Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
When implementing a Quality Management System (QMS) for your medical device manufacturing organization, you will find that one of the first things you need to write according to ISO 13485:2016 is your Quality Policy (requirement 5.3). So, you may wonder what this ISO 13485 Quality Policy statement is and why it is necessary for the QMS. In this article, we will examine this important piece of documented information for your QMS.
What is the ISO 13485 Quality Policy?
The ISO 13485 2016 Quality Policy should be the overall goal of the organization, and it is written by top management in order to direct everyone in the organization as to how medical devices will be created and delivered to the customers.
Key elements of an ISO 13485 Quality Policy:
Adapt the policy to the organization.
Define a framework for setting your quality objectives.
Establish the commitment to meeting all requirements.
Establish the management commitment.
Communicate the Quality Policy.
Ensure the regular review of the Quality Policy.
This top-level policy is intended to be communicated and understood by everyone in the company, so they can all follow one strategic direction on how product development happens and how requirements will be met. Commitment to quality can then be used throughout the organization as a focus on how processes are performed, and as a guide for the quality objectives of the organization—those main improvement aims that the company plans to achieve.
Why is it necessary to have an ISO 13485 Quality Policy statement?
The ISO 13485 Quality Policy is a critical component of a medical device manufacturer’s Quality Management System. It serves as a guiding document that outlines the organization’s commitment to quality and compliance with regulatory requirements. The following elements should be included in a Quality Policy to make it aligned with ISO 13485:
Commitment to compliance: The policy should emphasize the organization’s commitment to complying with applicable regulatory requirements, standards, and guidelines related to medical devices.
Customer focus: The policy should highlight the organization’s dedication to meeting customer requirements and ensuring customer satisfaction.
Risk management: The policy should address the organization’s commitment to identifying, assessing, and managing risks associated with the design, development, production, and distribution of medical devices.
Continuous improvement: The policy should emphasize the organization’s commitment to continually improving its Quality Management System, processes, and products through the use of objective measurements and data analysis.
Employee competence: The policy should recognize the importance of employee competence and provide a framework for ensuring that employees have the necessary skills, knowledge, and training to perform their job functions effectively.
Documented processes: The policy should stress the importance of documenting processes and procedures to ensure consistency, traceability, and effective communication within the organization.
Monitoring and measurement: The policy should outline the organization’s commitment to monitoring, measuring, and analyzing key performance indicators to evaluate the effectiveness of the Quality Management System and drive continuous improvement.
Management responsibility: The policy should clearly define the roles, responsibilities, and authorities of top management in establishing, implementing, and maintaining the Quality Management System.
Supplier management: The policy should address the organization’s approach to selecting, evaluating, and monitoring suppliers to ensure the quality and safety of purchased products and services.
By incorporating these elements into the ISO 13485 Quality Policy, organizations can demonstrate their commitment to producing safe and effective medical devices that meet regulatory requirements and customer expectations.
How to use the ISO 13485 Quality Policy in decision making
The Quality Policy in ISO 13485 can be used for decision making because it provides a clear statement of the organization’s commitment to quality, which helps guide decision-making processes. This sets the overall direction and goals for the organization’s Quality Management System.
To check if a decision is in line with the ISO 13485 Quality Policy, follow these steps:
Review the ISO 13485 Quality Policy document to understand its requirements and objectives.
Identify the specific decision you want to evaluate.
Compare the decision with the requirements and objectives stated in the ISO 13485 Quality Policy.
If the decision is in line with the quality objectives, then the company can proceed with the planned actions.
If the decision is not in line with the quality objectives, it must be discontinued. Actions should be realigned or replaced to ensure they are in alignment with the quality objectives.
Remember, ensuring that decisions are in line with the ISO 13485 Quality Policy is crucial for maintaining a high standard of quality in the organization’s processes and products.
How do you write the ISO 13485 Quality Policy?
As a mandate of ISO 13485, the Quality Policy for your medical device organization needs to meet certain requirements, although the standard does not include many mandatory items:
You need to adapt the policy to your organization, meaning it cannot be copied from somewhere else; it needs to be related directly to what you do.
The policy must include your commitment to meeting all requirements for your medical devices, which includes legal requirements applicable to you, and to commit to an effective QMS as applicable to your specific and unique product. Management commitment that all risks will be minimized to ensure a safe and effective medical device is also often seen in Quality Policy.
The policy gives a framework for your quality objectives, defining how the objectives will be proposed. So, it is common to include commitments that will provide a framework for these quality objectives you want to improve as an organization, such as on-time delivery or product development.
The policy must be communicated to all employees within the company, as well as interested parties when appropriate, so that everyone understands this top-level goal of the QMS.
There must also be a process to regularly review the Quality Policy to ensure that it is still applicable to the organization’s strategic goals and direction, as well as the changing needs and expectations of interested parties.
How to write the ISO 13485 Quality Policy step by step
When writing the Quality Policy for your medical device organization, there are many factors to consider to ensure that your Quality Policy will provide useful guidance for your employees.
Start with the requirements of customers and other interested parties.
The customers to whom you provide medical devices, as well as legal entities, will have many requirements on how you create and deliver your products. So, these need to be considered when creating the Quality Policy.
Know the requirements of internal parties.
If you are expecting all employees to know, understand, and use the Quality Policy, then you need to ensure that the Quality Policy is applicable throughout the organization. People need to see how the Quality Policy applies to their jobs.
Include the ISO 13485 requirements.
While there are not many requirements in ISO 13485, as listed above, clause 5.3 does include some considerations for the Quality Policy. Make sure these are included.
With all of this information gathered, the Quality Policy can be written with a view to guiding the organization towards meeting the requirements and goals necessary to ensure customer satisfaction and meeting the legal requirements of your medical devices. Once written, ensure that the Quality Policy is communicated and understood throughout the organization. By thoroughly reviewing all of the necessary requirements, you can create a better Quality Policy that will guide your organization to success. In addition, quality objectives need to relate to the Quality Policy: If there is an improvement objective that the company wants to achieve, then it should be relevant to the policy.
Although it is a requirement of ISO 13485 to create a Quality Policy, which will guide your employees on how your medical devices are produced and delivered in your organization, don’t see this as simply something you are doing to meet the requirements. The Quality Policy should be a tool you can use to ensure that your QMS is consistently applied by all employees of the organization, and that you are ensuring safe and effective medical devices—and, in doing so, you can make sure that everyone is working towards your goals of meeting the necessary requirements and improving customer satisfaction.
Kristina Zvonar Brkic is an experienced consultant, auditor, assessor, and trainer for ISO 13485 and the EU MDR. She runs a thriving ISO 13485 consulting practice and helps companies and consultants to build their businesses. In her career, she also worked as an ISO 9001 and ISO 22716 consultant and lead auditor, and as an auditor and assessor for the MDD.
The portfolio of medical devices for which she has approval is plastic products with measuring function, various creams and gels, different systems for wound care, disinfectants, different catheters, panels for operating rooms and clean rooms, accessories and kits for performing surgical procedures of non-woven materials, medical gases, and various dental materials.