Quality Manager - QMS ISO 13485 Specialist
ISO 13485:2016 Quality Management System implementation, maintenance, and certification support for medical device organizations.
Table of Contents
QMS Implementation Workflow
Implement ISO 13485:2016 compliant quality management system from gap analysis through certification.
Workflow: Initial QMS Implementation
- 1. Conduct gap analysis against ISO 13485:2016 requirements
- Document current state vs. required state for each clause
- Prioritize gaps by:
- Regulatory criticality
- Risk to product safety
- Resource requirements
- 4. Develop implementation roadmap with milestones
- Establish Quality Manual per Clause 4.2.2:
- QMS scope with justified exclusions
- Process interactions
- Procedure references
- 6. Create required documented procedures — see Mandatory Documented Procedures for the full list
- Deploy processes with training
- Validation: Gap analysis complete; Quality Manual approved; all required procedures documented and trained
Use the Gap Analysis Matrix template in qms-process-templates.md to document clause-by-clause current state, gaps, priority, and actions.
QMS Structure
| Level | Document Type | Example |
|---|
| 1 | Quality Manual | QM-001 |
| 2 |
Procedures | SOP-02-001 |
| 3 | Work Instructions | WI-06-012 |
| 4 | Records | Training records |
Document Control Workflow
Establish and maintain document control per ISO 13485 Clause 4.2.3.
Workflow: Document Creation and Approval
- 1. Identify need for new document or revision
- Assign document number per numbering convention:
- Format:
[TYPE]-[AREA]-[SEQUENCE]-[REV]
- Example:
SOP-02-001-01
- 3. Draft document using approved template
- Route for review to subject matter experts
- Collect and address review comments
- Obtain required approvals based on document type
- Update Document Master List
- Validation: Document numbered correctly; all reviewers signed; Master List updated
Document Numbering Convention
| Prefix | Document Type | Approval Authority |
|---|
| QM | Quality Manual | Management Rep + CEO |
| POL |
Policy | Department Head + QA |
| SOP | Procedure | Process Owner + QA |
| WI | Work Instruction | Supervisor + QA |
| TF | Template/Form | Process Owner |
| SPEC | Specification | Engineering + QA |
Area Codes
| Code | Area | Examples |
|---|
| 01 | Quality Management | Quality Manual, policy |
| 02 |
Document Control | This procedure |
| 03 | Training | Competency procedures |
| 04 | Design | Design control |
| 05 | Purchasing | Supplier management |
| 06 | Production | Manufacturing |
| 07 | Quality Control | Inspection, testing |
| 08 | CAPA | Corrective actions |
Document Change Control
| Change Type | Approval Level | Examples |
|---|
| Administrative | Document Control | Typos, formatting |
| Minor |
Process Owner + QA | Clarifications |
| Major | Full review cycle | Process changes |
| Emergency | Expedited + retrospective | Safety issues |
Document Review Schedule
| Document Type | Review Period | Trigger for Unscheduled Review |
|---|
| Quality Manual | Annual | Organizational change |
| Procedures |
Annual | Audit finding, regulation change |
| Work Instructions | 2 years | Process change |
| Forms | 2 years | User feedback |
Internal Audit Workflow
Plan and execute internal audits per ISO 13485 Clause 8.2.4.
Workflow: Annual Audit Program
- 1. Identify processes and areas requiring audit coverage
- Assess risk factors for audit frequency:
- Previous audit findings
- Regulatory changes
- Process changes
- Complaint trends
- 3. Assign qualified auditors (independent of area audited)
- Develop annual audit schedule
- Obtain management approval
- Communicate schedule to process owners
- Track completion and reschedule as needed
- Validation: All processes covered; auditors qualified and independent; schedule approved
Use the Audit Program Template in qms-process-templates.md to schedule audits by clause and quarter across processes such as Document Control (4.2.3/4.2.4), Management Review (5.6), Design Control (7.3), Production (7.5), and CAPA (8.5.2/8.5.3).
Workflow: Individual Audit Execution
- 1. Prepare audit plan with scope, criteria, and schedule
- Notify auditee minimum 1 week prior
- Review procedures and previous audit results
- Prepare audit checklist
- Conduct opening meeting
- Collect evidence through:
- Document review
- Record sampling
- Process observation
- Personnel interviews
- 7. Classify findings:
- Major NC: Absence or breakdown of system
- Minor NC: Single lapse or deviation
- Observation: Risk of future NC
- 8. Conduct closing meeting
- Issue audit report within 5 business days
- Validation: All checklist items addressed; findings supported by evidence; report distributed
Auditor Qualification Requirements
| Criterion | Requirement |
|---|
| Training | ISO 13485 awareness + auditor training |
| Experience |
Minimum 1 audit as observer |
| Independence | Not auditing own work area |
| Competence | Understanding of audited process |
Finding Classification Guide
| Classification | Criteria | Response Time |
|---|
| Major NC | System absence, total breakdown, regulatory violation | 30 days for CAPA |
| Minor NC |
Single instance, partial compliance | 60 days for CAPA |
| Observation | Potential risk, improvement opportunity | Track in next audit |
Process Validation Workflow
Validate special processes per ISO 13485 Clause 7.5.6.
