Quality Management Systems Final Notes

Topic 4: ISO 14000 

ISO 14000’s connection to ISO 9000 

  • ISO 14000 extends quality principles to environmental management.

  • Integration aligns product and service quality with sustainability goals.

Global Movement towards Sustainability

  • is defined as a series of international environmental management standards, guides, and technical reports. 

  • these standards were introduced by the International Organization for Standardization (ISO) in 1996 and were most recently revised in 2015.

Importance of Integration

  • Combining Quality (ISO 9000) and Environmental (ISO 14000) Management Systems enhances efficiency, transparency, and accountability. 

  • This integration assists organizations in simplifying audits, reducing waste, and improving overall performance 

Main Trigger for Integration:

  • Stakeholder and Market Pressure - Growing demand for sustainability and accountability.

  • Regulatory Compliance - Meets supply chain and legal requirements efficiently.

  • Operational Efficiency - Reduces waste, simplifies audits, and improves performance.

Environmental Management Systems (EMS)

  • Framework by ISO to manage environmental responsibilities through an EMS.

  • Covers planning, implementation, monitoring, and improvement.

  • Focus areas: Pollution prevention, resource efficiency, and compliance. 

ISO 14001:2015 Core Standard

  • ISO 14001 is the core and certifiable standard of the ISO 14000 family. Built on the PDCA cycle for continuous improvement. 

ISO 14000 objectives:

  • Minimize environmental impact

  • Ensure legal compliance

  • Promotes sustainable and efficient operations

Integration points:

  • Compatible with ISO 9001, enabling dual certifications.

  • Supports the Triple Bottom Line: economic, environmental, and social performance.

ISO 14001: Clauses

Clause 1: Scope

Clause 2: Normative Reference

Clause 3: Terms and Definitions

Clause 4: Context of Organization

Clause 5: Leadership

Clause 6: Planning

Clause 7: Support

Clause 8: Operation

Clause 9: Performance Evaluation

Clause 10: Improvement

The Annex SL

  • Annex SL is the common framework adopted by ISO for all new and revised management system standards (MSS) since 2012. 

  • Purpose: To ensure consistency and facilitate integration across different disciplines (Quality, Environment, Health & Safety, etc.)

  • High-Level Structure (HLS): An identical, 10-clause chapter sequence. 

  • Identical Core Text: The same wording is used for key requirements in each clause. 

  • Common Terms and Definitions: Consistent terminology across all standards (e.g., ‘risk’, ‘interested parties’, ‘documented information’)

Responding to Stakeholder and Market Pressure

  • Shared Clauses 5 (Leadership) and 6 (Planning) align both goals.

  • Unified Policies = one mission for quality + environment

  • Customer demand both quality and responsibility.

Achieving Regulatory Compliance

  • Shared Clauses 4 (Context) & 9 (Performance Evaluation). 

  • One process for compliance identification and reporting. 

  • Streamlined audits and faster response to new regulations.

Operational Efficiency through Shared Systems

  • Shared Clauses 7 (Support), 8 (Operation), 10 (Improvement). 

  • One audit, one documentation, one management review.

The Integration Process of ISO 9000 and ISO 14000:

Levels of Integration

  • Engineering the High-Efficiency Workshop 

  • A Strategic Analysis of Integration Models for Our Quality (ISO 9001) and Environmental (ISO 14001) Toolkits.

Our Current Toolkit:

  • Current State: Our workshop is highly proficient, built around a world-class Quality toolkit (QMS) that ensures precision and reliability. 

  • Objective: We must now integrate a new, specialized Environmental toolkit (EMS). The critical decision is not just what tools to add, but how we organize the entire workshop to accommodate them without losing efficiency. 

  • Agenda: We will analyze three distinct workshop organization models to engineer the optimal layout for our needs.

Level 1: The Coordinated Workshop (Parallel Systems)

  • Separate Tool Lists: A distinct manual for the QMS toolkit and another for the EMS toolkit. 

  • Shared Workbench Rules: A single, common procedure governs how all tools are managed, how we inspect the workshop (Audits), and how the foreman reviews all projects (Management Review)

  • Best Suited For: Workshops adding a new capability without wanting to disrupt long-established, efficient workflow for an existing one.

Level 2: The Shared-Drawer Workshop (Partial Integration)

  • Shared Resources: Common procedures for tasks like training, supplier evaluation (now including both quality and green criteria), and new employee orientation are combined into one. 

