SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

How to define roles and responsibilities within an ISO 13485-based QMS

Updated: August 29, 2023

When you are developing a Quality Management System (QMS), you need to assign and document the roles and responsibilities within your management system. ISO 13485 highlights this need, as shown primarily in the requirements of clauses 5.5.1 and 5.5.2. So, what roles and responsibilities do you need to identify, and how should you do this? Here are some ideas about what to do.

What roles are there in an ISO 13485-based QMS?
  • top management
  • management representative
  • middle management
  • employees

What are the requirements of ISO 13485 for roles and responsibilities?

The requirements of the standard regarding roles and responsibilities are very loose, so the organization can define them in any way it sees fit. Top management has a responsibility to ensure that ISO 13485 roles and responsibilities within the organization are clearly defined, documented, and communicated. This includes documenting the relationships among personnel who carry out, supervise, and verify work that affects quality, and ensuring that these individuals have the independence and authority necessary to perform their duties effectively.

Where to begin when defining ISO 13485 roles and responsibilities

Implementation failure is often caused by a lack of awareness and commitment to the implementation and maintenance of an ISO 13485-based QMS by the top management. This lack of top management involvement can also mean that the standard isn’t implemented fully. The primary concerns of the top management are to ensure the long-term success of their company, to increase profitability, to control new initiatives, to decrease risks, etc. This means that top management is involved in assessing the effectiveness of the Quality Management System. An increase in top management involvement can be achieved by explaining to them the benefits that ISO 13485 implementation can have for a business, and the potential negative consequences of a poorly established QMS.

Most of the requirements for engagement of the top management in the QMS are stated in clause 5. The first part describes how top management must show leadership through its commitment to the QMS, and the remaining three parts discuss the Quality Policy and its requirements; the need to put customers first; and the roles, responsibilities, and authorities of the company.

To define the appropriate roles, the following processes are necessary:

  1. Identify the roles (already identified in the standard, e.g., management representative).
  2. Identify the responsibilities required for a particular role (also defined in the standard – see section 5.5).
  3. Assess which team members have the relevant knowledge and skills to fulfill these roles (responsibility of top management).
  4. Inform the selected individual about their role, and confirm their understanding of it.
  5. Establish a communication hierarchy – determine who is responsible for transmitting information to whom.


What are the top management responsibilities in ISO 13485?

The responsibilities of top management in ISO 13485 are:

Communicating the importance of meeting customer and regulatory requirements. Like in any other QMS, the focus is on the customer. But, considering how highly regulated the medical device industry is, it is important that top management ensures compliance with these requirements by communicating with the rest of the organization.

Establishing the Quality Policy. Top management needs to establish and publish the Quality Policy, in which they will define the intention of the QMS, and direct everyone in the organization as to how medical devices will be created and delivered to the customers.

Establish the objectives. Through the objectives, top management defines and plans which direction the QMS will follow to meet the requirements outlined in section 4.1. The objectives also provide a clear measure of whether the system is effective.

Find out more here: Setting good quality objectives for ISO 13485.

Conduct the management reviews. Management reviews are the final check to see whether the QMS is effective, and what actions need to be taken for its improvement. The management review process is a key indicator of top management’s ongoing commitment to the Quality Management System.

For more information, see: How to Perform Management Review According to ISO 13485.

Provide all the necessary resources. Without enough money or employee time, the ISO 13485 project will fail; therefore, support from top management must become very real and tangible. From my experience, this is exactly the point where the management usually fails – they usually redirect needed resources into other projects.

When the above requirements are met, top management demonstrates that the QMS is not a side project, but rather an important part of business processes.

What roles are there in an ISO 13485-based QMS?

What are the roles and responsibilities of the management representative in ISO 13485?

As previously mentioned, there must be at least one management representative (MR) who will be in charge of the entire QMS. This person will be the backbone of the system and will have the ultimate responsibility for its effectiveness.

Top management should appoint a member of management who has the responsibility and authority to act as the MR. This individual should be responsible for ensuring that the organization’s Quality Management System is established, implemented, maintained, and continually improved.

The main responsibilities of the ISO 13485 management representative are:

Ensuring the documentation of the processes needed for the QMS – The MR is usually the person who has the most knowledge of the standard in the organization. It is his or her duty to ensure that the documentation complies with the requirements of the standard. For more information, see: List of mandatory documents required by ISO 13485:2016.

Reporting on the performance of the QMS to top management – This includes conducting internal audits, auditing compliance with legal and other requirements, and monitoring the results of the process performance on a regular basis.

Ensuring the promotion of awareness of applicable regulatory and QMS requirements throughout the organization – As mentioned before, compliance with applicable requirements is crucial for the organization, and the MR needs to ensure that the employees are aware of the requirements, as well as the consequences of noncompliance.

All of this sounds like an incredible amount of work – and it is. The MR should delegate these responsibilities to the middle management.

What is required to be a management representative?

The standard does not specify the required profession or prior knowledge for the position of management representative. While it is assumed that the individual should have knowledge and understanding of quality systems, they are also expected to possess knowledge of the product being produced. Additionally, the ISO 13485 management representative must possess the following skills:

  • Communication – the ability to communicate effectively with both top management and employees, and to act as a liaison between the two.
  • Leadership – as the Management Representative may have their own team, they are expected to make appropriate decisions and demonstrate effective leadership skills.

However, it is ultimately up to top management to determine which member of management has the necessary knowledge and abilities to fulfill this role and its associated responsibilities.

The roles and responsibilities of middle management and employees

Middle management has two significant roles in the QMS. The first is to help with the assessment of risks and the determination of operational controls for activities and processes within their scope. The second role is, of course, to ensure that all rules are followed by the employees.

Because they are the ones enforcing and executing the QMS on a daily basis, their input on how the system works and what should be changed is of utmost value.

Employee engagement depends primarily on how the importance and the purpose of the system are explained to them. Nothing can make the system work (or fail) like the employees’ perception of its importance.

When each employee is clear on their roles and responsibilities, aware of how they contribute to the system, and why it is important for them personally, the organization has an effective QMS. With strong employee engagement, an organization will be able to have an effective QMS and achieve all the benefits that ISO 13485 can bring to the organization.

Click here to download a free Clause-by-clause explanation of ISO 13485 to learn which responsibilities are required by the standard.

Advisera Strahinja Stojanovic
Author
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.


Advisera Kristina Zvonar Brkic
Contributor
Kristina Zvonar Brkic
Kristina Zvonar Brkic is an experienced consultant, auditor, assessor, and trainer for ISO 13485 and the EU MDR. She runs a thriving ISO 13485 consulting practice and helps companies and consultants to build their businesses. In her career, she also worked as an ISO 9001 and ISO 22716 consultant and lead auditor, and as an auditor and assessor for the MDD.


The portfolio of medical devices for which she has approval is plastic products with measuring function, various creams and gels, different systems for wound care, disinfectants, different catheters, panels for operating rooms and clean rooms, accessories and kits for performing surgical procedures of non-woven materials, medical gases, and various dental materials.