Template: Quality Manual, Policy, Objectives

Dr. Oliver Eidel
Updated October 7, 2024

Template Download

This is a free template, provided by OpenRegulatory.

If you are a user of Formwork, our eQMS software, you can save a lot of time by choosing “QMS” on the top menu and “OpenRegulatory Templates” on the left menu, and then opening the relevant folder to find this template ready to load into Formwork.

If, for some mysterious reason, you’re using a different QMS Software, you can also simply download this template – specifically, as Word (.docx), PDF, Google Docs or Markdown file. Scroll down for a preview!

The template license applies (don’t remove the copyright at the bottom, don’t re-use this for commercial purposes).

Lost In Regulation? Book a Free 30-Minute Consulting Call.

Unsure how to get started and how to get your EU MDR medical device certified?
We’ve already helped hundreds of companies with their MDR compliance.
Book a free 30-minute consulting call and let’s discuss how you can get your compliance done efficienty.

Book a free 30-minute consulting call
Template preview
ISO 13485:2016 SectionDocument Section
4.1.11.
4.1.24.
4.2.1 b)(All)
4.2.2(All)
5.32.
5.4.12.

Summary

The Quality Manual describes the scope of the Quality Management System, its documented procedures and a
description of their interactions.

1. Scope

The QMS described in this Quality Manual applies to all products of \.

Role of Company

Other roles besides manufacturer are: Authorized representative, distributor.

\ is a manufacturer of Medical Devices.

Applicable Standards

The following table only gives an overview of the most relevant regulation and standards. For a comprehensive overview, see the list of applicable standards (reference here).

Standard / Regulation / LawWhy Applicable?
EU Regulation 2017/745Regulation for medical devices for human use
EU Regulation 2021/2226Regulation for electronic instructions for use
EN ISO 13485:2016QMS required by essential requirements of MDD/MDR
EN ISO 14971:2019Risk management for medical devices
IEC 62304:2006Software development for medical devices
IEC 62366-1:2015Usability evaluation for medical devices

Exclusions

The following sections of ISO 13485:2016 will be excluded due to the product being stand-alone software:

  • 6.4.2 Contamination control
  • 7.5.2 Cleanliness of product
  • 7.5.5 Particular requirements for sterile medical devices
  • 7.5.7 Particular requirements for validation of processes for sterilization and sterile barrier systems
  • 7.5.9.2 Particular requirements for implantable medical devices
  • 7.5.11 Preservation of product

2. Quality Policy & Objectives

Quality Policy

Describe what your company is about, specifically, its mission and things which are important for it. Maybe
you’re developing software for patients with a certain disease and your goal is to improve their lives.

In addition, the policy should include a commitment to meet legal requirements, keep the QMS up to date and
define quality objectives to work towards.

Quality Objectives

Whatever policy you outlined above, now you need to make it measurable by defining objectives which can be
tracked. Those objectives should not (only) refer to the quality of your devices but the quality of your QMS
and the overall work of your organization. Typical examples are: hiring excellence in staff, providing,
best-of-class device performance, high standards of customer satisfaction, etc.

Key Performance Indicators (KPIs)

Auditors might ask you: how do you keep track of a quality objective, to see if it was achieved or not? The
answer is: Key Performance Indicators. As part of your management review, you have to review all QMS
processes plus your quality policy and objectives at least annually. Now, you can meet both requirements at
the same time by defining KPIs for your QMS processes. You can then argue that by achieving your KPIs, you
make sure that your processes run well, which also meets your quality objectives.

These are your action items:

  1. Make sure to define at least one KPI for each QMS process.
  2. Make sure each quality objectives translates into at minimum one process KPI. Where there’s no
    corresponding process for a quality objective, you define additional KPIs that are not process-related.
  3. You can document those KPIs either in each SOP or in a separate overview sheet. For example, you can use
    the template for a management review report for that purpose.

Also see regulatory requirements: ISO 13485, para. 4.1.3.a (process KPIs) and para. 5.6.2 (management review
input).

In this section here, describe where you define your KPIs and how you keep track of them. For example, say
that you define KPIs in every single SOP or reference to a separate, central overview sheet. Ideally, KPIs
are tracked by each process owner independently.

