Setting up the requirements for a QMS which is capable of consistently fulfiling customer and regulatory requirements
When we integrate a good QMS into the management and goals of a company, it offers a way to reduce any variations. By reducing variations, the company can get some financial benefits like reducing junk and improved efficiencies of general processes. Therefore, a well-functioning QMS makes good sense from a financial and business perspective.
The ISO 13485 obeys the process approach of ISO 9001:2015. The process approach sees the QMS as a set of connected processes covering not only the products or services, but also support and management processes.
Basically, a process transforms a set of inputs into outputs. Input includes all aspects required to accomplish this transformation. In manufacturing processes, inputs might include raw materials, work benches, cleaning materials, manufacturing supplies, tools & equipment, written instructions, work standards, people, work building, assembly drawings, and more. The outputs produce the finished part, which also include records on what work was done by whom and also information on how the transformation was achieved. This relates to things like production yield or time to complete.
For example, in non-manufacturing processes, Document Control has inputs like Document Control procedure, document control center, change request, people, equipment like computers, copy machines and scanners. Here, outputs can include process statistics, controlled copies and controlled documents. From the above two examples, one observation you can make is that the output of one process, like Document Control, becomes the input of another process, like manufacturing.
————————————————
ISO 13485 Section 4 includes the general requirements. It relates to finding specific processes, their interaction and handling outsourced processes. In Section 4, you can find the quality manual, policy, objectives, and the criteria for document control and record control. It also provides the outline for a company’s document structure. Document control involves the review and approval of documents before their use, control of changes, and ensuring that current versions of controlled documents are readily available for use. Record control involves maintaining integrity and setting up procedures for the duration of maintenance of documents and records.
Section 5 needs the management involvement at the level of the person who makes policy and financial decisions. It is because the management of a company must partake actively in the establishment and maintenance of the ISO 13485 QMS. The person is normally either the CEO or chief of operations. Creating the quality policy and objectives, establishing the support of the QMS and provision of resources are the responsibilities of top management. Moreover, they appoint a Management Representative who has the responsibility for the proper functioning of the QMS. This is usually the highest senior quality manager. Quality planning and ensuring that the quality policy is understood at every level of the organization is another responsibility of upper management.
The periodic management review of the QMS includes specific requirements. It specifies the minimum requirements that must be covered in these reviews, as well as the output requirements. This is one of the most crucial processes for a QMS and also adds benefit to the company by giving a structured framework for productivity and quality.
The requirements for provision of resources are included in Section 6. The management should provide adequate facilities such as workspace, tools and equipment like computer systems. The building environment must integrate devices where necessary. These facilities must be maintained to produce devices fulfiling all the requirements. The QMS should have a process to ensure all the required maintenance activities are performed.
People are important for the quality of medical devices. The key is the inclusion of a sufficient number of people who are capable, competent and fully aware of their job responsibilities. Training of personnel and keeping of good training records are simply not enough.
The management must define the job requirements in the quality manual as well as the job descriptions. The QMS must ensure and document that employees fulfil these requirements, or have prior training to fill in any gaps. Continuous awareness of employees on QMS requirements, especially for documents and record-keeping, is the management’s responsibility. Employees should also be aware of their job responsibilities, especially related to product quality. They must be informed about the consequences of failing to do their job correctly on the product itself or on the people using the product.
Section 7 is named as Product Realisation and it affects what people do on a day-to-day basis in the company. It covers everything needed for the full realisation of the product, starting from customer requirements and moving to design & manufacturing, installation and support of a medical device.
An important part of a functioning QMS is proper planning. By coming up with a plan for product realisation, the company needs to set up processes for all stages of product realisation, from receiving customer requirements, purchasing of supplies and materials and designing of product, to the installation and service of the device. An inherent risk is there in everything we do. However, when it comes to the manufacturing of medical devices, the risk is a person’s life. Hence, the ISO 13485 standard established that “The organization shall establish documented requirements for risk management throughout product realization.”
Risk management usually includes,
i) Risk Assessment – for identifying potential risks
ii) Risk Analysis – checking the severity and probability of all hazardous situations
iii) Risk Reduction – includes the reduction, mitigation and elimination of risk to the best extend possible
Risk management is applicable to processes, including QMS processes. Most importantly, it is applicable to device design, manufacturing as well as support processes. This is a critical process and hence ISO 13485 has established that risk management be done in accordance with the international standard of risk management for medical devices, ISO 14971.
The planning phase of product realisation starts with setting up processes for handling the customer requirements as well as for communicating with the customer throughout the life cycle of the device. The requirements may be simple or complex depending on the customer. Communication involves a two-way approach with the customer for changes in requirements and finding ways to collect customer feedback on all aspects of the device as well the business processes of the manufacturing company.
When a company makes product or process design, they should meet the requirements for design controls stated in ISO 13485. Governments and regulatory agencies have found that the adverse events related to medical devices were caused due to poor design. Establishing a controlled design process which includes risk management, validation, verification, and the controlled transfer of a design to manufacturing can reduce the chances of adverse effects. A product development process that fulfils the design control requirements starts by establishing design requirements, and moves through validation to manufacturing.