Management Responsibility

Why Management Responsibility Is Critical

ISO 13485:2016 is an international standard for medical device manufacturers that establishes requirements for quality management systems (QMS). This standard is widely recognized by medical device regulatory authorities worldwide, including the FDA, PMDA (Pharmaceuticals and Medical Devices Agency), the European MDR (Medical Device Regulation), and IVDR (In Vitro Diagnostic Regulation). It serves as the foundation for international regulatory frameworks including MDSAP (Medical Device Single Audit Program), enabling manufacturers to demonstrate compliance across multiple jurisdictions through a single, integrated quality system.

Chapter 5 of ISO 13485:2016, titled “Management Responsibility,” contains the following requirements:

• 5.1 Management Commitment
• 5.2 Customer Focus
• 5.3 Quality Policy
• 5.4 Planning (5.4.1 Quality Objectives, 5.4.2 Quality Management System)

Similar principles are also adopted in ISO 9001:2015 (the general international standard for quality management), emphasizing management responsibility in quality management and assurance across all types of organizations.

Why, then, is management responsibility considered so critically important? The answer lies in important lessons learned from the medical device industry’s past. For many years, numerous companies have created documents and records in order to obtain ISO certification. However, over time, the original purpose gradually shifted from genuine quality improvement to simply achieving ISO certification itself. As a result, the focus narrowed to the creation of formalized documents and records that had become merely superficial in nature. This situation created a paradoxical condition where companies holding ISO certification often experienced no actual improvement in product quality—a complete inversion of the intended purpose.

To fundamentally address this problem, ISO 9001:2015 and ISO 13485:2016 evolved their requirements by placing greater emphasis on management responsibility. In other words, rather than merely creating documents and records as a matter of form, top management (senior leadership) must personally commit to and assume responsibility for the true objective of quality improvement. This shift represents a fundamental re-orientation from compliance documentation to genuine organizational commitment.

However, reality often tells a different story. In many cases, managers assume responsibility only for economic profit and loss, remaining indifferent to quality management and quality assurance matters. This indifference inevitably results in stagnant or declining quality performance. Medical devices are products whose quality directly impacts patient safety and outcomes. A quality failure in a medical device can result in serious patient harm. Therefore, management commitment to quality management is not merely a regulatory requirement but an essential imperative from both patient safety and corporate responsibility perspectives.

What Is Commitment?

Commitment does not simply mean “a promise.” What is essential is that commitment includes the understanding that if the promise is broken, management will bear concrete and serious consequences for that failure.

In recent years, numerous medical device quality scandals have captured public attention, and in many cases, they have ultimately resulted in senior executives holding press conferences and resigning to take responsibility. These cases demonstrate perhaps more powerfully than any regulation that corporate leadership bears ultimate and comprehensive responsibility for quality issues. When a quality defect in a medical device causes harm to patients, management cannot escape that responsibility.

In ISO 13485:2016, Section 5.1 specifies that top management must demonstrate evidence of commitment to establishing and implementing the quality management system and maintaining its continuing effectiveness through the following actions:

a) Communicating the importance of meeting customer requirements to the organization, while taking for granted the satisfaction of applicable regulatory requirements. This communication ensures that the entire organization positions quality as a top priority and understands the connection between their daily work and patient safety.

b) Establishing a quality policy. The quality policy is the highest management’s statement of intent regarding quality and serves as a compass guiding all employees toward a common direction.

c) Ensuring that quality objectives are established. Quality objectives translate the quality policy into specific, measurable targets that guide the organization’s activities throughout all functions and levels.

d) Conducting management review. This is not merely receiving reports but a critical process for evaluating the effectiveness of the quality management system and driving continuous improvement.

e) Ensuring that resources are available. Implementing and maintaining a quality management system requires various resources including personnel, equipment, budget, and technical expertise. When management ensures adequate resource allocation, it demonstrates the most concrete manifestation of genuine commitment to quality.

Furthermore, top management bears the responsibility of ensuring that customer requirements are not only precisely identified but also consistently met. This extends beyond explicit customer demands to include implicit requirements based on regulatory frameworks and industry practices. Management must understand these multifaceted requirements and establish organizational priorities to address them comprehensively.

