scientific-skills/iso-13485-certification/references/quality-manual-guide.md
This guide provides comprehensive instructions for creating an ISO 13485:2016 compliant Quality Manual.
The Quality Manual is the foundational policy-level document of your Quality Management System (QMS). It:
The Quality Manual is typically 20-50 pages and remains relatively stable over time, while procedures and work instructions may change more frequently.
The Quality Manual must include:
The Quality Manual should be at a policy level, not operational level:
DO:
DON'T:
Good (Policy Level):
"The organization has established a documented procedure for the control of nonconforming product. This procedure ensures that nonconforming product is identified, segregated, and dispositioned appropriately. The Quality Manager is responsible for reviewing all nonconformances and determining appropriate corrective actions. Refer to SOP-8.3-01 Control of Nonconforming Product."
Too Detailed (Operational Level - Don't do this):
"When a nonconforming product is identified, the inspector fills out Form NCR-001 and places a red tag on the product. The product is moved to the quarantine area in Building B, Row 5. The Quality Manager reviews the NCR within 24 hours and checks one of three boxes: Rework, Scrap, or Use As-Is. If rework is selected, the inspector..."
Purpose: Control and identification of the manual itself
Content:
Example Revision History Table:
| Revision | Date | Description of Changes | Approved By |
|---|---|---|---|
| 00 | YYYY-MM-DD | Initial release | [Name] |
| 01 | YYYY-MM-DD | Updated Section 7.3 for new design process | [Name] |
Explain that this manual:
List key terms used in the manual:
Must Include:
Example:
"This Quality Management System applies to [Company Name] and covers all activities related to the design, development, production, installation, and servicing of [product type] medical devices at our facility located at [address]. The QMS applies to all employees, contractors, and temporary staff performing work that affects product quality and regulatory compliance."
List product categories or families covered:
Example:
"This QMS covers the following medical device product families:
- Surgical instruments (Class I)
- Patient monitoring systems (Class II)
- Implantable cardiac devices (Class III)"
List all applicable regulations:
Common Exclusions:
Design and Development (Clause 7.3): If you only manufacture per customer specifications without your own design:
"Clause 7.3 Design and Development is excluded from the scope of this QMS. [Company Name] operates as a contract manufacturer and produces medical devices according to complete design specifications provided by customers. All design activities are performed by the customer and [Company Name] has no responsibility for design inputs, outputs, verification, validation, or design changes."
Installation (Clause 7.5.3): If product requires no installation:
"Clause 7.5.3 Installation Activities is excluded. The medical devices manufactured by [Company Name] are supplied ready for use and do not require installation activities at the customer site."
Servicing (Clause 7.5.4): If servicing is not offered:
"Clause 7.5.4 Servicing Activities is excluded. [Company Name] does not provide servicing of medical devices after delivery to the customer. Products are intended for single use [or] servicing is performed by authorized service partners under separate contractual arrangements."
Important: All exclusions must be justified based on the nature of the organization and products. Exclusions must not affect the organization's ability or responsibility to provide safe and effective medical devices that meet regulatory requirements.
Requirements:
Example:
QUALITY POLICY
[Company Name] is committed to providing safe, effective, and high-quality medical devices that meet or exceed customer expectations and comply with all applicable regulatory requirements.
We achieve this through:
- Maintaining an effective Quality Management System compliant with ISO 13485 and applicable regulatory requirements
- Establishing, monitoring, and achieving measurable quality objectives
- Continually improving our processes, products, and QMS effectiveness
- Ensuring all personnel understand their responsibilities and are properly trained
- Managing risks throughout the product lifecycle
- Promptly addressing customer feedback and complaints
This policy is communicated to all employees and reviewed annually to ensure continuing suitability.
[Signature] [Name], Chief Executive Officer [Date]
List measurable objectives that support the policy:
Example:
The organization has established the following measurable quality objectives:
- Customer satisfaction rating ≥ 4.5 out of 5.0
- Product defect rate < 0.5% of units shipped
- On-time delivery ≥ 95%
- CAPA closed within 60 days ≥ 90%
- Employee training completion rate ≥ 100% on schedule
- Internal audit findings addressed within 30 days ≥ 95%
Quality objectives are reviewed quarterly and revised as necessary to drive continual improvement.
Explain how policy and objectives are communicated:
This section describes how you've implemented ISO 13485 Clause 4 requirements.
List QMS processes:
Reference the process map in Appendix C.
Describe how processes interact:
"The QMS processes are interconnected and sequential. Management review provides direction for all processes. Product realization processes transform customer requirements into delivered products. Support processes enable product realization. Monitoring processes provide feedback for continual improvement. A detailed process map showing interactions is provided in Appendix C."
If applicable, list outsourced processes and how they're controlled:
Describe risk management approach:
"The organization has established documented requirements for risk management throughout product realization in accordance with ISO 14971. Risk management activities are integrated into design and development, production, and post-market surveillance. Risk management records are maintained as part of the Medical Device File. Refer to SOP-4.1.5 Risk Management."
Describe approach to software validation:
"Computer software applications used in the QMS, including [list key software systems], are validated prior to initial use and after changes. Validation activities are based on risk assessment and include installation qualification, operational qualification, and performance qualification as appropriate. Refer to SOP-4.1.6 Software Validation."
