Strahinja Stojanovic
November 16, 2017
Updated: August 29, 2023
When you are developing a Quality Management System (QMS), you need to assign and document the roles and responsibilities within your management system. ISO 13485 highlights this need, as shown primarily in the requirements of clauses 5.5.1 and 5.5.2. So, what roles and responsibilities do you need to identify, and how should you do this? Here are some ideas about what to do.
The requirements of the standard regarding roles and responsibilities are very loose, so the organization can define them in any way it sees fit. Top management has a responsibility to ensure that ISO 13485 roles and responsibilities within the organization are clearly defined, documented, and communicated. This includes documenting the relationships among personnel who carry out, supervise, and verify work that affects quality, and ensuring that these individuals have the independence and authority necessary to perform their duties effectively.
Implementation failure is often caused by a lack of awareness and commitment to the implementation and maintenance of an ISO 13485-based QMS by the top management. This lack of top management involvement can also mean that the standard isn’t implemented fully. The primary concerns of the top management are to ensure the long-term success of their company, to increase profitability, to control new initiatives, to decrease risks, etc. This means that top management is involved in assessing the effectiveness of the Quality Management System. An increase in top management involvement can be achieved by explaining to them the benefits that ISO 13485 implementation can have for a business, and the potential negative consequences of a poorly established QMS.
Most of the requirements for engagement of the top management in the QMS are stated in clause 5. The first part describes how top management must show leadership through its commitment to the QMS, and the remaining three parts discuss the Quality Policy and its requirements; the need to put customers first; and the roles, responsibilities, and authorities of the company.
To define the appropriate roles, the following processes are necessary:
The responsibilities of top management in ISO 13485 are:
Communicating the importance of meeting customer and regulatory requirements. Like in any other QMS, the focus is on the customer. But, considering how highly regulated the medical device industry is, it is important that top management ensures compliance with these requirements by communicating with the rest of the organization.
Establishing the Quality Policy. Top management needs to establish and publish the Quality Policy, in which they will define the intention of the QMS, and direct everyone in the organization as to how medical devices will be created and delivered to the customers.
Establish the objectives. Through the objectives, top management defines and plans which direction the QMS will follow to meet the requirements outlined in section 4.1. The objectives also provide a clear measure of whether the system is effective.
Find out more here: Setting good quality objectives for ISO 13485.
Conduct the management reviews. Management reviews are the final check to see whether the QMS is effective, and what actions need to be taken for its improvement. The management review process is a key indicator of top management’s ongoing commitment to the Quality Management System.
For more information, see: How to Perform Management Review According to ISO 13485.
Provide all the necessary resources. Without enough money or employee time, the ISO 13485 project will fail; therefore, support from top management must become very real and tangible. From my experience, this is exactly the point where the management usually fails – they usually redirect needed resources into other projects.
When the above requirements are met, top management demonstrates that the QMS is not a side project, but rather an important part of business processes.
As previously mentioned, there must be at least one management representative (MR) who will be in charge of the entire QMS. This person will be the backbone of the system and will have the ultimate responsibility for its effectiveness.
Top management should appoint a member of management who has the responsibility and authority to act as the MR. This individual should be responsible for ensuring that the organization’s Quality Management System is established, implemented, maintained, and continually improved.
The main responsibilities of the ISO 13485 management representative are:
Ensuring the documentation of the processes needed for the QMS – The MR is usually the person who has the most knowledge of the standard in the organization. It is his or her duty to ensure that the documentation complies with the requirements of the standard. For more information, see: List of mandatory documents required by ISO 13485:2016.
Reporting on the performance of the QMS to top management – This includes conducting internal audits, auditing compliance with legal and other requirements, and monitoring the results of the process performance on a regular basis.
Ensuring the promotion of awareness of applicable regulatory and QMS requirements throughout the organization – As mentioned before, compliance with applicable requirements is crucial for the organization, and the MR needs to ensure that the employees are aware of the requirements, as well as the consequences of noncompliance.
All of this sounds like an incredible amount of work – and it is. The MR should delegate these responsibilities to the middle management.
The standard does not specify the required profession or prior knowledge for the position of management representative. While it is assumed that the individual should have knowledge and understanding of quality systems, they are also expected to possess knowledge of the product being produced. Additionally, the ISO 13485 management representative must possess the following skills:
However, it is ultimately up to top management to determine which member of management has the necessary knowledge and abilities to fulfill this role and its associated responsibilities.
Middle management has two significant roles in the QMS. The first is to help with the assessment of risks and the determination of operational controls for activities and processes within their scope. The second role is, of course, to ensure that all rules are followed by the employees.
Because they are the ones enforcing and executing the QMS on a daily basis, their input on how the system works and what should be changed is of utmost value.
Employee engagement depends primarily on how the importance and the purpose of the system are explained to them. Nothing can make the system work (or fail) like the employees’ perception of its importance.
When each employee is clear on their roles and responsibilities, aware of how they contribute to the system, and why it is important for them personally, the organization has an effective QMS. With strong employee engagement, an organization will be able to have an effective QMS and achieve all the benefits that ISO 13485 can bring to the organization.
Click here to download a free Clause-by-clause explanation of ISO 13485 to learn which responsibilities are required by the standard.