Quality Manager - QMS ISO 13485 Specialist

Domain: Regulatory & Quality | Skill: quality-manager-qms-iso13485 | Source: ra-qm-team/quality-manager-qms-iso13485/SKILL.md

---

Quality Manager - QMS ISO 13485 Specialist

ISO 13485:2016 Quality Management System implementation, maintenance, and certification support for medical device organizations.

---

Table of Contents

• QMS Implementation Workflow
• Document Control Workflow
• Internal Audit Workflow
• Process Validation Workflow
• Supplier Qualification Workflow
• QMS Process Reference
• Decision Frameworks
• Tools and References

---

QMS Implementation Workflow

Implement ISO 13485:2016 compliant quality management system from gap analysis through certification.

Workflow: Initial QMS Implementation

1. Conduct gap analysis against ISO 13485:2016 requirements
2. Document current state vs. required state for each clause
3. Prioritize gaps by:
4. Regulatory criticality
5. Risk to product safety
6. Resource requirements
7. Develop implementation roadmap with milestones
8. Establish Quality Manual per Clause 4.2.2:
9. QMS scope with justified exclusions
10. Process interactions
11. Procedure references
12. Create required documented procedures — see Mandatory Documented Procedures for the full list
13. Deploy processes with training
14. Validation: Gap analysis complete; Quality Manual approved; all required procedures documented and trained

Use the Gap Analysis Matrix template in qms-process-templates.md to document clause-by-clause current state, gaps, priority, and actions.

QMS Structure

Level	Document Type	Example
1	Quality Manual	QM-001
2	Procedures	SOP-02-001
3	Work Instructions	WI-06-012
4	Records	Training records

---

Document Control Workflow

Establish and maintain document control per ISO 13485 Clause 4.2.3.

Workflow: Document Creation and Approval

1. Identify need for new document or revision
2. Assign document number per numbering convention:
3. Format: [TYPE]-[AREA]-[SEQUENCE]-[REV]
4. Example: SOP-02-001-01
5. Draft document using approved template
6. Route for review to subject matter experts
7. Collect and address review comments
8. Obtain required approvals based on document type
9. Update Document Master List
10. Validation: Document numbered correctly; all reviewers signed; Master List updated

Document Numbering Convention

Prefix	Document Type	Approval Authority
QM	Quality Manual	Management Rep + CEO
POL	Policy	Department Head + QA
SOP	Procedure	Process Owner + QA
WI	Work Instruction	Supervisor + QA
TF	Template/Form	Process Owner
SPEC	Specification	Engineering + QA

Area Codes

Code	Area	Examples
01	Quality Management	Quality Manual, policy
02	Document Control	This procedure
03	Training	Competency procedures
04	Design	Design control
05	Purchasing	Supplier management
06	Production	Manufacturing
07	Quality Control	Inspection, testing
08	CAPA	Corrective actions

Document Change Control

Change Type	Approval Level	Examples
Administrative	Document Control	Typos, formatting
Minor	Process Owner + QA	Clarifications
Major	Full review cycle	Process changes
Emergency	Expedited + retrospective	Safety issues

Document Review Schedule

Document Type	Review Period	Trigger for Unscheduled Review
Quality Manual	Annual	Organizational change
Procedures	Annual	Audit finding, regulation change
Work Instructions	2 years	Process change
Forms	2 years	User feedback

---

Internal Audit Workflow

Plan and execute internal audits per ISO 13485 Clause 8.2.4.

Workflow: Annual Audit Program

1. Identify processes and areas requiring audit coverage
2. Assess risk factors for audit frequency:
3. Previous audit findings
4. Regulatory changes
5. Process changes
6. Complaint trends
7. Assign qualified auditors (independent of area audited)
8. Develop annual audit schedule
9. Obtain management approval
10. Communicate schedule to process owners
11. Track completion and reschedule as needed
12. Validation: All processes covered; auditors qualified and independent; schedule approved

Use the Audit Program Template in qms-process-templates.md to schedule audits by clause and quarter across processes such as Document Control (4.2.¾.2.4), Management Review (5.6), Design Control (7.3), Production (7.5), and CAPA (8.5.2/8.5.3).