Workflow: Process Validation Protocol
- 1. Identify processes requiring validation:
- Output cannot be verified by inspection
- Deficiencies appear only in use
- Sterilization, welding, sealing, software
- 2. Form validation team with subject matter experts
- Write validation protocol including:
- Process description and parameters
- Equipment and materials
- Acceptance criteria
- Statistical approach
- 4. Execute IQ: verify equipment installed correctly and document specifications
- Execute OQ: test parameter ranges and verify process control
- Execute PQ: run production conditions and verify output meets requirements
- Write validation report with conclusions
- Validation: IQ/OQ/PQ complete; acceptance criteria met; validation report approved
Validation Documentation Requirements
| Phase | Content | Evidence |
|---|
| Protocol | Objectives, methods, criteria | Approved protocol |
| IQ |
Equipment verification | Installation records |
| OQ | Parameter verification | Test results |
| PQ | Performance verification | Production data |
| Report | Summary, conclusions | Approval signatures |
Revalidation Triggers
| Trigger | Action Required |
|---|
| Equipment change | Assess impact, revalidate affected phases |
| Parameter change |
OQ and PQ minimum |
| Material change | Assess impact, PQ minimum |
| Process failure | Full revalidation |
| Periodic | Per validation schedule (typically 3 years) |
Special Process Examples
| Process | Validation Standard | Critical Parameters |
|---|
| EO Sterilization | ISO 11135 | Temperature, humidity, EO concentration, time |
| Steam Sterilization |
ISO 17665 | Temperature, pressure, time |
| Radiation Sterilization | ISO 11137 | Dose, dose uniformity |
| Sealing | Internal | Temperature, pressure, dwell time |
| Welding | ISO 11607 | Heat, pressure, speed |
Supplier Qualification Workflow
Evaluate and approve suppliers per ISO 13485 Clause 7.4.
Workflow: New Supplier Qualification
- 1. Identify supplier category:
- Category A: Critical (affects safety/performance)
- Category B: Major (affects quality)
- Category C: Minor (indirect impact)
- 2. Request supplier information:
- Quality certifications
- Product specifications
- Quality history
- 3. Evaluate supplier based on:
- Quality system (ISO certification)
- Technical capability
- Quality history
- Financial stability
- 4. For Category A suppliers:
- Conduct on-site audit
- Require quality agreement
- 5. Calculate qualification score
- Make approval decision:
- >80: Approved
- 60-80: Conditional approval
- <60: Not approved
- 7. Add to Approved Supplier List
- Validation: Evaluation criteria scored; qualification records complete; supplier categorized
Supplier Evaluation Criteria
| Criterion | Weight | Scoring |
|---|
| Quality System | 30% | ISO 13485=30, ISO 9001=20, Documented=10, None=0 |
| Quality History |
25% | Reject rate: <1%=25, 1-3%=15, >3%=0 |
| Delivery | 20% | On-time: >95%=20, 90-95%=10, <90%=0 |
| Technical Capability | 15% | Exceeds=15, Meets=10, Marginal=5 |
| Financial Stability | 10% | Strong=10, Adequate=5, Questionable=0 |
Supplier Category Requirements
| Category | Qualification | Monitoring | Agreement |
|---|
| A - Critical | On-site audit | Annual review | Quality agreement |
| B - Major |
Questionnaire | Semi-annual review | Quality requirements |
| C - Minor | Assessment | Issue-based | Standard terms |
Supplier Performance Metrics
| Metric | Target | Calculation |
|---|
| Accept Rate | >98% | (Accepted lots / Total lots) × 100 |
| On-Time Delivery |
>95% | (On-time / Total orders) × 100 |
| Response Time | <5 days | Average days to resolve issues |
| Documentation | 100% | (Complete CoCs / Required CoCs) × 100 |
QMS Process Reference
For detailed requirements and audit questions for each ISO 13485:2016 clause, see iso13485-clause-requirements.md.
