OpenRegulatory Template

Quality Manual, Policy and Objectives

ISO 13485:2016 Section Document Section
4.1.1 1.
4.1.2 4.
4.2.1 b) (All)
4.2.2 (All)
5.3 2.
5.4.1 2.


The Quality Manual describes the scope of the Quality Management System, its documented procedures and a description of their interactions.

1. Scope

The QMS described in this Quality Manual applies to all products of <your company name>.

Role of Company

Other roles besides manufacturer are: Authorized representative, distributor.

<your company name> is a manufacturer of Medical Devices.

Applicable Standards

The following table only gives an overview of the most relevant regulation and standards. For a comprehensive overview, see the list of applicable standards (reference here).

Standard / Regulation / Law Why Applicable?
MDR (2017/745) Regulation for all Medical Device Manufacturers in the EU
EN ISO 13485:2016 QMS required by essential requirements of MDD/MDR
EN ISO 14971:2019 Risk management for medical devices
IEC 62304:2006 Software development for medical devices
IEC 62366-1:2015 Usability evaluation for medical devices


The following sections of ISO 13485:2016 will be excluded due to the product being stand-alone software:

2. Quality Policy & Objectives

Quality Policy

Describe what your company is about, specifically, its mission and things which are important for it. Maybe you’re developing software for patients with a certain disease and your goal is to improve their lives.

In addition, the policy should include a commitment to meet legal requirements, keep the QMS up to date and define quality objectives to work towards.

Quality Objectives

Whatever policy you outlined above, now you need to make it measurable by defining objectives which can be tracked. Those objectives should not (only) refer to the quality of your devices but the quality of your QMS and the overall work of your organization. Typical examples are: hiring excellence in staff, providing, best-of-class device performance, high standards of customer satisfaction, etc.

Implementation Option 1: You define measurable, yet still abstract quality objectives here. In a next step (see short-term goals below), those are narrowed down to very concrete measures (for example: monthly number of user complaints). The advantage of that: you don’t need to update your quality manual and objectives a lot. And you can re-use a system that you already have, combining QMS with your regular business goals.

Implementation Option 2: As part of your management review, you will have to review all QMS processes plus your quality policy and objectives at least annually. You can use that opportunity to define process-related KPIs which serve at the same time as your quality objectives.

Short-Term Goals

How does your team track its goals? Your auditors want to see how your quality objectives translate into your daily work. You should formulate strategic goals for your company that are somewhat related to your quality goals and which are tracked at least on an annual basis. Do you already have a goal-oriented system in place to track your team’s work? Even better: align business and quality goals and describe your system here.

3. Roles

Describe the roles of the people in your company. Typically this is done by drawing an organigram (you could use for that). Or, you just use a table like below.

Minimum requirement information: required qualification and description of tasks related to QMS process involvement If applicable, add: report / authority, access rights, etc.

Role People
CEO Steve Jobs
CTO Steve Wozniak
Product Manager Ada Lovelace
QMO Oliver Eidel

All C-level roles (CEO, CTO, CMO) are referred to as the Management. Management is generally responsible to define responsibilities and authorities, to define and communicate Quality Policy and Goals and to ensure that the whole organization is oriented towards them.

See ISO 13485, para. 5.1, para. 5.5.1

The Quality Management Officer (QMO) is responsible for:

Required qualification for this role:

See ISO 13485, para. 5.1, para. 5.5.2

Person Responsible for Regulatory Compliance (PRRC) Responsibilities of the PRRC are in accordance with Art. 15 MDR as follows:

The PRRC shall not be subjected to Management instructions while carrying out his/her responsibilities specified above. His/her tasks may be delegated to other roles as long as it is ensured that final responsibility stays with the PRRC. She or he has the power and authority to represent the company in the scope of his/her responsibilities, e.g. in communicating with state authorities.

Required qualification for this role:

4. Processes

List all your SOPs here. This list is highly company-specific and might therefore be currently incomplete.

Important Note:

Also mention if one of these processes is outsourced to a third party (typical examples: internal auditing or clinical evaluation done by a regulatory consultant, software development done by an external agency; see ISO 13485:2016, para. 4.1.5 for more context).

SOP Process Category Internal / Outsourced
SOP Corrective and Preventive Action Management Internal
SOP Clinical Evaluation Core Outsourced (?)
SOP Product Certification and Registration Core Internal
SOP Change Management Core Internal
SOP Deployment Core Internal
SOP Document and Record Control Support Internal
SOP Integrated Software Development Core Internal
SOP Feedback Management Core Internal
SOP Internal Auditing Management Outsourced (?)
SOP Management Review Management Internal
SOP Post-Market Surveillance Management Internal
SOP Problem Resolution Core Internal
SOP Software Validation Support Internal
SOP Update of Regulations Support Internal
SOP Vigilance Core Internal

Template Copyright See template license.

Please don’t remove this notice even if you’ve modified contents of this template.