Workflow: Individual Audit Execution

1. Prepare audit plan with scope, criteria, and schedule
2. Notify auditee minimum 1 week prior
3. Review procedures and previous audit results
4. Prepare audit checklist
5. Conduct opening meeting
6. Collect evidence through:
7. Document review
8. Record sampling
9. Process observation
10. Personnel interviews
11. Classify findings:
12. Major NC: Absence or breakdown of system
13. Minor NC: Single lapse or deviation
14. Observation: Risk of future NC
15. Conduct closing meeting
16. Issue audit report within 5 business days
17. Validation: All checklist items addressed; findings supported by evidence; report distributed

Auditor Qualification Requirements

Criterion	Requirement
Training	ISO 13485 awareness + auditor training
Experience	Minimum 1 audit as observer
Independence	Not auditing own work area
Competence	Understanding of audited process

Finding Classification Guide

Classification	Criteria	Response Time
Major NC	System absence, total breakdown, regulatory violation	30 days for CAPA
Minor NC	Single instance, partial compliance	60 days for CAPA
Observation	Potential risk, improvement opportunity	Track in next audit

---

Process Validation Workflow

Validate special processes per ISO 13485 Clause 7.5.6.

Workflow: Process Validation Protocol

1. Identify processes requiring validation:
2. Output cannot be verified by inspection
3. Deficiencies appear only in use
4. Sterilization, welding, sealing, software
5. Form validation team with subject matter experts
6. Write validation protocol including:
7. Process description and parameters
8. Equipment and materials
9. Acceptance criteria
10. Statistical approach
11. Execute IQ: verify equipment installed correctly and document specifications
12. Execute OQ: test parameter ranges and verify process control
13. Execute PQ: run production conditions and verify output meets requirements
14. Write validation report with conclusions
15. Validation: IQ/OQ/PQ complete; acceptance criteria met; validation report approved

Validation Documentation Requirements

Phase	Content	Evidence
Protocol	Objectives, methods, criteria	Approved protocol
IQ	Equipment verification	Installation records
OQ	Parameter verification	Test results
PQ	Performance verification	Production data
Report	Summary, conclusions	Approval signatures

Revalidation Triggers

Trigger	Action Required
Equipment change	Assess impact, revalidate affected phases
Parameter change	OQ and PQ minimum
Material change	Assess impact, PQ minimum
Process failure	Full revalidation
Periodic	Per validation schedule (typically 3 years)

Special Process Examples

Process	Validation Standard	Critical Parameters
EO Sterilization	ISO 11135	Temperature, humidity, EO concentration, time
Steam Sterilization	ISO 17665	Temperature, pressure, time
Radiation Sterilization	ISO 11137	Dose, dose uniformity
Sealing	Internal	Temperature, pressure, dwell time
Welding	ISO 11607	Heat, pressure, speed

---

Supplier Qualification Workflow

Evaluate and approve suppliers per ISO 13485 Clause 7.4.

Workflow: New Supplier Qualification

1. Identify supplier category:
2. Category A: Critical (affects safety/performance)
3. Category B: Major (affects quality)
4. Category C: Minor (indirect impact)
5. Request supplier information:
6. Quality certifications
7. Product specifications
8. Quality history
9. Evaluate supplier based on:
10. Quality system (ISO certification)
11. Technical capability
12. Quality history
13. Financial stability
14. For Category A suppliers:
15. Conduct on-site audit
16. Require quality agreement
17. Calculate qualification score
18. Make approval decision:

19. 80: Approved

20. 60-80: Conditional approval
21. <60: Not approved
22. Add to Approved Supplier List
23. Validation: Evaluation criteria scored; qualification records complete; supplier categorized

Supplier Evaluation Criteria

Criterion	Weight	Scoring
Quality System	30%	ISO 13485=30, ISO 9001=20, Documented=10, None=0
Quality History	25%	Reject rate: <1%=25, 1-3%=15, >3%=0
Delivery	20%	On-time: >95%=20, 90-95%=10, <90%=0
Technical Capability	15%	Exceeds=15, Meets=10, Marginal=5
Financial Stability	10%	Strong=10, Adequate=5, Questionable=0

Supplier Category Requirements

Category	Qualification	Monitoring	Agreement
A - Critical	On-site audit	Annual review	Quality agreement
B - Major	Questionnaire	Semi-annual review	Quality requirements
C - Minor	Assessment	Issue-based	Standard terms

Supplier Performance Metrics

Metric	Target	Calculation
Accept Rate	>98%	(Accepted lots / Total lots) × 100
On-Time Delivery	>95%	(On-time / Total orders) × 100
Response Time	<5 days	Average days to resolve issues
Documentation	100%	(Complete CoCs / Required CoCs) × 100

---

QMS Process Reference

For detailed requirements and audit questions for each ISO 13485:2016 clause, see iso13485-clause-requirements.md.

