未分類

QMS Construction Methods

QMS Construction Methods

Introduction to Quality Management Systems

A Quality Management System (QMS) is a structured framework designed for quality management. It provides the organizational structure, processes, procedures, and resources necessary to implement and maintain effective quality management practices. The QMS serves as the foundation for ensuring consistent product quality, regulatory compliance, and continuous improvement throughout the product lifecycle.

Hierarchical Structure of QMS Documentation

QMS documentation is typically constructed using a hierarchical, top-down approach consisting of multiple levels. While the exact number of levels may vary depending on organizational needs and complexity, a commonly used structure comprises four main levels:

Level 1: Quality Manual
The Quality Manual serves as the apex document of the QMS hierarchy. It provides a high-level overview of the organization’s quality management approach and philosophy.

Level 2: Policies and Procedures (Provisions)
Policies and procedures establish the rules and requirements for implementing the quality manual’s directives. These documents translate high-level commitments into actionable requirements.

Level 3: Standard Operating Procedures (SOPs)
SOPs describe the standardized methods for performing specific processes. These documents provide detailed, step-by-step instructions that ensure consistency across the organization.

Level 4: Work Instructions, Forms, and Templates
This level contains the most detailed operational documents, including specific work instructions, forms, templates, and batch records that guide day-to-day activities.

This four-tier structure represents a standard approach, though organizations may adapt it based on their specific needs, size, and complexity. The International Organization for Standardization (ISO) provides guidance on QMS documentation structure through ISO 10013:2021 “Guidelines for quality management system documentation,” which offers flexibility in determining the appropriate level of documentation detail.

It is important to note that while records are frequently included in QMS discussions, they are technically distinct from the QMS framework itself. Records are not part of the “system” or “framework” but rather represent evidence that the system has been implemented and executed. Records document the results of executing the QMS processes. Although records are a type of document, their management requirements differ from those of QMS procedural documents.

The Quality Manual: Leadership’s Responsibility

The Quality Manual must be developed and approved by senior management, also referred to as top management or executive leadership. This document represents the organization’s most senior-level commitment to quality and sets the strategic direction for the entire quality management system.

The Quality Manual must include the organization’s Quality Policy, which articulates senior management’s commitment to quality, continuous improvement, and compliance with applicable regulatory requirements. According to both ISO 13485:2016 (for medical devices) and ICH Q10 (for pharmaceuticals), the Quality Manual must clearly describe the scope of the QMS, outline the structure of the documentation used in the quality management system, and establish the framework for achieving quality objectives.

Why Quality Manuals Differ Between Companies

Even when companies operate under the same regulatory requirements, their Quality Manuals will differ substantially. This variation stems from several factors:

First, the products manufactured by each company differ significantly. For example, one pharmaceutical company may produce sterile injectables, while another manufactures oral solid dosage forms or oncology products. In the medical device industry, one manufacturer may produce implantable cardiac devices while another produces in vitro diagnostic equipment. Each product category carries unique risks and quality considerations.

Second, the processes implemented by each organization vary. Manufacturing processes, storage and distribution systems, sterilization procedures (where applicable), and testing methodologies differ based on product characteristics, facility capabilities, and organizational structure.

Third, risk profiles vary substantially. Products with different characteristics present different risks to patients and users. Consequently, the intensity and nature of quality management controls must be appropriately tailored to address these specific risks. This risk-based approach is explicitly required by ICH Q9 “Quality Risk Management” and ISO 14971 “Application of risk management to medical devices.”

Regulatory Inspections and the Quality Manual

In the context of regulatory inspections, particularly those conducted by the US Food and Drug Administration (FDA), inspectors may request that companies provide an English translation of their Quality Manual prior to the inspection. This advance submission enables the inspection team to understand several critical aspects of the organization:

  • What products the company manufactures and distributes
  • What processes the company is responsible for executing
  • The extent and maturity of the company’s quality management approach
  • Senior management’s demonstrated commitment to quality
  • How the organization has structured its quality system to address applicable regulatory requirements

With the implementation of the FDA’s Quality Management System Regulation (QMSR) in February 2024, which incorporates ISO 13485:2016 by reference and becomes effective February 2, 2026, this advance review of the Quality Manual has become even more critical. The QMSR represents a significant harmonization effort, aligning US requirements with international standards used by regulatory authorities worldwide.

