QMS

QMS Essentials for MedTechs in 2025

30 Sep 2024
by Matteo Gubellini

In this post, rather than talking about Quality Management Systems (QMS) in general, we will go through some of the most frequently asked questions and doubts we have heard during our years in the MedTech market, and we will provide responses essential to medtechs.

QUESTIONS ABOUT QMS:

    What is a QMS?

    In the most simple terms, a quality management system is a defined set of processes and responsibilities that makes a company run how it’s supposed to. It typically consists of a set of policies, processes and procedures.

    What is a QMS composed of?

    The minimum set of documents is:

    1. A Quality Policy – a commitment of the company to quality and a guide to quality objectives.
    2. A Quality Manual – usually a map between standards and the Company’s process and procedures.
    3. Procedures – documents that explain how to execute processes described in the Quality Manual.
    4. Records – the outputs of the processes and procedures.

    Are Templates Required?

    No, but they significantly simplify the life of employees and help maintain consistency across the company.

    Is a QMS always Required?

    In the vast majority of cases, a full QMS is required to operate in the MedTech sector. There can be exclusions and non-applicabilities allowed by standards and regulations, depending on the type of business and class of device.

    How many Procedures should we have?

    The amount of procedures required by a company vastly depends on the size of the company and the complexity of the business/product. It can range from ~15 for a small company to 100+ for large corporations. It has to be a manageable amount, balancing having many small, lean procedures vs dispersion of content across too many document.

    What Documents are really really Required?

    A “simple” way to determine the minimum set of documentation is to check the relative standard or regulation for words like “document”.

    For example, in ISO 13486:2016 the verb “document” or “documented” is used in 4.1.1, 4.1.6, 4.2.1, 4.2.2, 4.2.4, 4.2.5, 5.5.1, 5.5.2, 5.6.1, 6.2, 6.3, 6.4.1, 6.4.2, 7.1, 7.2.2, 7.2.3, 7.3.1, etc.

    See ISO 13485 Documentation Requirements for more details.

    Can we Outsource our QMS?

    You can buy your QMS content or get a consultant to write it for you, but eventually auditors expect the company to eventually know, own and be able to navigate the system. Consultants are not allowed to participate in audits.

    Who should have Access to the QMS?

    Everyone. Or at least, everyone involved in any of the processes covered by the QMS, which typically is the majority of the employees.

    Can a Single Person Manage a Full QMS?

    Potentially yes, but it is strongly not recommended. Responsibilities should be distributed across the company to the people who “own” each process. These can be (and should be) technical leads, C-suite, etc., not just the Quality group.

    We are Planning to have One Person in the Development Team write the Entire DHF

    Less than ideal. It may sound like a good idea to have a single employee in charge of the documentation, but in reality many of the documents will need at a minimum some technical inputs. In some cases like Architecture documents, they are pure technical records that are written by technical experts.

    What Constitutes an “Approval” of a Document or Step in a Process?

    “Approval” is usually synonym of “Sign”. So an employee approves a document or a step in a process by affixing their signature to it (wet or electronic). Electronically this means entering a “secret”, typically a password or token, into the Document Management System.

    Where is my “Signature” in an Electronic Document?

    “Signing” an electronic document is the action of entering your credentials in the Document Management System. There isn’t necessarily a trace of the action in the document itself, this information is stored in the software, linking the signature action to the document. Reporting the approvals at the bottom of a document, typically in a Change History Table, can be done manually.

    But what about Printed Documents and PDF Exports? How can the Authenticity of the Change History Table be verified?

    It is important not to confuse “Electronic” signatures with “Digital” signatures. Digital signatures are a way to link a signature to a file even when the file is moved or transferred to another person (typically using encryption certificates). A digital signature is an “electronic, encrypted stamp of authentication on digital information such as messages. The digital signature confirms the integrity of the message”. Digital signatures are NOT required by 21 CFR 11, and they are a sub-type of Electronic signature.

    Printed or exported documents are instead uncontrolled copies of the master document, which always reside in the Document Management System.

    How Many People should Approve a Document?

    As many as necessary (without overburdening the process), but it is always a good idea to have at least 2 pairs of eyes on it (2 approvers, of which one may be QA). A single approver may be sufficient for simple records, like electronic format of paper records uploaded to a Document Management System.

    When should I Revise/Approve a DHF Document?

    At a minimum, at least once for every project Stage (Planning, Development, etc.). Certain documents may need to be revised several times during their life (e.g. risk management documents, requirements), while others are more static (e.g. Regulatory Plan). The golden rule is that documentation should be always aligned to the current status of the project. Plans put together in the early stages of a project probably need to be revised once things are more settled down, requirement refined, etc. Having project plans misaligned with the actual practices is a very common issue.

    👋 SoftComply can provide your company with an out-of-the-box QMS content that covers all requirements of ISO 13485, ISO 14971, IEC 62304, 21 CFR 820 and more:
    👉 Schedule a call to learn more 👈

    📽️ Join our Webinar on “Document Management & Confluence Validation” on October 9th:
    👉 Register here 👈

    🕺💃 Let’s meet in person at Medica in Düsseldorf in November:
    SoftComply together with our partner Jodocus will be at 📌 Hall 13 Stand C88 📌

    You can learn more here about Compliant Electronic Signatures and Compliant Electronic Records.

    Try us out on
    Atlassian

    SoftComply apps are available on Atlassian Marketplace – you can try them all out for free!

    Recommended articles

    Electronic Records Confluence
    What is an Electronic Record and How to Manage them in Confluence?
    From FDA 21 CFR 11.3(b)(6) “Electronic Record means any combination of text, graphics, data, audio, pictorial,…
    Continue reading
    15 Oct 2024
    postmarket surveillance and risk management
    Post-Market Surveillance & Risk Management
    All product development teams let out a sigh of relief when a product is launched. The…
    Continue reading
    10 Oct 2024
    Medical Device Compliance Guide
    Medical Device Compliance Guide for 2025
    Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the…
    Continue reading
    23 Sep 2024