 18 weeks from kick-off to recommendation for certification. Realistic for small and mid-sized companies that don't yet have a QMS and need one that is audit-ready and actually lived.

Continue reading →

Bring these topics into your operation?

A 30-minute free initial consultation — with no commitment to follow up.

Book Initial Consultation