Lower-Level Documentation: Policies, Procedures, and Work Instructions

Documentation below the Quality Manual (Levels 2 through 4) should be developed by qualified personnel in accordance with the Quality Manual’s directives and framework. These documents provide increasingly detailed guidance for implementing the quality management system in daily operations.

The Critical Principle: Compliance Hierarchy

A fundamental principle that is often misunderstood is the compliance hierarchy within an organization. Employees are required to comply with the Quality Manual and its subordinate procedures—not directly with regulatory requirements. While this distinction may seem subtle, it is critically important.

The Quality Manual serves as the organization’s interpretation and implementation of regulatory requirements, tailored to the specific products, processes, and risks of that organization. Employees reference and comply with the Quality Manual and its subordinate documents, which in turn ensure compliance with applicable regulatory requirements.

This hierarchical compliance structure ensures consistency, clarity, and appropriate risk-based implementation of regulatory requirements throughout the organization.

Common Issues: Misalignment Between Documentation Levels

During consultations and audits at pharmaceutical and medical device companies, I frequently observe inconsistencies between the Quality Manual and lower-level procedures and work instructions. This misalignment often occurs because many organizations, particularly those in Japan, construct their QMS using a bottom-up approach rather than the top-down methodology that is standard practice in Europe and North America.

The top-down approach, which is the expected methodology under both ISO 13485 and ICH Q10, begins with senior management establishing the Quality Manual and quality policy. Subordinate documentation is then developed to implement and support these high-level directives. Unfortunately, many Japanese companies struggle with this top-down approach, instead developing detailed procedures first and attempting to retrospectively create a Quality Manual that encompasses these existing documents.

When I identify inconsistencies between the Quality Manual and lower-level documentation, I occasionally receive responses such as: “The Quality Manual does not address this requirement, but the regulatory requirements mandate it.” This response reveals a fundamental misunderstanding of the QMS hierarchy and represents a significant compliance risk.

If the Quality Manual does not address a regulatory requirement that is then included in lower-level procedures, the Quality Manual becomes what might be called “window dressing”—a document that fails to provide meaningful guidance or governance for the organization’s quality management system. This situation creates several problems:

  • Regulatory inspectors who review the Quality Manual cannot gain an accurate understanding of the organization’s quality management approach
  • Employees lack clear direction on how regulatory requirements should be implemented within their specific organizational context
  • The document hierarchy becomes inconsistent and difficult to maintain
  • The organization cannot demonstrate that senior management has appropriately considered and addressed all applicable regulatory requirements

Level 2: Policies and Procedures (Provisions)

The second level of the QMS documentation hierarchy consists of policies and procedures that establish the rules and requirements for implementing the directives stated in the Quality Manual. These documents must ensure compliance with applicable regulatory requirements—this is non-negotiable.

During regulatory inspections, particularly those conducted by FDA investigators, inspectors tend to focus more attention on policies and procedures than on detailed work instructions. The reason for this emphasis is straightforward: while there may be multiple acceptable ways to perform a specific task (the “how”), the rules governing that task (the “what” and “when”) must demonstrably comply with regulatory requirements. Compliance with rules is objectively verifiable, whereas the optimality of a specific procedure may be more subjective.

Policies should clearly state requirements and expectations, leaving the detailed implementation steps to the SOPs and work instructions at Levels 3 and 4.

Level 3: Standard Operating Procedures (SOPs)

The third level of documentation consists of Standard Operating Procedures (SOPs), which describe standardized methods for performing processes. The key concept here is “standard”—these procedures should be consistent across different products and different facilities or areas within the organization.

The Problem with Product-Specific or Location-Specific SOPs

Organizations frequently create product-specific SOPs or location-specific SOPs (for example, separate SOPs for different manufacturing buildings or different production lines). However, this approach is problematic for several reasons:

First, it obscures what the organization’s actual “standard” procedure is. If every product has its own SOP, or every building has its own SOP, then by definition, there is no standard—only variations.

Second, proliferating SOPs in this manner creates inconsistencies and increases the risk of errors. When multiple similar but distinct SOPs exist, it becomes increasingly difficult to ensure they remain aligned and up-to-date.

Third, this approach significantly increases the administrative burden. More SOPs means more documents to review, approve, train on, revise, and maintain version control over.

