Quality Manual Development Guide
This guide provides comprehensive instructions for creating an ISO 13485:2016 compliant Quality Manual.
Quality Manual Development Guide
This guide provides comprehensive instructions for creating an ISO 13485:2016 compliant Quality Manual.
Purpose of the Quality Manual
The Quality Manual is the foundational policy-level document of your Quality Management System (QMS). It:
- Defines the scope of your QMS
- Documents or references all QMS procedures
- Describes the interaction between QMS processes
- Outlines the structure of QMS documentation
- Demonstrates management commitment to quality and regulatory compliance
- Serves as a guide for employees and auditors
The Quality Manual is typically 20-50 pages and remains relatively stable over time, while procedures and work instructions may change more frequently.
Required Content per ISO 13485:2016 (Clause 4.2.2)
The Quality Manual must include:
a) Scope of the QMS
- Define which parts of the organization are covered
- Identify exclusions with justification
- Specify product types covered
- Define applicable regulatory requirements
b) Documented Procedures or References
- List all 31 documented procedures (or reference where they can be found)
- Provide document numbers/titles for easy reference
c) Description of Process Interactions
- Show how QMS processes interact and sequence
- May include process maps or flowcharts
- Explain dependencies between processes
d) Structure of Documentation
- Describe the documentation hierarchy
- Explain document numbering and control systems
- Define document types (procedures, work instructions, forms, records)
Quality Manual Structure
Recommended Table of Contents
Section 0: Document Control
- Document identification
- Revision history
- Approval signatures
- Distribution list
Section 1: Introduction
- 1.1 Company Overview
- 1.2 Purpose of the Quality Manual
- 1.3 Document Control and Revisions
- 1.4 Definitions and Abbreviations
Section 2: Scope and Exclusions (ISO 13485 Clause 4.2.2.a)
- 2.1 Scope of QMS
- 2.2 Products Covered
- 2.3 Applicable Regulatory Requirements
- 2.4 Exclusions and Justifications
Section 3: Quality Policy and Objectives (ISO 13485 Clauses 5.3, 5.4)
- 3.1 Quality Policy Statement
- 3.2 Quality Objectives
- 3.3 Communication of Policy and Objectives
Section 4: Quality Management System (ISO 13485 Clause 4)
- 4.1 General Requirements
- 4.1.1 Processes and Their Application
- 4.1.2 Process Interactions (with process map)
- 4.1.3 Outsourced Processes
- 4.1.4 Risk Management
- 4.1.5 Software Validation
- 4.2 Documentation Requirements
- 4.2.1 General
- 4.2.2 Quality Manual (this document)
- 4.2.3 Medical Device File
- 4.2.4 Control of Documents
- 4.2.5 Control of Records
- 4.3 Documentation Structure (ISO 13485 Clause 4.2.2.d)
Section 5: Management Responsibility (ISO 13485 Clause 5)
- 5.1 Management Commitment
- 5.2 Customer Focus
- 5.3 Quality Policy (reference to Section 3)
- 5.4 Planning
- 5.5 Responsibility, Authority and Communication
- 5.5.1 Organization Structure and Responsibilities
- 5.5.2 Management Representative
- 5.5.3 Internal Communication
- 5.6 Management Review
Section 6: Resource Management (ISO 13485 Clause 6)
- 6.1 Provision of Resources
- 6.2 Human Resources
- 6.3 Infrastructure
- 6.4 Work Environment and Contamination Control
Section 7: Product Realization (ISO 13485 Clause 7)
- 7.1 Planning of Product Realization
- 7.2 Customer-Related Processes
- 7.3 Design and Development
- 7.4 Purchasing
- 7.5 Production and Service Provision
- 7.6 Control of Monitoring and Measuring Equipment
Section 8: Measurement, Analysis and Improvement (ISO 13485 Clause 8)
- 8.1 General
- 8.2 Monitoring and Measurement
- 8.2.1 Feedback
- 8.2.2 Complaint Handling
- 8.2.3 Reporting to Regulatory Authorities
- 8.2.4 Internal Audit
- 8.2.5 Monitoring and Measurement of Processes
- 8.2.6 Monitoring and Measurement of Product
- 8.3 Control of Nonconforming Product
- 8.4 Analysis of Data
- 8.5 Improvement
- 8.5.1 General
- 8.5.2 Corrective Action
- 8.5.3 Preventive Action
Section 9: Appendices
- Appendix A: List of Documented Procedures (ISO 13485 Clause 4.2.2.b)
- Appendix B: Organization Chart
- Appendix C: Process Map/Interactions (ISO 13485 Clause 4.2.2.c)
- Appendix D: Definitions and Abbreviations
- Appendix E: Applicable Regulatory Requirements
Writing Guidelines
Level of Detail
The Quality Manual should be at a policy level, not operational level:
DO:
- State WHAT the organization does
- State WHY policies exist
- Reference WHO is responsible
- Reference WHERE to find detailed procedures
DON'T:
- Provide step-by-step HOW-TO instructions (that's for procedures)
- Include forms or templates (that's for procedures and work instructions)
- Provide excessive technical detail
Example - Correct Level of Detail:
Good (Policy Level):
"The organization has established a documented procedure for the control of nonconforming product. This procedure ensures that nonconforming product is identified, segregated, and dispositioned appropriately. The Quality Manager is responsible for reviewing all nonconformances and determining appropriate corrective actions. Refer to SOP-8.3-01 Control of Nonconforming Product."