Describe the documentation structure (fulfill 4.2.2.d requirement):
Four-Tier Documentation Structure:
Tier 1: Quality Manual (This Document)
Tier 2: Procedures (SOPs)
Tier 3: Work Instructions (WIs)
Tier 4: Records and Forms
Include a visual diagram of the documentation hierarchy.
Describe MDF structure:
"A Medical Device File (MDF) is established and maintained for each medical device type or family. The MDF contains all documentation specified in ISO 13485:2016 Clause 4.2.3, including general description, intended use, specifications, procedures, risk management file, and design and development files when applicable. MDF contents and control are defined in SOP-4.2.3 Medical Device File."
Summarize document control process:
"All QMS documents are controlled per SOP-4.2.4 Control of Documents. This ensures documents are approved before use, reviewed and updated as necessary, properly identified with revision status, available at points of use, legible and identifiable, and protected from unintended use of obsolete versions."
Summarize record control process:
"QMS records provide evidence of conformity and effective operation. Records are controlled per SOP-4.2.5 Control of Records to ensure they remain legible, readily identifiable, retrievable, and protected. Records are retained for at least the lifetime of the medical device as defined by the organization, and in accordance with applicable regulatory requirements."
For these sections, follow this pattern for each clause:
Example for Clause 8.2.2 Complaint Handling:
8.2.2 Complaint Handling
The organization has established a documented procedure for timely complaint handling. All complaints are promptly received, recorded, evaluated, investigated, and appropriately resolved. Complaints are analyzed for trends and potential product quality or safety issues. Complaints that meet regulatory reporting criteria are reported to applicable regulatory authorities within required timeframes.
The Quality Assurance Manager is responsible for complaint handling and ensuring compliance with regulatory requirements.
Refer to SOP-8.2.2 Complaint Handling for detailed procedures.
Repeat this pattern for all clauses 5.1 through 8.5.3.
Create a table listing all QMS procedures:
| SOP Number | Title | ISO 13485 Clause | Approval Date | Revision |
|---|---|---|---|---|
| SOP-4.1.5 | Risk Management | 4.1.5 | YYYY-MM-DD | 02 |
| SOP-4.1.6 | Software Validation | 4.1.6 | YYYY-MM-DD | 01 |
| SOP-4.2.4 | Control of Documents | 4.2.4 | YYYY-MM-DD | 03 |
| ... | ... | ... | ... | ... |
Include all 31 required procedures plus any additional procedures.
Include a current organization chart showing:
Include a visual process map showing:
This can be a flowchart, swim-lane diagram, or process interaction matrix.
Comprehensive list of terms and abbreviations used in the QMS.
Detailed list of all regulatory requirements applicable to your organization:
Problem: Including step-by-step procedures in the manual Solution: Keep at policy level, reference detailed procedures
Problem: Copying text directly from ISO 13485 Solution: Write in your own words describing YOUR QMS
Problem: Referencing procedures that don't exist or have wrong numbers Solution: Maintain a master list of procedures and verify all references
Problem: Excluding clauses without proper justification Solution: Carefully justify all exclusions based on business activities
Problem: Missing visual representation of process interactions Solution: Create clear process map in Appendix C
Problem: Quality policy that could apply to any company Solution: Make policy specific to your organization and products
Problem: Manual doesn't reflect current operations Solution: Review and update regularly
Problem: No management approval signatures Solution: Ensure top management signs the document control page and quality policy
Problem: Multiple versions in circulation Solution: Implement proper document control per Section 4.2.4
Problem: Not including complete list of documented procedures Solution: Create comprehensive procedure list in Appendix A
Use this checklist to verify your Quality Manual is complete:
Choose a style appropriate for your organization:
QUALITY POLICY
At [Company Name], quality is our highest priority. We are committed to designing, manufacturing, and delivering medical devices that meet the highest standards of safety, performance, and reliability.
Our commitments include:
- Compliance with ISO 13485 and all applicable regulatory requirements
- Understanding and meeting customer and patient needs
- Establishing and achieving measurable quality objectives
- Managing risks throughout the product lifecycle
- Continually improving our processes and products
- Maintaining competent and motivated personnel
- Responding promptly and effectively to feedback and complaints
- Fostering a culture of quality and accountability
This policy applies to all employees, contractors, and suppliers. Every person in our organization is responsible for quality and for supporting our QMS. This policy is reviewed annually and communicated throughout the organization.
[Signature Block]
QUALITY POLICY
[Company Name] is committed to providing safe and effective medical devices that meet customer expectations and regulatory requirements. We maintain a quality management system compliant with ISO 13485 and continually improve its effectiveness through measurable objectives and employee engagement.
[Signature Block]
QUALITY POLICY
Our mission is to improve patient outcomes through innovative, high-quality medical devices. We achieve this by:
- Placing patient safety first in all decisions
- Complying with ISO 13485 and regulatory requirements
- Engaging employees in quality and continuous improvement
- Partnering with customers to exceed expectations
- Managing risks proactively throughout product lifecycle
This policy is communicated to all personnel and reviewed for effectiveness.
[Signature Block]