The Proper Approach: Standardize at Level 3, Specify at Level 4

The appropriate approach is to maintain truly standardized SOPs at Level 3, and then address product-specific or location-specific variations at Level 4 through work instructions, forms, and templates such as Batch Manufacturing Records (BMRs) or Device History Records (DHRs).

Consider the practical reality: operators typically do not bring SOPs onto the production floor or into the laboratory. However, they do bring the specific forms, batch records, or work instructions they need to complete their assigned tasks and create the required records. Therefore, if product-specific or location-specific information is needed, it belongs in these Level 4 documents where it will actually be used, not in the Level 3 SOPs that provide the overarching standardized approach.

Distinguishing Procedures from Rules: The Flowchart Test

A useful principle for determining whether content belongs in an SOP or in a policy is the “flowchart test”: if you can create a flowchart or process flow diagram to represent the content, it is a procedure and belongs in an SOP. If you cannot meaningfully represent it in a flowchart, it is a rule or requirement and belongs in a policy document.

For example, “Passwords must contain at least six characters including at least one number and one special character” is a rule, not a procedure. It cannot be represented as a process flow and therefore belongs in a policy document, not an SOP.

When SOPs contain excessive rules, detailed requirements, or overly specific instructions that should be in Level 4 documents, they become difficult to read, difficult to understand, and difficult to revise and maintain.

The One Process, One SOP Principle

As a best practice, organizations should strive for a one-to-one relationship between processes and SOPs: one process should be described by one SOP. This approach, which aligns with the process-based thinking required by ISO 13485, ISO 9001, and ICH Q10, offers several advantages:

  • It makes the QMS easier to understand by creating clear boundaries between different processes
  • It facilitates maintenance and revision, as changes to a process require updating only a single SOP
  • It supports effective training, as personnel can focus on learning complete processes rather than piecing together information from multiple documents
  • It enables better process performance monitoring, as each SOP corresponds to a defined process that can be measured and improved

Level 4: Work Instructions, Forms, and Templates

The fourth level of the QMS documentation hierarchy contains the most detailed operational documents. These include specific work instructions, forms, templates, and product-specific documents such as Batch Manufacturing Records (for pharmaceuticals) or Device Master Records/Device History Records (for medical devices).

Detailed Instructions at the Point of Use

Level 4 documents provide the detailed, step-by-step instructions needed to perform specific tasks and create the required records. These documents are designed to be used at the point of work—in the manufacturing area, in the laboratory, in the warehouse, or in other operational locations.

The One Process, One Batch Record Principle

Just as with SOPs, there should be a clear one-to-one relationship between a process and its associated Level 4 documentation. For pharmaceutical manufacturing, this means one process equals one Batch Manufacturing Record (or equivalent documentation). For medical device manufacturing, this means one process equals one set of work instructions or one Device History Record.

The rationale is practical: there is no value in bringing a Batch Manufacturing Record or Device History Record to the work area if it describes processes or activities that the operator is not responsible for performing. Documents should contain only the information needed for the specific work being performed.

The Compliance Cascade

When designed correctly, the QMS documentation hierarchy creates a compliance cascade: if an operator follows the Level 4 work instructions and forms, they are inherently following the Level 3 standardized procedures. If they follow the Level 3 standardized procedures, they are implementing the Level 2 policies and provisions. If they implement the Level 2 policies and provisions, they are executing the directives of the Level 1 Quality Manual. And if they execute the directives of the Quality Manual, they are complying with applicable regulatory requirements.

This hierarchical compliance structure is the intended design of an effective QMS.

Data Integrity Considerations

In recent years, regulatory authorities worldwide have placed increasing emphasis on data integrity—the completeness, consistency, accuracy, and reliability of data throughout the data lifecycle. The FDA, the European Medicines Agency (EMA), the UK Medicines and Healthcare products Regulatory Authority (MHRA), and other regulatory bodies have issued guidance on data integrity principles.

When designing Level 4 work instructions and forms, organizations must incorporate features that support and enhance data integrity. This includes considerations such as:

  • Designing forms that minimize opportunities for transcription errors
  • Ensuring clear instructions on what data should be recorded, when, and by whom
  • Incorporating appropriate review and verification steps
  • Using mechanisms to ensure data is attributable, legible, contemporaneous, original, and accurate (ALCOA principles)
  • Implementing electronic systems with appropriate audit trails where applicable

The work instructions and forms at Level 4 represent the point where regulatory compliance theory meets operational reality. Therefore, careful attention to data integrity principles at this level is essential.

