Source Code

Quality Manager - QMS ISO 13485 Specialist

ISO 13485:2016 Quality Management System implementation, maintenance, and certification support for medical device organizations.

QMS Implementation Workflow
Document Control Workflow
Internal Audit Workflow
Process Validation Workflow
Supplier Qualification Workflow
QMS Process Reference
Decision Frameworks
Tools and References

QMS Implementation Workflow

Implement ISO 13485:2016 compliant quality management system from gap analysis through certification.

Workflow: Initial QMS Implementation

Conduct gap analysis against ISO 13485:2016 requirements
Document current state vs. required state for each clause
Prioritize gaps by:
- Regulatory criticality
- Risk to product safety
- Resource requirements
Develop implementation roadmap with milestones
Establish Quality Manual per Clause 4.2.2:
- QMS scope with justified exclusions
- Process interactions
- Procedure references
Create required documented procedures:
- Document control (4.2.3)
- Record control (4.2.4)
- Internal audit (8.2.4)
- Nonconforming product (8.3)
- Corrective action (8.5.2)
- Preventive action (8.5.3)
Deploy processes with training
Validation: Gap analysis complete; Quality Manual approved; all required procedures documented and trained

Gap Analysis Matrix

Clause	Requirement	Current State	Gap	Priority	Action
4.2.2	Quality Manual	Not documented	Major	High	Create QM
4.2.3	Document control	Informal	Moderate	High	Formalize SOP
5.6	Management review	Ad hoc	Major	High	Establish schedule
7.3	Design control	Partial	Moderate	Medium	Complete procedures
8.2.4	Internal audit	None	Major	High	Create program

QMS Structure

Level	Document Type	Purpose	Example
1	Quality Manual	QMS overview, policy	QM-001
2	Procedures	How processes work	SOP-02-001
3	Work Instructions	Task-level detail	WI-06-012
4	Records	Evidence of conformity	Training records

Required Procedure List

Clause	Procedure	Minimum Content
4.2.3	Document Control	Approval, review, distribution, obsolete control
4.2.4	Record Control	Identification, storage, retention, disposal
8.2.4	Internal Audit	Program, auditor qualification, reporting
8.3	Nonconforming Product	Identification, segregation, disposition
8.5.2	Corrective Action	Investigation, root cause, effectiveness
8.5.3	Preventive Action	Risk identification, implementation, verification

Document Control Workflow

Establish and maintain document control per ISO 13485 Clause 4.2.3.

Workflow: Document Creation and Approval

Identify need for new document or revision
Assign document number per numbering convention:
- Format: [TYPE]-[AREA]-[SEQUENCE]-[REV]
- Example: SOP-02-001-01
Draft document using approved template
Route for review to subject matter experts
Collect and address review comments
Obtain required approvals based on document type
Update Document Master List
Validation: Document numbered correctly; all reviewers signed; Master List updated

Document Numbering Convention

Prefix	Document Type	Approval Authority
QM	Quality Manual	Management Rep + CEO
POL	Policy	Department Head + QA
SOP	Procedure	Process Owner + QA
WI	Work Instruction	Supervisor + QA
TF	Template/Form	Process Owner
SPEC	Specification	Engineering + QA

Area Codes

Code	Area	Examples
01	Quality Management	Quality Manual, policy
02	Document Control	This procedure
03	Training	Competency procedures
04	Design	Design control
05	Purchasing	Supplier management
06	Production	Manufacturing
07	Quality Control	Inspection, testing
08	CAPA	Corrective actions

Document Change Control

Change Type	Approval Level	Examples
Administrative	Document Control	Typos, formatting
Minor	Process Owner + QA	Clarifications
Major	Full review cycle	Process changes
Emergency	Expedited + retrospective	Safety issues

Document Review Schedule

Document Type	Review Period	Trigger for Unscheduled Review
Quality Manual	Annual	Organizational change
Procedures	Annual	Audit finding, regulation change
Work Instructions	2 years	Process change
Forms	2 years	User feedback

Internal Audit Workflow

Plan and execute internal audits per ISO 13485 Clause 8.2.4.