Too Detailed (Operational Level - Don't do this):
"When a nonconforming product is identified, the inspector fills out Form NCR-001 and places a red tag on the product. The product is moved to the quarantine area in Building B, Row 5. The Quality Manager reviews the NCR within 24 hours and checks one of three boxes: Rework, Scrap, or Use As-Is. If rework is selected, the inspector..."
Language and Style
- Use present tense and active voice
- Be clear and concise
- Avoid jargon where possible
- Define technical terms in the definitions section
- Use consistent terminology throughout
- Number all sections and subsections
Cross-Referencing
- Reference specific procedures by number and title
- Reference specific clause numbers from ISO 13485
- Use consistent format: "Refer to SOP-XXX [Title]"
- Ensure all referenced documents exist
Section-by-Section Guidance
Section 0: Document Control
Purpose: Control and identification of the manual itself
Content:
- Document number and title
- Revision number and date
- Page numbers (Page X of Y)
- Approval signatures (typically top management)
- Distribution list (who has controlled copies)
- Revision history table
Example Revision History Table:
| Revision | Date | Description of Changes | Approved By |
|---|---|---|---|
| 00 | YYYY-MM-DD | Initial release | [Name] |
| 01 | YYYY-MM-DD | Updated Section 7.3 for new design process | [Name] |
Section 1: Introduction
1.1 Company Overview
- Company name and legal entity
- Business address(es)
- Type of business (manufacturer, contract manufacturer, etc.)
- History and background (brief)
- Mission statement (optional)
1.2 Purpose of the Quality Manual
Explain that this manual:
- Describes the QMS established per ISO 13485:2016
- Demonstrates compliance with applicable regulatory requirements
- Serves as primary reference for QMS
1.3 Document Control and Revisions
- How the manual is controlled
- Who approves changes
- How often it's reviewed
- Reference to document control procedure
1.4 Definitions and Abbreviations
List key terms used in the manual:
- QMS: Quality Management System
- CAPA: Corrective and Preventive Action
- DHF: Design History File
- MDF: Medical Device File
- SOP: Standard Operating Procedure
- WI: Work Instruction
- etc.
Section 2: Scope and Exclusions
2.1 Scope of QMS
Must Include:
- Organizational units covered
- Physical locations covered
- Activities covered (design, manufacturing, distribution, servicing, etc.)
- Product types covered
Example:
"This Quality Management System applies to [Company Name] and covers all activities related to the design, development, production, installation, and servicing of [product type] medical devices at our facility located at [address]. The QMS applies to all employees, contractors, and temporary staff performing work that affects product quality and regulatory compliance."
2.2 Products Covered
List product categories or families covered:
- Class I, II, or III medical devices
- Product names or families
- Intended use categories
Example:
"This QMS covers the following medical device product families:
- Surgical instruments (Class I)
- Patient monitoring systems (Class II)
- Implantable cardiac devices (Class III)"
2.3 Applicable Regulatory Requirements
List all applicable regulations:
- ISO 13485:2016
- FDA 21 CFR Part 820 (QMSR)
- EU MDR 2017/745
- Health Canada Medical Devices Regulations
- [Other applicable requirements]
2.4 Exclusions and Justifications
Common Exclusions:
Design and Development (Clause 7.3): If you only manufacture per customer specifications without your own design:
"Clause 7.3 Design and Development is excluded from the scope of this QMS. [Company Name] operates as a contract manufacturer and produces medical devices according to complete design specifications provided by customers. All design activities are performed by the customer and [Company Name] has no responsibility for design inputs, outputs, verification, validation, or design changes."