Management Review Required Inputs (Clause 5.6.2)

Input	Source	Prepared By
Audit results	Internal and external audits	QA Manager
Customer feedback	Complaints, surveys	Customer Quality
Process performance	Process metrics	Process Owners
Product conformity	Inspection data, NCs	QC Manager
CAPA status	CAPA system	CAPA Officer
Previous actions	Prior review records	QMR
Changes affecting QMS	Regulatory, organizational	RA Manager
Recommendations	All sources	All Managers

Record Retention Requirements

Record Type	Minimum Retention	Regulatory Basis
Device Master Record	Life of device + 2 years	21 CFR 820.181
Device History Record	Life of device + 2 years	21 CFR 820.184
Design History File	Life of device + 2 years	21 CFR 820.30
Complaint Records	Life of device + 2 years	21 CFR 820.198
Training Records	Employment + 3 years	Best practice
Audit Records	7 years	Best practice
CAPA Records	7 years	Best practice
Calibration Records	Equipment life + 2 years	Best practice

---

Decision Frameworks

Exclusion Justification (Clause 4.2.2)

Clause	Permissible Exclusion	Justification Required
6.4.2	Contamination control	Product not affected by contamination
7.3	Design and development	Organization does not design products
7.5.2	Product cleanliness	No cleanliness requirements
7.5.3	Installation	No installation activities
7.5.4	Servicing	No servicing activities
7.5.5	Sterile products	No sterile products

Nonconformity Disposition Decision Tree

Nonconforming Product Identified
            │
            ▼
    Can it be reworked?
            │
       Yes──┴──No
        │       │
        ▼       ▼
    Is rework     Can it be used
    procedure     as is?
    available?        │
        │        Yes──┴──No
    Yes─┴─No     │       │
     │    │     ▼       ▼
     ▼    ▼  Concession  Scrap or
  Rework  Create    approval    return to
  per SOP  rework    needed?    supplier
          procedure     │
                    Yes─┴─No
                     │    │
                     ▼    ▼
                 Customer  Use as is
                 approval  with MRB
                          approval

CAPA Initiation Criteria

Source	Automatic CAPA	Evaluate for CAPA
Customer complaint	Safety-related	All others
External audit	Major NC	Minor NC
Internal audit	Major NC	Repeat minor NC
Product NC	Field failure	Trend exceeds threshold
Process deviation	Safety impact	Repeated deviations

---

Tools and References

Scripts

Tool	Purpose	Usage
qms_audit_checklist.py	Generate audit checklists by clause or process	python qms_audit_checklist.py --help

Audit Checklist Generator Features: - Generate clause-specific checklists (e.g., --clause 7.3) - Generate process-based checklists (e.g., --process design-control) - Full system audit checklist (--audit-type system) - Text or JSON output formats - Interactive mode for guided selection

References

Document	Content
iso13485-clause-requirements.md	Detailed requirements for each ISO 13485:2016 clause with audit questions
qms-process-templates.md	Ready-to-use templates for gap analysis, audit program, document control, CAPA, supplier, training

Quick Reference: Mandatory Documented Procedures

Procedure	Clause	Key Elements
Document Control	4.2.3	Approval, distribution, obsolete control
Record Control	4.2.4	Identification, retention, disposal
Internal Audit	8.2.4	Program, auditor qualification, reporting
NC Product Control	8.3	Identification, segregation, disposition
Corrective Action	8.5.2	Root cause, implementation, verification
Preventive Action	8.5.3	Risk identification, implementation

---

Related Skills

Skill	Integration Point
quality-manager-qmr	Management review, quality policy
capa-officer	CAPA system management
qms-audit-expert	Advanced audit techniques
quality-documentation-manager	DHF, DMR, DHR management
risk-management-specialist	ISO 14971 integration