Workflow: Annual Audit Program

Identify processes and areas requiring audit coverage
Assess risk factors for audit frequency:
- Previous audit findings
- Regulatory changes
- Process changes
- Complaint trends
Assign qualified auditors (independent of area audited)
Develop annual audit schedule
Obtain management approval
Communicate schedule to process owners
Track completion and reschedule as needed
Validation: All processes covered; auditors qualified and independent; schedule approved

Workflow: Individual Audit Execution

Prepare audit plan with scope, criteria, and schedule
Notify auditee minimum 1 week prior
Review procedures and previous audit results
Prepare audit checklist
Conduct opening meeting
Collect evidence through:
- Document review
- Record sampling
- Process observation
- Personnel interviews
Classify findings:
- Major NC: Absence or breakdown of system
- Minor NC: Single lapse or deviation
- Observation: Risk of future NC
Conduct closing meeting
Issue audit report within 5 business days
Validation: All checklist items addressed; findings supported by evidence; report distributed

Audit Program Template

Audit #	Process	Clauses	Q1	Q2	Q3	Q4	Auditor
IA-001	Document Control	4.2.3, 4.2.4	X				[Name]
IA-002	Management Review	5.6		X			[Name]
IA-003	Design Control	7.3		X			[Name]
IA-004	Production	7.5			X		[Name]
IA-005	CAPA	8.5.2, 8.5.3				X	[Name]

Auditor Qualification Requirements

Criterion	Requirement
Training	ISO 13485 awareness + auditor training
Experience	Minimum 1 audit as observer
Independence	Not auditing own work area
Competence	Understanding of audited process

Finding Classification Guide

Classification	Criteria	Response Time
Major NC	System absence, total breakdown, regulatory violation	30 days for CAPA
Minor NC	Single instance, partial compliance	60 days for CAPA
Observation	Potential risk, improvement opportunity	Track in next audit

Process Validation Workflow

Validate special processes per ISO 13485 Clause 7.5.6.

Workflow: Process Validation Protocol

Identify processes requiring validation:
- Output cannot be verified by inspection
- Deficiencies appear only in use
- Sterilization, welding, sealing, software
Form validation team with subject matter experts
Write validation protocol including:
- Process description and parameters
- Equipment and materials
- Acceptance criteria
- Statistical approach
Execute Installation Qualification (IQ):
- Verify equipment installed correctly
- Document equipment specifications
Execute Operational Qualification (OQ):
- Test parameter ranges
- Verify process control
Execute Performance Qualification (PQ):
- Run production conditions
- Verify output meets requirements
Write validation report with conclusions
Validation: IQ/OQ/PQ complete; acceptance criteria met; validation report approved

Validation Documentation Requirements

Phase	Content	Evidence
Protocol	Objectives, methods, criteria	Approved protocol
IQ	Equipment verification	Installation records
OQ	Parameter verification	Test results
PQ	Performance verification	Production data
Report	Summary, conclusions	Approval signatures

Revalidation Triggers

Trigger	Action Required
Equipment change	Assess impact, revalidate affected phases
Parameter change	OQ and PQ minimum
Material change	Assess impact, PQ minimum
Process failure	Full revalidation
Periodic	Per validation schedule (typically 3 years)

Special Process Examples

Process	Validation Standard	Critical Parameters
EO Sterilization	ISO 11135	Temperature, humidity, EO concentration, time
Steam Sterilization	ISO 17665	Temperature, pressure, time
Radiation Sterilization	ISO 11137	Dose, dose uniformity
Sealing	Internal	Temperature, pressure, dwell time
Welding	ISO 11607	Heat, pressure, speed

Supplier Qualification Workflow

Evaluate and approve suppliers per ISO 13485 Clause 7.4.

Workflow: New Supplier Qualification

Identify supplier category:
- Category A: Critical (affects safety/performance)
- Category B: Major (affects quality)
- Category C: Minor (indirect impact)
Request supplier information:
- Quality certifications
- Product specifications
- Quality history
Evaluate supplier based on:
- Quality system (ISO certification)
- Technical capability
- Quality history
- Financial stability
For Category A suppliers:
- Conduct on-site audit
- Require quality agreement
Calculate qualification score
Make approval decision:
- 80: Approved
- 60-80: Conditional approval
- <60: Not approved
Add to Approved Supplier List
Validation: Evaluation criteria scored; qualification records complete; supplier categorized

Supplier Evaluation Criteria

Criterion	Weight	Scoring
Quality System	30%	ISO 13485=30, ISO 9001=20, Documented=10, None=0
Quality History	25%	Reject rate: <1%=25, 1-3%=15, >3%=0
Delivery	20%	On-time: >95%=20, 90-95%=10, <90%=0
Technical Capability	15%	Exceeds=15, Meets=10, Marginal=5
Financial Stability	10%	Strong=10, Adequate=5, Questionable=0

Supplier Category Requirements

Category	Qualification	Monitoring	Agreement
A - Critical	On-site audit	Annual review	Quality agreement
B - Major	Questionnaire	Semi-annual review	Quality requirements
C - Minor	Assessment	Issue-based	Standard terms

Supplier Performance Metrics

Metric	Target	Calculation
Accept Rate	>98%	(Accepted lots / Total lots) × 100
On-Time Delivery	>95%	(On-time / Total orders) × 100
Response Time	<5 days	Average days to resolve issues
Documentation	100%	(Complete CoCs / Required CoCs) × 100