  • Reduced Duplication: We no longer need two separate training programs or two different checklists for onboarding a new supplier. 

  • Hybrid System: While many tools are now shared, highly specialized tools remain in their dedicated QMS or EMS toolboxes. 

  • Best Suited For: Workshops where the same craftsmen frequently perform both quality and environmental tasks and can benefit from a common set of resources. 

Level 3: The Unified Tool Chest (Full Integration)

  • Process-Centric: The system is organized by process, not by standard. 

  • One Master Manual: A single guide explains how the entire workshop operates. 

  • Maximum Efficiency: Craftsmen have everything they need for a task in one place, eliminating wasted motion and system redundancy. 

  • Best Suited For: A brand-new workshop being designed from scratch or a workshop undergoing a complete "lean manufacturing" overhaul. 

Tools and Techniques

  • IMS Software (Integrated Management System Software): Centralizes audits, records, and compliance tracking.

  • Risk-Based Thinking Matrix: Centralizes audits, records, and compliance tracking.

  • Cross-Functional KPIs (Key Performance Indicators): Shared metrics linking product quality and sustainability.

Strategic and Operational Benefits

  • Operational Efficiency: Streamlined processes, fewer audits, lower costs, and faster decisions.

  • Enhanced Risk Management: Unified risk control, prevents issues early, ensures compliance, and improves reliability.

  • Sustainability and Corporate Image: Improves brand trust, enhances reputation, attracts investors, and aligns with SDGs.

  • Continuous Improvement and Innovation: Uses PDCA cycle, encourages collaboration and process optimization.

Integration Challenges and Mitigation

Organizational Factors:

  • Challenges: Resistance, unclear accountability. 

  • Mitigation: Leadership support, employee engagement, and clear communication.

Technical Factor:

  • Challenges: Different objectives and documents. 

  • Mitigation: Use the Annex SL framework, joint audits, and integrated templates.

Resource and Training Factor:

  • Challenges: Increased workload and costs. 

  • Mitigation: Phased rollout, cross-training, IMS software.

Industry Case Examples:

Toyota

  • Has 9001 and 14001

  • Integrated ISO 9001 & 14001 under the Toyota Production System (TPS). 

  • Achieved 35% CO₂ reduction, near-zero landfill, and improved product quality. 

  • Uses Kaizen to enhance both efficiency and sustainability

Mitsubishi

  • Has 9001 and 14001

  • Certified in ISO 9001 and ISO 14001 for its Sta. Rosa plant. 

  • Implemented waste reduction, energy optimization, and “Green Manufacturing’ audits. 

  • Improved supplier compliance and local sustainability practices. 

Siemens

  • Has 9001, 14001, 45001, but not 22301

  • Unified management under a single Sustainability Management 

  • Reduced carbon footprint by 46% and audit costs by 20% 

  • Demonstrates balance between product reliability and environmental goals. 

National Grid Corporation of the Philippines (NGCP)

  • Has 9001, 14001, 45001, and 22301

  • ISO 9001, 14001, 45001, and 22301 certified since 2012. 

  • Streamlined operations, reduced waste, and improved service reliability. 

  • Strengthened international reputation through integrated compliance. 

Nestle

  • Has 9001 and 14001

  • Integrated QMS & EMS in all factories to ensure food safety and sustainability. 

  • Reduced energy use per ton of product by 25% (2010-2020). 

  • Uses ISO integration for lifecycle sustainability tracking. 

San Miguel Brewery INC

  • Has 9001 and 14001

  • Integrates quality control with waste reduction and water recycling initiatives. 

  • Demonstrates that food/beverage manufacturing can achieve both efficiency and eco-goals.


Topic 5: PDCA, PDSA, and SDCA in Quality Management Systems

  • The early 20th century marked a period of rapid industrialization and mass production, which created unprecedented challenges for businesses. 

  • Factories produced goods on a large scale, but quality control was inconsistent and relied heavily on post-production inspection. 

  • Walter A. Shewhart, a physicist and statistician at Bell Telephone Laboratories, observed that all processes inherently exhibit variation. 

  • He distinguished between common cause variation (natural fluctuations) and special cause variation (irregular errors). 

  • This led to the development of Statistical Quality Control (SQC) and the first feedback loop for process management, the Shewhart Cycle, emphasizing that quality should be built into processes rather than inspected afterward.

  • Shewhart’s feedback loop, originally called Plan–Do–See or Plan–Do–Check, introduced the concept of systematic process control. 