Management Review (Management Assessment and Evaluation)

The term “review” appears frequently in ISO standards. Many organizations might translate this term into Japanese as “confirmation” (確認). However, when translating “review,” the context determines which of two different Japanese terms should be used. One is “audit” or “examination” (審査・照査), and the other is “reassessment” or “reconsideration” (見直し).

For example, “design review” is translated as “design examination” (設計審査), never as “design confirmation” (設計確認). This is because a design examination involves a comprehensive assessment of design appropriateness, safety, and manufacturability—a process of professional evaluation and judgment that extends far beyond simple confirmation.

In contrast, “management review” must be translated as “management reassessment” or “management evaluation” (経営者による見直し). This, too, means something far more substantial than merely “confirming” or “reporting.”

According to ISO 9000:2015, the definition of “review” is as follows:

“A determination of the suitability, adequacy, or effectiveness of the subject matter in achieving established objectives.”

This definition makes clear that review is not confirmation, a simple meeting, or fact-gathering. Rather, a review is a process of evaluating whether the current situation is suitable (Appropriateness), adequate (Validity), and effective (Effectiveness), and providing direction and driving improvements as needed. These three dimensions merit specific explanation:

• Appropriateness (Suitability): Whether the current quality management system aligns with ISO 13485:2016 requirements and whether it adequately addresses the latest medical device regulatory developments (MDR, IVDR, MDSAP, etc.)
• Validity (Adequacy): Whether the current quality management system is suited to the organization’s current environment and challenges, including changes in the medical device market, evolving customer needs, and emerging technologies (including AI and machine learning)
• Effectiveness: Whether the quality management system is actually achieving the established quality objectives and meeting customer requirements

The responsibility of managers is not merely to have subordinates report past performance. Rather, it is to engage in this multifaceted evaluation process, provide leadership and guidance, and elevate quality awareness and execution capability throughout the organization. This is the true purpose of management review.

The Specific Management Review Process

ISO 13485:2016 requires that organizations conduct periodic management review to assess whether the systems and mechanisms for systematically achieving the quality policy and quality objectives—as defined by management itself—continue to function appropriately, remain adequately suited to current conditions, and produce effective results. Typically, management review is expected to be conducted annually or more frequently as circumstances warrant. However, when significant events affecting the organization occur—such as major regulatory changes, rapid shifts in market environment, or the occurrence of quality problems—additional management reviews become necessary. For example, external factors such as supply chain disruptions during the COVID-19 pandemic or the phased expansion of MDR implementation can trigger the need for additional management reviews.

The matters that management must address during management review include the following:

1. The need for improvements or changes to the overall quality management system. This assessment should examine whether the organization needs to respond to new medical device regulations, changing customer requirements, or technological advances, particularly regarding quality management requirements for medical devices incorporating AI or machine learning.
2. The need for changes to the quality policy itself. When the organization’s business environment changes significantly or when the medical device market undergoes fundamental transformation, reconsideration of the quality policy may become necessary.
3. The need for changes to quality objectives. When established quality objectives become unrealistic to achieve, when they are achieved too easily, or when they become obsolete due to market environment changes, revision of the objectives is warranted.

As conclusions to the management review, management must document and communicate to the organization decisions and actions regarding the following matters:

1. Improvements necessary to maintain the effectiveness of the quality management system and its processes, and to drive continuous improvement. This includes not only corrective actions to address identified nonconformities but also preventive improvements that make the system more effective overall.
2. Improvements to products in response to customer requirements. Through QMS review, management should assess whether the organization adequately addresses customer needs and identify opportunities for product quality enhancement.
3. Resources (personnel, equipment, budget, training and education, etc.) necessary to ensure the continued suitability and effectiveness of the quality management system. These resource decisions represent the most important way management demonstrates genuine commitment to quality.

Management review is not a formality or a reporting exercise. Rather, it is a critical process through which management develops deep understanding of the organization’s quality functions and actively participates in driving system effectiveness. When management conducts this process with genuine commitment, the quality management system transforms from a merely formal requirement into a substantive system that supports the organization’s fundamental values and mission.

For medical device manufacturers, management responsibility and resolve represent the final safeguard for patient safety. Management involvement in quality management is not merely a matter of regulatory compliance but a fundamental responsibility to protect the health and lives of patients who use the medical devices the organization produces.