QMS Process Reference

ISO 13485 Clause Structure

Clause	Title	Key Requirements
4.1	General Requirements	Process identification, interaction, outsourcing
4.2	Documentation	Quality Manual, procedures, records
5.1-5.5	Management Responsibility	Commitment, policy, objectives, organization
5.6	Management Review	Inputs, outputs, records
6.1-6.4	Resource Management	Personnel, infrastructure, environment
7.1	Product Realization Planning	Quality plan, risk management
7.2	Customer Requirements	Determination, review, communication
7.3	Design and Development	Planning, inputs, outputs, review, V&V, transfer, changes
7.4	Purchasing	Supplier control, purchasing info, verification
7.5	Production	Control, cleanliness, validation, identification, traceability
7.6	Monitoring Equipment	Calibration, control
8.1	Measurement Planning	Monitoring and analysis planning
8.2	Monitoring	Feedback, complaints, reporting, audits, process, product
8.3	Nonconforming Product	Control, disposition
8.4	Data Analysis	Trend analysis
8.5	Improvement	CAPA

Management Review Required Inputs (Clause 5.6.2)

Input	Source	Prepared By
Audit results	Internal and external audits	QA Manager
Customer feedback	Complaints, surveys	Customer Quality
Process performance	Process metrics	Process Owners
Product conformity	Inspection data, NCs	QC Manager
CAPA status	CAPA system	CAPA Officer
Previous actions	Prior review records	QMR
Changes affecting QMS	Regulatory, organizational	RA Manager
Recommendations	All sources	All Managers

Record Retention Requirements

Record Type	Minimum Retention	Regulatory Basis
Device Master Record	Life of device + 2 years	21 CFR 820.181
Device History Record	Life of device + 2 years	21 CFR 820.184
Design History File	Life of device + 2 years	21 CFR 820.30
Complaint Records	Life of device + 2 years	21 CFR 820.198
Training Records	Employment + 3 years	Best practice
Audit Records	7 years	Best practice
CAPA Records	7 years	Best practice
Calibration Records	Equipment life + 2 years	Best practice

Decision Frameworks

Exclusion Justification (Clause 4.2.2)

Clause	Permissible Exclusion	Justification Required
6.4.2	Contamination control	Product not affected by contamination
7.3	Design and development	Organization does not design products
7.5.2	Product cleanliness	No cleanliness requirements
7.5.3	Installation	No installation activities
7.5.4	Servicing	No servicing activities
7.5.5	Sterile products	No sterile products

Nonconformity Disposition Decision Tree

Nonconforming Product Identified
            │
            ▼
    Can it be reworked?
            │
       Yes──┴──No
        │       │
        ▼       ▼
    Is rework     Can it be used
    procedure     as is?
    available?        │
        │        Yes──┴──No
    Yes─┴─No     │       │
     │    │     ▼       ▼
     ▼    ▼  Concession  Scrap or
  Rework  Create    approval    return to
  per SOP  rework    needed?    supplier
          procedure     │
                    Yes─┴─No
                     │    │
                     ▼    ▼
                 Customer  Use as is
                 approval  with MRB
                          approval

CAPA Initiation Criteria

Source	Automatic CAPA	Evaluate for CAPA
Customer complaint	Safety-related	All others
External audit	Major NC	Minor NC
Internal audit	Major NC	Repeat minor NC
Product NC	Field failure	Trend exceeds threshold
Process deviation	Safety impact	Repeated deviations

Tools and References

Scripts

Tool	Purpose	Usage
qms_audit_checklist.py	Generate audit checklists by clause or process	`python qms_audit_checklist.py --help`

Audit Checklist Generator Features:

Generate clause-specific checklists (e.g., --clause 7.3)
Generate process-based checklists (e.g., --process design-control)
Full system audit checklist (--audit-type system)
Text or JSON output formats
Interactive mode for guided selection

References

Document	Content
iso13485-clause-requirements.md	Detailed requirements for each ISO 13485:2016 clause with audit questions
qms-process-templates.md	Ready-to-use templates for document control, audit, CAPA, supplier, training

Quick Reference: Mandatory Documented Procedures

Procedure	Clause	Key Elements
Document Control	4.2.3	Approval, distribution, obsolete control
Record Control	4.2.4	Identification, retention, disposal
Internal Audit	8.2.4	Program, auditor qualification, reporting
NC Product Control	8.3	Identification, segregation, disposition
Corrective Action	8.5.2	Root cause, implementation, verification
Preventive Action	8.5.3	Risk identification, implementation

Related Skills

Skill	Integration Point
quality-manager-qmr	Management review, quality policy
capa-officer	CAPA system management
qms-audit-expert	Advanced audit techniques
quality-documentation-manager	DHF, DMR, DHR management
risk-management-specialist	ISO 14971 integration

quality-manager-qms-iso13485