ISO 13485 & MDR Blog

How to define roles and responsibilities within an ISO 13485-based QMS

When you are developing a Quality Management System (QMS) it is necessary to assign and document the roles and responsibilities of your management system. ISO 13485 highlights this as shown primarily in the requirements of clause 5.5.1 and 5.5.2. So, what roles and responsibilities do you need to identify and how should you do this? Here are some ideas about what to do.

What the standard requires?

The requirements of the standard regarding roles and responsibilities are very loose, so the organization can define them in any way it finds the most suitable. The top management must ensure the responsibilities and authorities are defined, documented and communicated within the organization. It must also define the interrelation of all personnel who manage and perform work affecting the quality and ensure the independence and authority necessary to perform those tasks.

Start from the top

The lack of the top management awareness and commitment to the implementation and maintenance of an ISO 13485-based QMS is often the cause of implementation failure. It can also mean that the standard is implemented only informally. The primary concern of the top management is to ensure the long-term success of their company, increase profitability, control of new initiatives, decreasing the risks, etc. An increase in their involvement can be achieved by explaining to them the benefits that ISO 13485 implementation can have for a business, and the potential negative consequences of a poorly established QMS.

Most of the requirements for engagement of the top management in the QMS are stated in clause 5. Meeting these requirements demonstrates the commitment of the management to the QMS.

Communicating the importance of meeting customer and regulatory requirements. Like in any other QMS, the focus is on the customer but, considering how highly regulated the medical device industry is, it is important that top management ensures the compliance to these requirements by communicating with the rest of the organization.

Establishing the Quality Policy. Top management needs to publish the Quality Policy, in which they will define the intention of the QMS.

Establish the objectives. Through the objectives, top management defines which direction the QMS will follow. The objectives also provide a clear measure of whether the system is effective. Find out more here: Setting good quality objectives for ISO 13485.

Conduct the management reviews. Management reviews are the final check to see whether the QMS is effective, and what actions needs to be taken for its improvement. For more information, see: How to Perform Management Review According to ISO 13485.

Provide all the necessary resources. Without enough money or employee time, the ISO 13485 project will fail, and support from the management must become very real and tangible. From my experience, this is exactly the point where the management usually fails – they usually redirect the resources into other projects.

Management representative

As previously mentioned, there must be at least one MR (management representative) who will be in charge of the entire QMS. This person will be the backbone of the system and will have the ultimate responsibility for its effectiveness.

The main responsibilities of the management representative are:

Ensuring the documentation of the processes needed for the QMS – The MR is usually the person who has the most knowledge of the standard in the organization. It is his or her duty to ensure the documentation is compliant with the requirements of the standard. For more information, see: List of mandatory documents required by ISO 13485:2016.

Reports on the performance of the QMS to top management – This includes conducting internal audits, auditing compliance with legal and other requirements, and monitoring the results of the process performance on a regular basis.

Ensuring the promotion of awareness of applicable regulatory and QMS requirements throughout the organization – As mentioned before, compliance with applicable requirements is crucial for the organization and MR needs to ensure that the employees are aware of the requirements as well as the consequences of noncompliance.

All of this sounds like an incredible amount of work – and it is. The MR should delegate these responsibilities to the middle management.

Middle management and employees

Middle management has two significant roles in the QMS. The first is to help with the assessment of the risks and determination of operational controls for activities and processes within their scope. The second role is, of course, to ensure that all rules are followed by the employees.

Since they are the ones enforcing and executing the QMS on a daily basis, their input on how the system works and what should be changed is of utmost value.

Employee engagement primarily depends on how the importance and the purpose of the system are explained to them. Nothing can make the system work (or fail) like the employees’ perception of its importance.

When each employee is clear on his roles and responsibilities, aware of how he contributes to the system, and why it is important for him personally, the organization has an effective QMS. With strong employee engagement, an organization will be able to have an effective QMS and achieve all the benefits that ISO 13485 can bring to the organization.

Click here to download a free white paper Clause by clause explanation of ISO 13485 to learn which responsibilities are required by the standard.

Advisera Strahinja Stojanovic
Strahinja Stojanovic
Strahinja Stojanovic is certified as a lead auditor for ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.