The Challenge for Japanese Companies: Transitioning to Top-Down QMS Construction

As previously discussed, many Japanese companies have historically struggled with top-down QMS construction. Instead of beginning with senior management establishing a Quality Manual and then developing subordinate documentation to implement it, Japanese companies often develop detailed procedures first, based on immediate operational needs and regulatory requirements, and then attempt to retrospectively create a Quality Manual that encompasses these procedures.

This bottom-up approach leads to several characteristic problems:

Complexity and Confusion: The resulting QMS tends to be complex, complicated, difficult to understand, and containing an excessive number of documents.

Proliferation of Similar Documents: Multiple documents that are similar but not identical tend to proliferate throughout the organization. These documents may address the same or overlapping topics but with slight variations, creating confusion about which document applies in which circumstances.

Lack of Clear Standards: When numerous product-specific or location-specific variations exist, it becomes unclear what the organization’s actual standard practice is.

Maintenance Challenges: The excessive number of documents creates significant maintenance burdens, making it difficult to keep documentation current, consistent, and accurate.

Regulatory Inspection Challenges: When regulatory inspectors review the QMS, they struggle to identify the organization’s systematic approach to quality management, as it is obscured by excessive documentation and variation.

Recommendations for Effective QMS Construction

Based on both international standards and practical experience, organizations should follow these principles when constructing or revising their QMS:

Principle 1: Start at the Top

Senior management must take ownership of the Quality Manual and quality policy. These documents should reflect genuine senior management commitment, not merely perfunctory statements drafted by the quality department. The Quality Manual should provide a clear, comprehensive overview of how the organization addresses applicable regulatory requirements in the context of its specific products, processes, and risks.

Principle 2: Ensure Consistency Across All Levels

Each level of documentation must be consistent with and support the levels above it. The Quality Manual establishes the framework; policies and procedures implement the framework; SOPs standardize the processes; work instructions provide detailed execution guidance. No level should contradict or fail to support the levels above it.

Principle 3: Maintain True Standards

SOPs should contain genuine standards—approaches that are consistent across products and locations. Product-specific and location-specific variations should be documented at Level 4, not incorporated into Level 3 SOPs.

Principle 4: Keep Documentation Lean and Purposeful

Every document should serve a clear purpose and add value. Avoid creating documents simply to “demonstrate compliance” or because “we’ve always done it this way.” ISO 13485 and ICH Q10 require certain documentation, but organizations have flexibility in determining the appropriate number and level of detail of documents. Focus on creating documentation that actually supports effective quality management rather than generating paperwork for its own sake.

Principle 5: Apply the Process Approach

Align documentation with processes rather than organizational departments or product lines. This process-based approach, which is fundamental to both ISO 13485 and ICH Q10, facilitates better understanding, more effective maintenance, and clearer process ownership and accountability.

Principle 6: Incorporate Risk-Based Thinking

Not all processes, products, or activities carry the same level of risk. The QMS documentation should reflect appropriate risk-based thinking, with the level of detail and control proportional to the risk. This approach is explicitly required by ICH Q9 “Quality Risk Management” for pharmaceuticals and ISO 14971 for medical devices.

Principle 7: Facilitate Data Integrity

Design work instructions and forms to support data integrity principles. Make it easy for personnel to do the right thing and difficult to make errors or compromise data quality. Consider human factors and the actual work environment when designing Level 4 documentation.

Current Regulatory Landscape and Recent Developments

The regulatory environment for quality management systems continues to evolve. Several recent developments are particularly noteworthy:

FDA’s Quality Management System Regulation (QMSR)

On February 2, 2024, the FDA published a final rule establishing the Quality Management System Regulation (QMSR), which incorporates ISO 13485:2016 by reference. This rule, which becomes effective February 2, 2026, represents the most significant change to FDA’s medical device quality system requirements in decades.

The QMSR replaces the Quality System Regulation (QSR) under 21 CFR Part 820 and aligns US requirements with the international standard used by regulatory authorities worldwide. This harmonization effort aims to reduce compliance burdens for manufacturers operating in multiple jurisdictions while maintaining device safety and effectiveness.