  • By repeatedly planning, implementing, and reviewing, organizations could reduce variation and improve quality over time. 

  • The Shewhart Cycle encouraged proactive problem-solving and marked a shift from inspection-focused quality to process-focused quality.

  • After working with Shewhart, W. Edwards Deming expanded these ideas and helped rebuild Japanese industry post World War II. 

  • He taught statistical control and management principles to Japanese engineers and executives and introduced the PDCA (Plan–Do–Check–Act) cycle as a universal method for continuous improvement. 

  • His philosophy emphasized that quality is the responsibility of management, not just workers, and profoundly influenced companies like Toyota, Sony, and Mitsubishi. 

  • Deming’s teachings inspired the Japanese quality revolution, giving rise to Kaizen — the philosophy of continuous improvement. 

  • Japanese companies systematically implemented PDCA to enhance efficiency, reduce waste, and encourage employee involvement in problem-solving. 

  • Over the decades, Kaizen principles spread globally, making PDCA a core methodology in modern management and industrial practices.

  • While PDCA and PDSA focus on improvement and learning, SDCA (Standardize–Do–Check–Act) ensures that processes are stable and consistent before attempting improvements. 

  • Standardization creates a foundation for reliable operations, so organizations only improve processes that are already controlled. 

  • SDCA promotes discipline, consistency, and operational stability, which is essential for continuous improvement to be effective.

  • In practice, SDCA ensures that all workers follow the same best known method. Once stability is achieved, PDCA or PDSA can be applied to improve and innovate. 

  • For example, Toyota’s production system relies on standard work procedures as a foundation for Kaizen activities. By stabilizing processes first, organizations reduce variability and create a safe environment for experimentation and improvement.

  • SDCA, PDCA, and PDSA form a hierarchical framework for continuous improvement. SDCA stabilizes the process, PDCA improves the process, and PDSA drives learning and innovation. 

  • Together, they ensure that organizations achieve reliable, incremental, and sustainable progress, combining operational discipline with systematic experimentation and learning.

  • The evolution of process improvement cycles demonstrates a shift from controlling variation to fostering learning and innovation. 

  • SDCA establishes stability, PDCA drives improvement, and PDSA encourages experimentation and knowledge creation. By understanding and applying these cycles, organizations can build a culture of continuous improvement, reduce errors, enhance efficiency, and innovate sustainably.

PDCA Cycle

  • PDCA (Plan-Do-Check-Act) is an iterative, four-stage approach for continually improving processes, products or services, and for resolving problems. It involves systematically testing possible solutions, assessing the results, and implementing the ones that have shown to work. It is based on the scientific method of problem-solving and was popularized by Dr W. Edwards Deming, who is considered by many to be the father of modern quality control. 

  • The PDCA Cycle provides a simple and effective approach for solving problems and managing change. It enables businesses to develop hypotheses about what needs to change, test these hypotheses in a continuous feedback loop, and gain valuable learning and knowledge. It promotes testing improvements on a small scale before updating company-wide procedures and work methods.  

Key Characteristics:

  • Iterative: PDCA repeats continuously; it’s not a one-time process but a repeating loop of learning and improvement.

  • Data-driven: Relies on evidence, measurements, and analysis.

  • Systematic: PDCA encourages discipline and consistency in problem-solving.

  • Collaborative: Requires cross-functional teamwork.

  • Flexible: Can be applied to manufacturing, services, administration, and even education or healthcare.

PDSA Cycle

  • The PDSA cycle (Plan-Do-Study-Act) is an iterative, four-step framework for continuous improvement of processes, products, or services.  It was adapted from Deming’s original PDCA (“Plan-Do Check-Act”) cycle by emphasizing “Study” in place of “Check” to stress deeper learning and theory-building, not just simple verification. 

  • In practice, a team plans a change, does a small-scale test of that change, studies the outcome by collecting and analyzing data, and acts on what was learned by either adopting the change, adapting it, or abandoning it.

Key Characteristics

  • Iterative: PDSA is a continuous, never ending loop of experimentation.

  • Data-driven: The “Study” step emphasizes data collection and analysis. Focus on prediction and evidence (rather than just “checking” pass/fail)

  • Controlled Experimentation: Only a limited portion of a process or system is altered initially, minimizing risk. 

  • Innovative and Adaptive: Encourages testing new ideas in a structured way. It lets organizations try out novel solutions quickly and learn from failures safely.