3. Roles

Describe the roles of the people in your company. Typically this is done by drawing an organigram (you could
use draw.io for that). Or, you just use a table like below.

Minimum requirement information: required qualification and description of tasks related to QMS process
involvement If applicable, add: report / authority, access rights, etc.

RolePeople
CEOSteve Jobs
CTOSteve Wozniak
Product ManagerAda Lovelace
QMOOliver Eidel

All C-level roles (CEO, CTO, CMO) are referred to as the Management. Management is generally responsible to
define responsibilities and authorities, to define and communicate Quality Policy and Goals and to ensure that
the whole organization is oriented towards them.

See ISO 13485, para. 5.1, para. 5.5.1

The Quality Management Officer (QMO) is responsible for:

  • ensuring that processes needed for the company’s quality management system are documented
  • reporting to top management on the effectiveness of the quality management system and any need for
    improvement
  • ensuring the promotion of awareness of applicable regulatory requirements and QMS requirements throughout the
    organization.

Required qualification for this role:

  • Fluent in German and English language
  • At minimum one year of professional experience in the fields of quality management and regulatory affairs

See ISO 13485, para. 5.1, para. 5.5.2

Person Responsible for Regulatory Compliance (PRRC) Responsibilities of the PRRC are in accordance with
Art. 15 MDR as follows:

  • Ensure (review / release) the conformity of the devices is appropriately checked in accordance with the QMS
    before a device is released (also see Art. 10 Para. 9 MDR)
  • Ensure (review / release) that the technical documentation and the EU declaration of conformity are drawn up
    and kept up-to-date for all medical devices (also see Art. 10 Para. 4 and Art. 6 MDR)
  • Ensure (review / release) that obligations for post-market surveillance are complied with in accordance with
    Art. 10 Para. 10 MDR
  • Ensure (review / release) that the reporting obligations of Articles 87 to 91 MDR are fulfilled (FSCA /
    incidents, also see Art. 10 Para. 13 MDR)
  • Ensure that, in the case of investigational devices, the statement referred to in Section 4.1 of Chapter II
    of Annex XV MDR is issued.

The PRRC shall not be subjected to Management instructions while carrying out his/her responsibilities
specified above. His/her tasks may be delegated to other roles as long as it is ensured that final
responsibility stays with the PRRC. She or he has the power and authority to represent the company in the
scope of his/her responsibilities, e.g. in communicating with state authorities.

Required qualification for this role:

  • Fluent in English language
  • Knowledge of the role and responsibilities of a ‘Person Responsible for Regulatory Compliance’ according to
    Art. 15 MDR
  • Higher education degree in law, medicine, pharmacology or engineering
  • OR: four years of professional experience in the fields of quality management and regulatory affairs
  • At minimum one year of professional experience in the fields of quality management and regulatory affairs

4. Processes

List all your SOPs here. This list is highly company-specific and might therefore be currently incomplete.

Important Note:

Also mention if one of these processes is outsourced to a third party (typical examples: internal auditing
or clinical evaluation done by a regulatory consultant, software development done by an external agency; see
ISO 13485:2016, para. 4.1.5 for more context).

SOPProcess CategoryInternal / Outsourced
SOP Corrective and Preventive ActionManagementInternal
SOP Clinical EvaluationCoreOutsourced (?)
SOP Product Certification and RegistrationCoreInternal
SOP Change ManagementCoreInternal
SOP DeploymentCoreInternal
SOP Document and Record ControlSupportInternal
SOP Integrated Software DevelopmentCoreInternal
SOP Feedback ManagementCoreInternal
SOP Internal AuditingManagementOutsourced (?)
SOP Management ReviewManagementInternal
SOP Post-Market SurveillanceManagementInternal
SOP Problem ResolutionCoreInternal
SOP Software ValidationSupportInternal
SOP Update of RegulationsSupportInternal
SOP VigilanceCoreInternal

Template Copyright openregulatory.com. See template license.

Please don’t remove this notice even if you’ve modified contents of this template.

Template preview