Quality Management System Implementation is SO EASY....

By Jackie Torfin, Partner

It's 1995 and I am excited to be in my first team meeting, leading the implementation of not only ISO 13485, but the new Quality System Regulation! I've read everything I can read about what a "Quality Management System" or QMS is, and why we need one. We have an ISO 9001 certificate, so its not completely foreign - but it's apparently going to change the way we manufacture. And my R&D colleagues are up in arms over the controls this will bring for them!

First things first - we need to educate everyone. I pull in the VCR and TV cart and we pop in the beginning of the 4 hour series of videotapes called "New Quality System Regulation". We learned together - deciding on how these new concepts would fit in our business. Our tolerance for not doing it by the book was low - we were an international company - a small subsidiary of a large company. And we were determined to shine. Thus began my auspicious career as a serial QMS implementation offender.

I have implemented many full QMS since, and improved even more. I have harmonized, I have simplified, I have streamlined, and even beefed up. I have applied similar processes for IVD's, Medical Devices, Pharmaceuticals, Biologics, and Human Cell and Tissue

Products. Of course, with practice, most things become rote and quite easy. But I can tell you, it's not as clear cut with QMS implementation.

Many articles have been written espousing the ease of new electronic QMS (eQMS) system implementations - one size fits all, standard regulatory expectations make for simplified workflows! Maybe theoretically this is true. But every company, every product, every site, every nuance of regulatory structure and every management team has a different threshold for how much risk they want to take in how they manage their business and their QMS. No eQMS is one size fits all....

In each case, there are important questions to answer. Where is the company in their maturity? A start up may take more risk - or less. If they are a privately held company, they may have no one to "answer to" if they receive a few observations during an audit. Or is it traded publicly - and the risk for a 483 or major nonconformance would be too much? What is the likelihood that they will be inspected by FDA at all? A lower risk device may not be high on an FDA priority list, on the contrary, a critical service, like sterilization or biocompatibility testing may pop up on the list fairly often.

What is the "personality" of the organization? A highly detail oriented CEO may need full visibility into each site's performance, while a more strategic or visionary CEO may just need to know there is nothing burning down. Is the company an amalgam of several acquisitions? Or has it been grown together organically?

I have never completed an implementation or improvement of a QMS without completing a full risk assessment of the company, its processes, practices and people.

I have never completed an implementation or improvement of a QMS without completing a full risk assessment of the company, its processes, practices and people. And the risk assessment has never been a cut and paste activity. The assessment tool itself must be customized. Does high risk means it will give me a warning letter or just an internal nonconformance? Does the risk level need to include the extent to how the human resource is expended - high risk means we need more people to run the system, or does high risk mean we need different skill sets/people to run the system?

Twenty seven years later, in 2022, no pre-canned workflow can answer these questions. Every time a new implementation or improvement is started, I'm in the same spot as I was in 1995. Pulling the team together to learn about the regulations, how they apply to that place, at that time, with that product or service. And then it begins again.

If you need help in implementing or improving your QMS, or eQMS, contact QRx Partners at Contact@QRxPartners.com or 833-779-7278.