Management Review Required Inputs (Clause 5.6.2)
| Input | Source | Prepared By |
|---|
| Audit results | Internal and external audits | QA Manager |
| Customer feedback |
Complaints, surveys | Customer Quality |
| Process performance | Process metrics | Process Owners |
| Product conformity | Inspection data, NCs | QC Manager |
| CAPA status | CAPA system | CAPA Officer |
| Previous actions | Prior review records | QMR |
| Changes affecting QMS | Regulatory, organizational | RA Manager |
| Recommendations | All sources | All Managers |
Record Retention Requirements
| Record Type | Minimum Retention | Regulatory Basis |
|---|
| Device Master Record | Life of device + 2 years | 21 CFR 820.181 |
| Device History Record |
Life of device + 2 years | 21 CFR 820.184 |
| Design History File | Life of device + 2 years | 21 CFR 820.30 |
| Complaint Records | Life of device + 2 years | 21 CFR 820.198 |
| Training Records | Employment + 3 years | Best practice |
| Audit Records | 7 years | Best practice |
| CAPA Records | 7 years | Best practice |
| Calibration Records | Equipment life + 2 years | Best practice |
Decision Frameworks
Exclusion Justification (Clause 4.2.2)
| Clause | Permissible Exclusion | Justification Required |
|---|
| 6.4.2 | Contamination control | Product not affected by contamination |
| 7.3 |
Design and development | Organization does not design products |
| 7.5.2 | Product cleanliness | No cleanliness requirements |
| 7.5.3 | Installation | No installation activities |
| 7.5.4 | Servicing | No servicing activities |
| 7.5.5 | Sterile products | No sterile products |
Nonconformity Disposition Decision Tree
CODEBLOCK0
CAPA Initiation Criteria
| Source | Automatic CAPA | Evaluate for CAPA |
|---|
| Customer complaint | Safety-related | All others |
| External audit |
Major NC | Minor NC |
| Internal audit | Major NC | Repeat minor NC |
| Product NC | Field failure | Trend exceeds threshold |
| Process deviation | Safety impact | Repeated deviations |
Tools and References
Scripts
Audit Checklist Generator Features:
- - Generate clause-specific checklists (e.g.,
--clause 7.3) - Generate process-based checklists (e.g.,
--process design-control) - Full system audit checklist (
--audit-type system) - Text or JSON output formats
- Interactive mode for guided selection
References
Ready-to-use templates for gap analysis, audit program, document control, CAPA, supplier, training |
Quick Reference: Mandatory Documented Procedures
| Procedure | Clause | Key Elements |
|---|
| Document Control | 4.2.3 | Approval, distribution, obsolete control |
| Record Control |
4.2.4 | Identification, retention, disposal |
| Internal Audit | 8.2.4 | Program, auditor qualification, reporting |
| NC Product Control | 8.3 | Identification, segregation, disposition |
| Corrective Action | 8.5.2 | Root cause, implementation, verification |
| Preventive Action | 8.5.3 | Risk identification, implementation |
Related Skills
CAPA system management |
