By Mark Durivage, Quality Systems Compliance LLC
Defining and measuring quality management system (QMS) processes is an oft-overlooked requirement of ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes. ISO 13485 requires each organization to determine the processes necessary to sustain the quality management system, monitor and measure those processes, and implement corrective action when planned results are not achieved.
Predictable and consistent process results can be achieved more effectively and efficiently when the activities are considered, managed, and understood as interconnected processes that function as a system. Acknowledging that a QMS consists of several interrelated processes, understanding how results are produced by that system of interrelated processes enables an organization to optimize the system and its performance.
ISO 13485 Process Requirements
- 4 — Quality management system
- 4.1.2 — The organization shall: a) determine the processes needed for the quality management system and the application of these processes throughout the organization considering the roles undertaken by the organization: b) apply a risk-based approach to the control of the appropriate processes needed for the quality management system; and c) determine the sequence and interaction of these processes.
- 5.6 — Management review
- 5.6.1 General — The organization shall document procedures for management review. Top management shall review the organization’s quality management system at documented planned intervals to ensure its continuing suitability, adequacy and effectiveness. The review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.
- 5.6.2 Review input — The input to management review shall include, but is not limited to, information arising from: e) monitoring and measurement of processes.
- 8.2.5 — Monitoring and measurement of processes
- The organization shall apply suitable methods for monitoring and, as appropriate, measurement of the quality management system processes. These methods shall demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate.
What is a Process?
ISO 9000:2015 Quality management systems — Fundamentals and vocabulary defines a process as “a set of interrelated or interacting activities that use inputs to deliver an intended result.” Intended results are further defined as process outputs. In its simplest form, a process takes an input, performs a value-added activity resulting with an intended output (Fig. 1).
Fig. 1 — Example Process
When identifying QMS processes, I like to use four acronyms — COPS, SOPS, AOPS, and MOPS — to categorize the processes. They are defined as:
- Customer Oriented Processes (COPs) represent the core work of the organization and have a direct impact on the customer. Examples include, but are not limited to: design and development, production, quoting, shipping, installation, and servicing.
- Support Oriented Processes (SOPs) enable core processes and have an indirect impact on the customer. Examples include, but are not limited to: finance, purchasing, supplier management, training, document control, record control, inspection activities, maintenance, and calibration.
- Assessment Oriented Processes (AOPs) monitor customer, support, and management processes, and indirectly impact the customer. Examples include, but are not limited to: internal audits, data analysis, corrective and preventive actions (CAPA), nonconformances, customer satisfaction, and management review.
- Management Oriented Processes (MOPs) are management areas of responsibility that enable core processes and have an indirect impact on the customer. Examples include, but are not limited to: organizational context, interested parties, quality policy, quality objectives, planning, resource management (human, facilities, equipment, infrastructure), communications, and customer focus.
It must be noted that the process categories will vary greatly based on the products and services provided by the organization. For example, calibration is generally considered a SOP. However, a company providing calibration services would most likely consider calibration a COP.
An organization has identified design and development as a COP (Table 1).
Table 1 — Example Design and Development Process
Table 1 identifies the process inputs, outputs, risks, and measures of process effectiveness and/or efficiency. The same table would need to be created for each COP, SOP, AOP, and MOP. The organization could also consider identifying opportunities for the process, as well as procedures for mitigation and analysis.
Process Approach Audits
Traditional clause-based audits typically utilize checklists to ensure compliance with standards by detecting non-conformances focusing on detection, but do not provide management with meaningful information of process effectiveness and/or efficiency (see ISO 13485:2016 8.2.5 Monitoring and measurement of processes).
Process approach audits have traditionally used the Turtle Diagram, first introduced by Philip Crosby. Crosby’s Turtle Diagram (Fig. 2) built upon the traditional Supplier, Input, Process, Output, Customer (SIPOC) Diagram.
Fig. 2 — Example Turtle Diagram
Process approach audits:
- Focus on how a process is performing through its lifecycle from input, processing, output, and ultimately, improvement.
- Focus on detecting inefficiencies or non-conformances within a process, rather than finding individual non-conformances within a population of process outputs.
- Ensure process activities are defined, measurable, add value, are efficient, are controlled, and provide an output that corresponds with business objectives.
Regulations, standards, and guidance documents require organizations to identify, control, and improve the processes necessary the operation of the QMS. Identifying and categorizing processes as COPs, SOPs, AOPs, and MOPs can help facilitate compliance. Process approach audits help organizations ensure processes are defined, measurable, add value, are efficient, are controlled, and provide outputs corresponding with business objectives.
About the Author
Mark Allen Durivage has worked as a practitioner, educator, consultant, and author. He is Managing Principal Consultant at Quality Systems Compliance LLC, an ASQ Fellow and SRE Fellow. Durivage primarily works with companies in the FDA regulated industries (medical devices, human tissue, animal tissue, and pharmaceuticals) focusing on quality management system implementation, integration, updates, and training. Additionally, he assists companies by providing internal and external audit support as well as FDA 483 and Warning Letter response and remediation services. He earned a BAS in computer aided machining from Siena Heights University and an MS in quality management from Eastern Michigan University. He holds several certifications including; CRE, CQE, CQA, CSSBB, RAC (Global), and CTBS. He has written several books available through ASQ Quality Press, published articles in Quality Progress, and is a frequent contributor to Life Science Connect. Durivage resides in Lambertville, Michigan. Please feel free to email him at email@example.com with any questions or comments.