ISO 13485:2016 Section | Document Section |
---|---|
4.1.1 | 1. |
4.1.2 | 4. |
4.2.1 b) | (All) |
4.2.2 | (All) |
5.3 | 2. |
5.4.1 | 2. |
The Quality Manual describes the scope of the Quality Management System, its documented procedures and a description of their interactions.
The QMS described in this Quality Manual applies to all products of <your company name>.
Other roles besides manufacturer are: Authorized representative, distributor.
<your company name> is a manufacturer of Medical Devices.
The following table only gives an overview of the most relevant regulation and standards. For a comprehensive overview, see the list of applicable standards (reference here).
Standard / Regulation / Law | Why Applicable? |
---|---|
EU Regulation 2017/745 | Regulation for medical devices for human use |
EU Regulation 2021/2226 | Regulation for electronic instructions for use |
EN ISO 13485:2016 | QMS required by essential requirements of MDD/MDR |
EN ISO 14971:2019 | Risk management for medical devices |
IEC 62304:2006 | Software development for medical devices |
IEC 62366-1:2015 | Usability evaluation for medical devices |
The following sections of ISO 13485:2016 will be excluded due to the product being stand-alone software:
Describe what your company is about, specifically, its mission and things which are important for it. Maybe you’re developing software for patients with a certain disease and your goal is to improve their lives.
In addition, the policy should include a commitment to meet legal requirements, keep the QMS up to date and define quality objectives to work towards.
Whatever policy you outlined above, now you need to make it measurable by defining objectives which can be tracked. Those objectives should not (only) refer to the quality of your devices but the quality of your QMS and the overall work of your organization. Typical examples are: hiring excellence in staff, providing, best-of-class device performance, high standards of customer satisfaction, etc.
Auditors might ask you: how do you keep track of a quality objective, to see if it was achieved or not? The answer is: Key Performance Indicators. As part of your management review, you have to review all QMS processes plus your quality policy and objectives at least annually. Now, you can meet both requirements at the same time by defining KPIs for your QMS processes. You can then argue that by achieving your KPIs, you make sure that your processes run well, which also meets your quality objectives.
These are your action items: 1. Make sure to define at least one KPI for each QMS process. 2. Make sure each quality objectives translates into at minimum one process KPI. Where there’s no corresponding process for a quality objective, you define additional KPIs that are not process-related. 3. You can document those KPIs either in each SOP or in a separate overview sheet. For example, you can use the template for a management review report for that purpose.
Also see regulatory requirements: ISO 13485, para. 4.1.3.a (process KPIs) and para. 5.6.2 (management review input).
In this section here, describe where you define your KPIs and how you keep track of them. For example, say that you define KPIs in every single SOP or reference to a separate, central overview sheet. Ideally, KPIs are tracked by each process owner independently.
Describe the roles of the people in your company. Typically this is done by drawing an organigram (you could use draw.io for that). Or, you just use a table like below.
Minimum requirement information: required qualification and description of tasks related to QMS process involvement If applicable, add: report / authority, access rights, etc.
Role | People |
---|---|
CEO | Steve Jobs |
CTO | Steve Wozniak |
Product Manager | Ada Lovelace |
QMO | Oliver Eidel |
All C-level roles (CEO, CTO, CMO) are referred to as the Management. Management is generally responsible to define responsibilities and authorities, to define and communicate Quality Policy and Goals and to ensure that the whole organization is oriented towards them.
See ISO 13485, para. 5.1, para. 5.5.1
The Quality Management Officer (QMO) is responsible for:
Required qualification for this role:
See ISO 13485, para. 5.1, para. 5.5.2
Person Responsible for Regulatory Compliance (PRRC) Responsibilities of the PRRC are in accordance with Art. 15 MDR as follows:
The PRRC shall not be subjected to Management instructions while carrying out his/her responsibilities specified above. His/her tasks may be delegated to other roles as long as it is ensured that final responsibility stays with the PRRC. She or he has the power and authority to represent the company in the scope of his/her responsibilities, e.g. in communicating with state authorities.
Required qualification for this role:
List all your SOPs here. This list is highly company-specific and might therefore be currently incomplete.
Important Note:
Also mention if one of these processes is outsourced to a third party (typical examples: internal auditing or clinical evaluation done by a regulatory consultant, software development done by an external agency; see ISO 13485:2016, para. 4.1.5 for more context).
SOP | Process Category | Internal / Outsourced |
---|---|---|
SOP Corrective and Preventive Action | Management | Internal |
SOP Clinical Evaluation | Core | Outsourced (?) |
SOP Product Certification and Registration | Core | Internal |
SOP Change Management | Core | Internal |
SOP Deployment | Core | Internal |
SOP Document and Record Control | Support | Internal |
SOP Integrated Software Development | Core | Internal |
SOP Feedback Management | Core | Internal |
SOP Internal Auditing | Management | Outsourced (?) |
SOP Management Review | Management | Internal |
SOP Post-Market Surveillance | Management | Internal |
SOP Problem Resolution | Core | Internal |
SOP Software Validation | Support | Internal |
SOP Update of Regulations | Support | Internal |
SOP Vigilance | Core | Internal |
Template Copyright openregulatory.com. See template license.
Please don’t remove this notice even if you’ve modified contents of this template.