|
qms-audit-expert | Advanced audit techniques |
|
quality-documentation-manager | DHF, DMR, DHR management |
|
risk-management-specialist | ISO 14971 integration |
质量经理 - QMS ISO 13485 专家
为医疗器械组织提供ISO 13485:2016质量管理体系的实施、维护和认证支持。
目录
QMS实施工作流程
从差距分析到认证,实施符合ISO 13485:2016的质量管理体系。
工作流程:初始QMS实施
- 1. 对照ISO 13485:2016要求进行差距分析
- 记录每个条款的当前状态与要求状态
- 按以下优先级排序差距:
- 法规关键性
- 产品安全风险
- 资源需求
- 4. 制定包含里程碑的实施路线图
- 根据条款4.2.2建立质量手册:
- 包含合理排除项的QMS范围
- 过程相互作用
- 程序引用
- 6. 创建所需的文件化程序——完整列表见强制性文件化程序
- 通过培训部署流程
- 验证: 差距分析完成;质量手册获批;所有必需程序已文件化并完成培训
使用qms-process-templates.md中的差距分析矩阵模板,逐条款记录当前状态、差距、优先级和行动。
QMS结构
程序文件 | SOP-02-001 |
| 3 | 作业指导书 | WI-06-012 |
| 4 | 记录 | 培训记录 |
文件控制工作流程
根据ISO 13485条款4.2.3建立和维护文件控制。
工作流程:文件创建与批准
- 1. 识别新文件或修订需求
- 按编号规则分配文件编号:
- 格式:[类型]-[领域]-[序号]-[版本]
- 示例:SOP-02-001-01
- 3. 使用批准模板起草文件
- 提交给主题专家评审
- 收集并处理评审意见
- 根据文件类型获取所需批准
- 更新文件总清单
- 验证: 文件编号正确;所有评审人签字;总清单已更新
文件编号规则
| 前缀 | 文件类型 | 批准权限 |
|---|
| QM | 质量手册 | 管理者代表 + CEO |
| POL |
政策 | 部门负责人 + 质量部 |
| SOP | 程序文件 | 过程负责人 + 质量部 |
| WI | 作业指导书 | 主管 + 质量部 |
| TF | 模板/表格 | 过程负责人 |
| SPEC | 规范 | 工程部 + 质量部 |
领域代码
文件控制 | 本程序 |
| 03 | 培训 | 能力程序 |
| 04 | 设计 | 设计控制 |
| 05 | 采购 | 供应商管理 |
| 06 | 生产 | 制造 |
| 07 | 质量控制 | 检验、测试 |
| 08 | CAPA | 纠正措施 |
文件变更控制
| 变更类型 | 批准级别 | 示例 |
|---|
| 行政性 | 文件控制 | 错别字、格式 |
| 轻微 |
过程负责人 + 质量部 | 澄清说明 |
| 重大 | 完整评审周期 | 过程变更 |
| 紧急 | 加急+追溯 | 安全问题 |
文件评审计划
| 文件类型 | 评审周期 | 计划外评审触发条件 |
|---|
| 质量手册 | 年度 | 组织变更 |
| 程序文件 |
年度 | 审核发现、法规变更 |
| 作业指导书 | 2年 | 过程变更 |
| 表格 | 2年 | 用户反馈 |
内部审核工作流程
根据ISO 13485条款8.2.4策划和执行内部审核。
工作流程:年度审核计划
- 1. 识别需要审核覆盖的过程和区域
- 评估审核频率的风险因素:
- 以往审核发现
- 法规变更
- 过程变更
- 投诉趋势
- 3. 指派合格审核员(独立于被审核区域)
- 制定年度审核计划
- 获取管理层批准
- 向过程负责人传达计划
- 跟踪完成情况并根据需要重新安排
- 验证: 所有过程覆盖;审核员合格且独立;计划获批
使用qms-process-templates.md中的审核计划模板,按条款和季度安排文件控制(4.2.3/4.2.4)、管理评审(5.6)、设计控制(7.3)、生产(7.5)和CAPA(8.5.2/8.5.3)等过程的审核。
工作流程:单项审核执行
- 1. 准备包含范围、标准和计划的审核方案
- 至少提前1周通知被审核方
- 审查程序和以往审核结果
- 准备审核检查表
- 召开首次会议
- 通过以下方式收集证据:
- 文件审查
- 记录抽样
- 过程观察
- 人员访谈
- 7. 分类发现项:
- 严重不符合:体系缺失或崩溃
- 一般不符合:单次失误或偏差
- 观察项:未来不符合的风险
- 8. 召开末次会议
- 5个工作日内发布审核报告
- 验证: 所有检查表项目已处理;发现项有证据支持;报告已分发
审核员资格要求
| 标准 | 要求 |
|---|
| 培训 | ISO 13485认知 + 审核员培训 |
| 经验 |
至少1次作为观察员参与审核 |
| 独立性 | 不审核自身工作区域 |
| 能力 | 理解被审核过程 |
发现项分类指南
| 分类 | 标准 | 响应时间 |
|---|
| 严重不符合 | 体系缺失、全面崩溃、法规违规 | CAPA 30天 |
| 一般不符合 |
单次实例、部分合规 | CAPA 60天 |
| 观察项 | 潜在风险、改进机会 | 下次审核跟踪 |
过程验证工作流程
根据ISO 13485条款7.5.6验证特殊过程。
工作流程:过程验证方案
- 1. 识别需要验证的过程:
- 输出无法通过检验验证
- 缺陷仅在使用中出现
- 灭菌、焊接、密封、软件
- 2. 组建包含主题专家的验证团队
- 编写验证方案,包括:
- 过程描述和参数
- 设备和材料
- 验收标准
- 统计方法
- 4. 执行IQ:验证设备安装正确并记录规格
- 执行OQ:测试参数范围并验证过程控制
- 执行PQ:在生产条件下运行并验证输出符合要求
- 编写包含结论的验证报告
- 验证: IQ/OQ/PQ完成;满足验收标准;验证报告获批
验证文件要求
设备验证 | 安装记录 |
| OQ | 参数验证 | 测试结果 |
| PQ | 性能验证 | 生产数据 |
| 报告 | 总结、结论 | 批准签字 |
再验证触发条件
| 触发条件 | 所需行动 |
|---|
| 设备变更 | 评估影响,重新验证受影响阶段 |
| 参数变更 |
至少OQ和PQ |
| 材料变更 | 评估影响,至少PQ |
| 过程失效 | 全面再验证 |
| 定期 | 按验证计划(通常3年) |
特殊过程示例
| 过程 | 验证标准 | 关键参数 |
|---|
| EO灭菌 | ISO 11135 | 温度、湿度、EO浓度、时间 |
| 蒸汽灭菌 |
ISO 17665 | 温度、压力、时间 |
| 辐射灭菌 | ISO 11137 | 剂量、剂量均匀性 |
| 密封 | 内部标准 | 温度、压力、保压时间 |
| 焊接 | ISO 11607 | 热量
