Quality Management System

« Back to Glossary Index

Quality Management System (QMS) — incl. MDQMS

A Quality Management System (QMS) is the formal framework of processes, procedures, resources, and
responsibilities used to implement quality policy and achieve quality objectives. A QMS ensures products and services
are delivered consistently, compliantly, and with continual improvement based on measured performance.

Policy → Objectives → Processes
Risk-based
Continual improvement

Core elements of a QMS

  • Governance: quality policy, objectives, management responsibility, roles/competence.
  • Document & record control: controlled procedures, templates, change history, retention.
  • Risk-based processes: planning, process controls, metrics/KPIs, internal audits, management review.
  • Product realization: requirements capture, design & development controls, purchasing/supplier control, production/service control, identification & traceability.
  • Monitoring & improvement: inspection/testing, nonconformity control, complaints, CAPA, data analysis, continual improvement.

MDQMS — medical device QMS

An MDQMS is a QMS tailored to medical devices. It integrates the specific quality and regulatory
controls needed to ensure devices are safe and perform as intended for their
defined purpose. Typical reference frameworks include ISO 13485:2016 and jurisdictional quality
system regulations (e.g., U.S. quality system requirements) as well as EU MDR quality responsibilities.

  • Design & risk management: design controls with product risk management throughout the lifecycle.
  • Supplier & purchasing controls: qualification, quality agreements, incoming acceptance based on risk.
  • Production & process validation: validated special processes, equipment control, cleanliness, environmental conditions.
  • Traceability & labeling control: product identification/status, UDI (where applicable), IFU control.
  • Post-market processes: complaint handling, vigilance/reporting obligations, post-market surveillance, CAPA.

Implementation roadmap

1) Define scope, policy, and responsibilities
Document scope and interfaces, issue quality policy/objectives, appoint process owners and competence requirements.
2) Map processes & risks
Create a process map (inputs/outputs/metrics), identify risks/controls, and establish document/record control.
3) Design & supplier controls
Plan design controls and risk management; classify suppliers by risk, qualify them, and set monitoring/agreements.
4) Production & validation
Define production documentation, validate special processes, set equipment maintenance/calibration, and ensure traceability.
5) Feedback, complaints & CAPA
Implement feedback channels, complaint handling and vigilance triggers; drive effective CAPA with root-cause and effectiveness checks.
6) Internal audits & management review
Run a risk-based audit program and periodic management reviews to keep the QMS suitable, adequate, and effective.

Quick checklist

  • Documented policy, objectives, process map, and responsibilities.
  • Design controls and product risk management linked to verification/validation and labeling.
  • Supplier classification, qualification, and monitoring proportional to risk.
  • Process validations, equipment control, identification & traceability in place.
  • Complaints/vigilance integrated with CAPA; data drive continual improvement.
  • Internal audits and management reviews on schedule with actions closed.

QMS / MDQMS — FAQs


Is a QMS the same as ISO 13485?
No. ISO 13485 is a standard describing requirements for a medical-device QMS. Your QMS is the system you implement. You can align to and be certified against ISO 13485, but the QMS itself is broader than the certificate.

What is the FDA’s QMSR and how does it affect us?
The FDA’s Quality Management System Regulation (QMSR) replaces the legacy QSR and aligns closely with ISO 13485:2016. If you are ISO 13485-aligned/certified, you are largely prepared, but you must still meet FDA-specific clauses (e.g., records, complaint handling, labeling controls, and any U.S. reporting expectations).

What documents are typically required in a medical-device QMS?
A documented hierarchy (policy → procedures → work instructions/forms/records), a process map, risk-management SOPs, design controls, supplier controls, production/process validation, complaint/vigilance, CAPA, internal audits, and management reviews.

What’s the difference between compliance and conformity?
Compliance means meeting regulatory requirements (e.g., MDR obligations, FDA QMSR). Conformity means meeting the requirements of a standard (e.g., ISO 13485). Certification is third-party attestation of conformity—use the terms precisely so audit trails and declarations are unambiguous.

What’s the difference between compliance and certification?
Compliance = your QMS meets applicable requirements and withstands regulatory review. Certification = an accredited body has audited your QMS and issued an ISO 13485 certificate (surveillance + recertification cycle).

How often should we run internal audits and management reviews?
On a planned, risk-based cadence: commonly at least annually for management review and on a cycle that ensures all QMS processes are audited within a defined period.

How do we prove the QMS is effective?
Use KPIs and objectives (complaint rates, CAPA closure & effectiveness, training completion, supplier performance, yields, audit findings), review trends, trigger CAPA, and verify effectiveness.

What makes a QMS “medical-device ready” (MDQMS)?
Design controls linked to ISO 14971 risk management, supplier qualification/monitoring, validated special processes, identification & traceability, labeling/IFU control, complaint & vigilance handling, post-market surveillance, and robust CAPA.