  • Flexible: Widely used in diverse fields such as Healthcare and Education.

SDCA Cycle

  • The SDCA Cycle is a systematic approach used to maintain and control process stability through continuous standardization and evaluation. It ensures that the best-known methods are clearly defined, implemented, monitored, and improved when necessary. 

  • This cycle emphasizes sustaining established standards to prevent performance decline and maintain efficiency. By applying the SDCA Cycle, organizations can achieve consistent quality, operational reliability, and a strong foundation for continuous improvement. 

Objectives:

  • To establish and maintain process standards. 

  • To promote stability and reliability. 

  • To identify and correct deviations. 

  • To support continuous improvement. To enhance overall operational efficiency.

Key Characteristics

  • Standardization-focused: The SDCA Cycle ensures that best practices are clearly documented and consistently followed to maintain process stability.

  • Continuous Monitoring and Control: It prioritizes sustaining performance by regularly checking if standards are met and addressing deviations promptly.

  • Prevents Performance Decline: The cycle helps avoid backsliding by continuously reinforcing and validating established standards. 

  • Structure and Cyclical Process: SDCA uses a repetitive loop to keep processes stable, with updated standards serving as the new baseline.

  • Foundation for Continuous Improvement: It strengthens existing processes, providing a stable starting point for future PDCA improvements.

Sequential and Complementary Use: How the Three Cycles Work Together

  • SDCA provides a stable foundation by standardizing processes. 

  • PDCA builds on that stability to drive gradual, data-based improvements. 

  • PDSA introduces experimentation and innovation to test new ideas safely. 

Together, they form a “spiral of continuous progress” — a system that maintains quality while fostering constant learning and development. 

Integration: Applying the Cycles in Practice

A real-world example shows how the cycles integrate in an organization: 

  • Standardize work instructions to ensure consistency and reliability (SDCA). 

  • Optimize the standardized process by analyzing performance and reducing waste (PDCA). 

  • Experiment with new technology or innovative methods, study the outcomes, and, if successful, incorporate them into the new standard (PDSA).

Importance of Integration: 

  • Promotes balance between stability and change. 

  • Encourages data-driven decisions and experimentation. 

  • Builds a culture of continuous learning and improvement.

Three Improvement Cycles:

  • SDCA ensures stability and discipline by maintaining effective standards. 

  • PDCA focuses on gradual, data-based improvement of existing processes. 

  • PDSA promotes learning and innovation, allowing organizations to test and refine new ideas. 

Together, they form a continuous system that balances consistency, efficiency, and adaptability for sustainable growth. 

Application in QMS

PDCA as the Core of ISO 9001:2015

  • ISO 9001:2015 isn't just a set of rules; it's a dynamic system for continual improvement, and PDCA is its beating heart. 

  • The standard's clauses are deliberately designed to follow the PDCA logic. This ensures every requirement—from leadership to operations—is part of a cycle of planning, doing, checking, and acting. 

  • This model transforms the QMS from a static "certificate on the wall" into a living process that actively drives the organization toward its quality objectives and customer satisfaction.

How PDCA Drives the QMS:

  • PLAN (Clauses 4-6): Set the Strategy 

    • Action: Define context, assess risks, set objectives. 

    • Tool: SWOT Analysis, Risk Matrix.

  • CHECK (Clause 9): Monitor Performance 

    • Action: Audit processes, measure against KPIs. 

    • Tool: Internal Audits, Control Charts.

  • DO (Clauses 7-8): Execute the Plan

    • Action: Allocate resources, train staff, follow procedures. 

    • Tool: SOPs, Training Plans. 

  • ACT (Clause 10): Improve 

    • Action: Fix root causes, update processes. 

    • Tool: 5 Whys, CAPA. 

SDCA: The Foundation of Stability

  • Core principle—you cannot improve an unstable process 

  • SDCA creates the stable, standardized baseline needed for improvement 

  • It is embedded in ISO requirements for Documented Information, Competence, and Operational Control 

  • Example: A factory must first standardize a cutting method with SDCA before it can run a project to reduce material waste with PDCA

Topic 6: IATF 16949 & ISO 13485

IATF 16949: Automotive Industry

  • International standard for Automotive Quality Management Systems (QMS). 

  • Developed by the International Automotive Task Force (IATF). 

  • Fully aligned with ISO 9001; cannot be certified without it.

Purpose: Improve quality, consistency, and defect prevention in the automotive supply chain.