Importantly, the QMSR includes certain FDA-specific requirements beyond ISO 13485, including enhanced complaint handling provisions, additional recordkeeping requirements, and specific clarifications regarding design controls. Medical device manufacturers must understand both ISO 13485 and the FDA-specific additions to ensure full compliance.

ISO 13485:2016 and the Medical Device Quality Management System

ISO 13485:2016 remains the international standard for medical device quality management systems. It is recognized by regulatory authorities in Europe (for compliance with the EU Medical Device Regulation and In Vitro Diagnostic Regulation), Canada (through Health Canada), Australia (through the Therapeutic Goods Administration), Japan (through the Ministry of Health, Labour and Welfare), and now formally by the FDA through the QMSR.

ISO 13485:2016 requires organizations to establish, document, implement, maintain, and continually improve a quality management system. The standard explicitly requires organizations to outline the structure of their QMS documentation in the Quality Manual, though it does not prescribe a specific documentation structure. The four-level hierarchy described in this article represents a common and effective approach, though organizations may adapt it to their specific needs.

ICH Q10 for Pharmaceutical Quality Systems

For pharmaceutical manufacturers, ICH Q10 “Pharmaceutical Quality System” provides guidance on implementing an effective quality management system throughout the product lifecycle. ICH Q10, which was adopted by FDA in 2009 and by the European Medicines Agency in 2008, complements regional GMP requirements and is integrated with ICH Q8 “Pharmaceutical Development” and ICH Q9 “Quality Risk Management.”

ICH Q10 emphasizes management responsibility, quality policy and objectives, management review, and specific quality system elements including process performance and product quality monitoring, corrective and preventive action (CAPA), change management, and management review of process performance and product quality.

The FDA’s Quality Management Maturity (QMM) program, launched in 2022, builds upon ICH Q10 principles by evaluating and scoring the maturity of pharmaceutical manufacturers’ quality systems. Organizations with higher QMM scores may receive regulatory incentives, while those with lower scores may face increased scrutiny.

The Importance of Quality Culture

Recent regulatory guidance from FDA, EMA, and other authorities increasingly emphasizes the importance of quality culture—the shared values, beliefs, and behaviors regarding quality that exist within an organization. Quality culture is recognized as a critical factor in ensuring sustained compliance and product quality.

A strong quality culture cannot exist without an effective, well-designed QMS that is actually implemented and followed. The documentation hierarchy described in this article provides the structural foundation, but senior management commitment, employee engagement, and continuous improvement are essential to translate that structure into a genuine culture of quality.

Conclusion

An effective Quality Management System provides the foundation for consistent product quality, regulatory compliance, and continuous improvement. The hierarchical structure, with the Quality Manual at the apex supported by progressively more detailed levels of documentation, creates a framework that translates senior management commitment and regulatory requirements into daily operational reality.

However, the structure alone is insufficient. The QMS must be constructed using a top-down approach, with senior management establishing the Quality Manual and quality policy, and with all subordinate documentation designed to implement and support these high-level directives. Each level must be consistent with the levels above it, creating a clear compliance cascade from regulatory requirements through the Quality Manual, policies and procedures, standardized operating procedures, and finally to the detailed work instructions and forms used in daily operations.

Organizations, particularly those that have historically used bottom-up approaches to QMS development, must transition to this top-down methodology to create QMS documentation that is clear, consistent, maintainable, and effective in ensuring both regulatory compliance and quality product outcomes.

The regulatory environment continues to evolve, with harmonization efforts such as FDA’s adoption of ISO 13485 through the QMSR, increased emphasis on quality culture and quality maturity, and enhanced focus on data integrity. Organizations must ensure their QMS remains current with these developments while maintaining the fundamental principles of sound quality management.

Ultimately, an effective QMS serves not merely as a compliance exercise, but as a genuine tool for ensuring product quality, patient safety, and organizational excellence. When properly designed, implemented, and maintained, the QMS becomes an enabler of quality rather than a burden, supporting the organization’s mission to develop, manufacture, and deliver safe, effective, high-quality products to patients and users worldwide.

Understanding Preventive Action in CAPA Systems Previous post Electronic vs. Paper Records: Which Is the True Record? Next post

Related post

Comment

There are no comment yet.