Installation (Clause 7.5.3): If product requires no installation:
"Clause 7.5.3 Installation Activities is excluded. The medical devices manufactured by [Company Name] are supplied ready for use and do not require installation activities at the customer site."
Servicing (Clause 7.5.4): If servicing is not offered:
"Clause 7.5.4 Servicing Activities is excluded. [Company Name] does not provide servicing of medical devices after delivery to the customer. Products are intended for single use [or] servicing is performed by authorized service partners under separate contractual arrangements."
Important: All exclusions must be justified based on the nature of the organization and products. Exclusions must not affect the organization's ability or responsibility to provide safe and effective medical devices that meet regulatory requirements.
Section 3: Quality Policy and Objectives
3.1 Quality Policy Statement
Requirements:
- Appropriate to the organization
- Includes commitment to meeting requirements
- Includes commitment to maintaining QMS effectiveness
- Provides framework for quality objectives
- Signed by top management
Example:
QUALITY POLICY
[Company Name] is committed to providing safe, effective, and high-quality medical devices that meet or exceed customer expectations and comply with all applicable regulatory requirements.
We achieve this through:
- Maintaining an effective Quality Management System compliant with ISO 13485 and applicable regulatory requirements
- Establishing, monitoring, and achieving measurable quality objectives
- Continually improving our processes, products, and QMS effectiveness
- Ensuring all personnel understand their responsibilities and are properly trained
- Managing risks throughout the product lifecycle
- Promptly addressing customer feedback and complaints
This policy is communicated to all employees and reviewed annually to ensure continuing suitability.
[Signature] [Name], Chief Executive Officer [Date]
3.2 Quality Objectives
List measurable objectives that support the policy:
- Customer satisfaction targets
- Product quality metrics
- Process performance goals
- Delivery performance
- Training completion rates
- CAPA closure rates
Example:
The organization has established the following measurable quality objectives:
- Customer satisfaction rating ≥ 4.5 out of 5.0
- Product defect rate < 0.5% of units shipped
- On-time delivery ≥ 95%
- CAPA closed within 60 days ≥ 90%
- Employee training completion rate ≥ 100% on schedule
- Internal audit findings addressed within 30 days ≥ 95%
Quality objectives are reviewed quarterly and revised as necessary to drive continual improvement.
3.3 Communication
Explain how policy and objectives are communicated:
- Employee orientation and training
- Posted in facility
- Included in employee handbook
- Management review meetings
- Quality meetings
Section 4: Quality Management System
This section describes how you've implemented ISO 13485 Clause 4 requirements.
4.1.1 Processes and Their Application
List QMS processes:
- Management processes (planning, review, communication)
- Product realization processes (design, purchasing, production, etc.)
- Support processes (HR, maintenance, document control, etc.)
- Monitoring and measurement processes (audits, inspections, CAPA, etc.)
Reference the process map in Appendix C.
4.1.2 Process Interactions
Describe how processes interact:
"The QMS processes are interconnected and sequential. Management review provides direction for all processes. Product realization processes transform customer requirements into delivered products. Support processes enable product realization. Monitoring processes provide feedback for continual improvement. A detailed process map showing interactions is provided in Appendix C."
4.1.3 Outsourced Processes
If applicable, list outsourced processes and how they're controlled:
- Sterilization (controlled through supplier qualification and ongoing monitoring)
- Calibration services (controlled through qualified service providers)
- Software development (controlled through development agreements and audits)
4.1.4 Risk Management
Describe risk management approach:
"The organization has established documented requirements for risk management throughout product realization in accordance with ISO 14971. Risk management activities are integrated into design and development, production, and post-market surveillance. Risk management records are maintained as part of the Medical Device File. Refer to SOP-4.1.5 Risk Management."
4.1.5 Software Validation
Describe approach to software validation:
"Computer software applications used in the QMS, including [list key software systems], are validated prior to initial use and after changes. Validation activities are based on risk assessment and include installation qualification, operational qualification, and performance qualification as appropriate. Refer to SOP-4.1.6 Software Validation."
4.2 Documentation Requirements
Describe the documentation structure (fulfill 4.2.2.d requirement):
Four-Tier Documentation Structure:
Tier 1: Quality Manual (This Document)
- Policy-level document
- Defines QMS scope and structure
- References all procedures
Tier 2: Procedures (SOPs)
- Define WHAT must be done, WHO does it, WHEN
- Cover multi-functional activities