Focus: Customer-specific requirements (CSRs), process capability, risk management, and continual improvement.

Benefits: Reduced defects, improved OEM confidence, stronger supplier performance.

Key Principles:

  • Defect prevention as a core objective. 

  • Reduction of variation and waste. 

  • Integration of customer-specific requirements. 

  • Risk-based thinking and contingency planning. 

  • Data-driven decision-making. 

  • Strong supplier and process control. 

  • Continual improvement through structured problem-solving.

Scope and Applicability

  • Applicable to organizations involved in: 

    • Automotive parts manufacturing and assembly 

    • Design and development centers 

    • Heat treatment, welding, coating, and painting 

    • Material production (metal, rubber, plastics, etc.) Distribution and service-related operations 

  • Applies across the global automotive supply chain.  

List of Local Certified Companies:

  • Tsukiden Electronics PH:

  • EMS company (PCB assembly, automotive electronics) IATF 16949:2016-certified

  • First PH company certified by SGS under IATF 16949 

  • Focus on continuous improvement, customer-supplier partnership, at high quality process control 

  • Amkor Technology PH

  • Harada Automotive Antenna

  • Iriso Electronics PH

IATF 16949: 2016 Structure

Clause 1: Scope

  • This applies to design, development, production, and servicing of products

Clause 2: Normative Preference

  • This refers to ISO 9001:2015 as the basis for the requirements, along with customer-specific requirements applicable to the automotive industry.

Clause 3: Terms and Definitions

  • This includes automotive terms like special characteristics, control plan, product safety, traceability. 

Clause 4: Context of the Organization

  • QMS Scope: define boundaries, document any exclusions, and account for customer-specific requirements 

  • Process mapping: identify key processes and address risks and opportunities 

  • Documented Information: maintain records to support operations, traceability, and product safety.

Clause 5: Leadership

  • Management commitment: accountability for QMS effectiveness 

  • Customer focus: enhanced customer-specific requirements, continuous feedback, and metrics 

  • Quality policy: communicate and maintain policy aligned with strategic direction 

  • Roles and responsibilities: assign and document responsibilities, ensure authority and product conformity 

  • Corporate responsibility: ethical behavior, anti bribery policies, employee code of conduct, whistleblower protection.

Clause 6: Planning

  • Risk and Opportunity

  • Quality Objectives

  • Contingency Planning

  • Change Management

Clause 7: Support

  • Competence and training

  • Equipment calibration

  • Infrastructure and maintenance

  • Documentation control

  • Awareness and communication

Clause 8: Operation

  • Operational Planning: define processes, sequence, resources; include risks & controls. 

  • Design and Development: folow CSR, use FMEA, control plans, and validation. 

  • Supplier Management: evaluate, select, and monitor suppliers 

  • Production control: control processes, special characteristics, and traceability. 

  • Product safety and traceability: manage safety requirements, regulations, and traceability. 

  • Nonconforming output control: ISO 13485 detect, contain, and prevent shipment of nonconforming

Clause 9: 

  • Monitoring and measurement

  • Customer satisfaction

  • Internal audits

  • Management review

Clause 10: Improvement

  • Corrective Action: address nonconformities, including root cause analysis; IATF requires structured problem solving QMS IATF 16949 

  • Root Cause Analysis identify ISO 13485 underlying causes of issues; includes error proofing for defect prevention 

  • Continual Improvement enhance QMS effectiveness, product quality, and customer satisfaction 

Core Requirements:

  • Customer-specific requirements (CSRs) 

  • Risk management and contingency plans 

  • Product safety controls 

  • Process capability (Cp, Cpk) 

  • Supplier qualification and monitoring 

  • Production validation and approval (PPAP) 

  • Calibration and measurement systems 

  • Control of nonconforming products 

  • Error-proofing and preventive controls 

  • Traceability requirements 

ISO 13485: Medical Device Industry

Definition: ISO 13485 is an international standard for Quality Management Systems (QMS) specificaly designed for medical device organizations.

Purpose: Ensures medical devices are consistently designed, produced, and distributed in a safe and compliant manner.

Characteristics: The standard is harmonized with major regulatory frameworks such as the U.S. FDA, European Union MDR, and Health Canada regulations.

Focus: Emphasizes risk management, documentation, regulatory alignment, process control, and lifecycle quality.

Benefits: 

  • Reduces product defects and recalls 

  • Ensures strong regulatory compliance 

  • Enhances patient safety 

  • Promotes consistency and reliability in device quality

Key Principles:

  • Regulatory compliance as the foundation of the QMS 

    • The QMS must fully align with medical device regulations, ensuring that all processes, documents, and decisions support legal and safety requirements. 

  • Risk-based thinking and decision-making 

    • Risks must be identified, evaluated, and controlled at every stage of the product lifecycle to ensure safe and reliable medical devices

  • Process approach and lifecycle control 

    • All activities from design to production, distribution, and servicing must be managed as structured processes with clear controls and monitoring. 

  • Traceability and data integrity 

    • Organizations must maintain accurate, secure, and complete records, ensuring every device can be traced from materials to final use. 

  • Continual improvement focused on safety (not efficiency) 

    • Improvements should prioritize patient safety and product quality through audits, corrective actions, and ongoing performance evaluation.

Scope and Applicability

Applicable to organizations involved in: 

  • Medical device design and development 

    • Establish design controls, risk management, verification, validation, and design history documentation. 

  • Production and assembly 

    • Control of manufacturing processes, equipment, personnel qualifications, and work environment. 

  • Sterilization and cleanroom operation 

    • Validation of sterilization methods and maintenance of cleanroom conditions

  • Packaging, storage, distribution 

    • Ensuring product integrity and safety during storage, handling, shipping, and transport. 

  • Installation and servicing 

    • Procedures for proper installation, maintenance, servicing, and functional verification of medical devices. 

  • Suppliers of components and materials 

    • Complaint handling, regulatory reporting, field corrective actions, and traceability in case of recalls. 

List of Local Certified Companies

  • Toyoflex Cebiu Corporation

    • ISO 13485:2016 certified manufacturing facility in Cebu 

    • Produces non-sterile and sterile guidewires and angiographic catheters 

    • Includes EO-sterilized medical devices and metal components for guidewires 

    • Certification issued by TÜV SÜD; valid until 2026 

  • Integrated Micro-electronics Incorporated

  • Medsalv

ISO 13485: 2016 Structure

Clause 4: Quality Management System

  • General Requirements 

  • The organization must document a QMS and maintain its effectiveness. 

  • Crucialy, this includes applying a risk-based approach to hi the control of appropriate processes. 

  • Documentation Requirements: 

  • Quality Manual: The roadmap of your QMS. 

  • Medical Device File: Specifics for each device type/family. 

  • Control of Documents: Review, approval, and versioning. 

  • Control of Records: Evidence of conformity and effective operation. 

  • Practical Application: 

  • Proportional Control: The stringency of process controls (e.g., supplier audits, training rigor) should match the risk associated with that process failing. 

  • Alignment: Works in tandem with ISO 14971 (Risk Management for Medical Devices)

Clause 5: Management Responsibility

  • Leadership Commitment 

  • Top management cannot delegate accountability. They must provide evidence of commitment through resource allocation and internal communication. 

  • Customer and Regulatory Focus 

  • Ensuring that customer needs and applicable regulatory requirements are determined and met is a primary function of leadership. 

  • Quality Policy

  • A documented policy that provides a framework for establishing and reviewing quality objectives. Must be established, communicated, and understood at al levels. 

  • Management Review 

  • Regular reviews of the QMS to ensure its continuing suitability, adequacy, and effectiveness. This is a critical feedback loop for leadership

Clause 6: Resource Management

  • Competence and Training

  • Infrastructiure

  • Work Environment

Clause 7: Product Realization (Planning & Design)

  • Planning for Realization 

    • Planning the processes needed for realization, including quality objectives, resource needs, and verification/validation activities. 

  • Design and Development Control 

    • A controled process for device design (Inputs → Outputs → V&V). 

  • Purchasing and Supplier Management 

    • Evaluate suppliers based on risk and ability to meet requirements. 

  • Production & Process Controls 

    • Manufacturing under controled conditions (instructions, suitable equipment). 

  • Sterile Device Validation 

    • IQ/OQ/PQ required for processes where output cannot be verified (e.g., sterilization). 

  • Identification & Traceability 

    • Identify product status and maintain UDI records where needed. 

  • Preservation of Product 

    • Protect product from damage/contamination during al handling/storage

Clause 8: Measurement, Analysis, Improvement

  • Monitoring and Management 

    • Feedback Information: gathering on whether the organization has met customer requirements. This is a key input for risk management. 

    • Complaint Handling: Formal procedures for receiving, reviewing, and evaluating complaints. Includes determining if a complaint requires reporting to regulatory authorities. 

    • Internal Audit: Systematic, independent audits to determine if the QMS conforms to planned arrangements and ISO 13485 requirements.

  • Nonconforming Products

    • Strict procedures to ensure product that does not conform to requirements is identified 

    • Controls to prevent unintended delivery. Options include: Eliminate detected nonconformity (rework), Authorize use under concession, or Scrapping 

  • Corrective and Preventive Action (CAPA)

    • Corrective Action (CA) 

  • Action taken to eliminate the cause of a detected nonconformity or other undesirable situation. 

  • Goal: To prevent recurrence.

  • Preventive Action (PA) 

  • Action taken to eliminate the cause of a potential nonconformity or other undesirable potential situation. 

  • Goal: To prevent occurrence. 

  • Post-Market Surveillance and Feedback

  • Procedures must be in place to gather and review experience from the post-production phase. This feedback is essential for the risk management process.

  • Post-Market Actions: 

  • Complaint Handling: Formal process for receiving, reviewing, and evaluating complaints, including determining reportability. 

  • Regulatory Reporting: Documented procedures for timely reporting of adverse events or field actions to relevant regulatory authorities. 

  • Data Analysis: Using feedback, nonconformities, audits, and CAPA data to identify opportunities for improvement. 

Core Requirements of ISO 13485

  • Risk Management (ISO 14971 Alignment)

    • Integrated throughout product lifecycle 

    • Linked with feedback, complaint data, and post-market surveilance 

    • Required in QMS planning and process control 

  • Design & Development Documentation (DHF, DMR, DHR)

    • Design History File (DHF): Ful design development records 

    • Device Master Record (DMR): Manufacturing specs, procedures 

    • Device History Record (DHR): Documentation of how each unit or device was made 

    • Purpose: Ful traceability from design to production 

  • Supplier Quality and Purchasing Controls

    • Evaluate and qualify your suppliers 

    • Create quality agreements with suppliers. 

    • Monitor supplier performance (incoming inspection, audits) 

    • Use risk-based controls for outsourced processes / purchased products 

  • Complaint Handling and Vigilance Reporting

    • Document procedures for complaint receipt and evaluation. 

    • Investigate complaints, determine root causes 

    • Report to the regulatory authority if required 

    • Take corrective actions and track outcomes 

  • Process Validation (IQ, OQ, PQ)

    • Installation Qualification (IQ): Verify correct instalation 

    • Operational Qualification (OQ): Test that process operates within defined parameters 

    • Performance Qualification (PQ): Confirm that the process produces desired output under real conditions 

    • Validation is critical for processes that cannot be fuly verified by inspection. 

  • Traceability and UDI Systems

    • Track al materials, sub-components, and final devices 

    • Maintain Unique Device Identification (UDI) for devices Helps in product recals and regulation 

    • Ensure ful traceability in the event of non-conformities 

  • Document and Change Control

    • Procedures for document creation, review, approval, and distribution. 

    • Control of records: Storing, retrieving, retention, and protection 

    • Change control: Ensuring any change is reviewed, validated, and documented 

  • Training and Competency Documentation

    • Define competency requirements per job or role 

    • Maintain training records, assessments, and requalification evidence 

    • Ensure staff are trained on risk management, change control, and critical processes 

Challenges in Implementing ISO 13485

  • Heavy documentation requirements Quality 

    • Manual, Medical Device File, records, design controls 

  • Maintaining updated regulatory knowledge 

    • FDA, EU MDR, Health Canada expectations 

  • Supplier compliance and ongoing monitoring 

    • Requires audits, verification, and performance tracking 

  • Cleanroom/sterile process validation costs 

    • IQ/OQ/PQ + environmental controls 

  • Maintaining effective CAPA systems 

    • Root-cause analysis, verification of effectiveness 

  • Ensuring consistency in traceability 

    • UDI records, lot control, post-market data 

Benefits of ISO 13485

  • Demonstrates global regulatory readiness 

  • supports approvals across major markets 

  • Improves product consistency and safety 

  • controled processes, validated equipment 

  • Reduces defects, recalls, and compliance risks 

  • CAPA + risk-based monitoring 

  • Enhances customer trust and market competitiveness

  •  recognized certification increases credibility 

  • Strengthens supplier and process control 

  • traceability + purchasing requirements