From 57bde764fe9e43ae92259cbb4faf7fe60f405460 Mon Sep 17 00:00:00 2001 From: Timothy Kassis Date: Mon, 29 Dec 2025 11:12:50 -0800 Subject: [PATCH] Added ISO 13485 certification prep skill --- .claude-plugin/marketplace.json | 5 +- README.md | 71 +- docs/scientific-skills.md | 22 + .../iso-13485-certification/SKILL.md | 674 +++++++++++++++++ .../procedures/CAPA-procedure-template.md | 453 ++++++++++++ .../document-control-procedure-template.md | 567 +++++++++++++++ .../templates/quality-manual-template.md | 521 +++++++++++++ .../references/gap-analysis-checklist.md | 568 +++++++++++++++ .../references/iso-13485-requirements.md | 610 ++++++++++++++++ .../references/mandatory-documents.md | 606 +++++++++++++++ .../references/quality-manual-guide.md | 688 ++++++++++++++++++ .../scripts/gap_analyzer.py | 440 +++++++++++ 12 files changed, 5197 insertions(+), 28 deletions(-) create mode 100644 scientific-skills/iso-13485-certification/SKILL.md create mode 100644 scientific-skills/iso-13485-certification/assets/templates/procedures/CAPA-procedure-template.md create mode 100644 scientific-skills/iso-13485-certification/assets/templates/procedures/document-control-procedure-template.md create mode 100644 scientific-skills/iso-13485-certification/assets/templates/quality-manual-template.md create mode 100644 scientific-skills/iso-13485-certification/references/gap-analysis-checklist.md create mode 100644 scientific-skills/iso-13485-certification/references/iso-13485-requirements.md create mode 100644 scientific-skills/iso-13485-certification/references/mandatory-documents.md create mode 100644 scientific-skills/iso-13485-certification/references/quality-manual-guide.md create mode 100644 scientific-skills/iso-13485-certification/scripts/gap_analyzer.py diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 35fde88..06ff398 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -6,7 +6,7 @@ }, "metadata": { "description": "Claude scientific skills from K-Dense Inc", - "version": "2.10.1" + "version": "2.11.0" }, "plugins": [ { @@ -152,7 +152,8 @@ "./scientific-skills/omero-integration", "./scientific-skills/opentrons-integration", "./scientific-skills/protocolsio-integration", - "./scientific-skills/get-available-resources" + "./scientific-skills/get-available-resources", + "./scientific-skills/iso-13485-certification" ] } ] diff --git a/README.md b/README.md index e5cb6c1..15062a7 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,29 @@ # Claude Scientific Skills [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE.md) -[![Skills](https://img.shields.io/badge/Skills-125-brightgreen.svg)](#whats-included) +[![Skills](https://img.shields.io/badge/Skills-138-brightgreen.svg)](#whats-included) > 💼 For substantially more advanced capabilities, compute infrastructure, and enterprise-ready offerings, check out [k-dense.ai](https://k-dense.ai/). -A comprehensive collection of **125+ ready-to-use scientific skills** for Claude, created by the K-Dense team. Transform Claude into your AI research assistant capable of executing complex multi-step scientific workflows across biology, chemistry, medicine, and beyond. +A comprehensive collection of **138 ready-to-use scientific skills** for Claude, created by the K-Dense team. Transform Claude into your AI research assistant capable of executing complex multi-step scientific workflows across biology, chemistry, medicine, and beyond. These skills enable Claude to seamlessly work with specialized scientific libraries, databases, and tools across multiple scientific domains: - 🧬 Bioinformatics & Genomics - Sequence analysis, single-cell RNA-seq, gene regulatory networks, variant annotation, phylogenetic analysis - 🧪 Cheminformatics & Drug Discovery - Molecular property prediction, virtual screening, ADMET analysis, molecular docking, lead optimization - 🔬 Proteomics & Mass Spectrometry - LC-MS/MS processing, peptide identification, spectral matching, protein quantification -- 🏥 Clinical Research & Precision Medicine - Clinical trials, pharmacogenomics, variant interpretation, drug safety, precision therapeutics +- 🏥 Clinical Research & Precision Medicine - Clinical trials, pharmacogenomics, variant interpretation, drug safety, clinical decision support, treatment planning - 🧠 Healthcare AI & Clinical ML - EHR analysis, physiological signal processing, medical imaging, clinical prediction models - 🖼️ Medical Imaging & Digital Pathology - DICOM processing, whole slide image analysis, computational pathology, radiology workflows - 🤖 Machine Learning & AI - Deep learning, reinforcement learning, time series analysis, model interpretability, Bayesian methods - 🔮 Materials Science & Chemistry - Crystal structure analysis, phase diagrams, metabolic modeling, computational chemistry - 🌌 Physics & Astronomy - Astronomical data analysis, coordinate transformations, cosmological calculations, symbolic mathematics, physics computations - ⚙️ Engineering & Simulation - Discrete-event simulation, multi-objective optimization, metabolic engineering, systems modeling, process optimization -- 📊 Data Analysis & Visualization - Statistical analysis, network analysis, time series, publication-quality figures, large-scale data processing +- 📊 Data Analysis & Visualization - Statistical analysis, network analysis, time series, publication-quality figures, large-scale data processing, EDA - 🧪 Laboratory Automation - Liquid handling protocols, lab equipment control, workflow automation, LIMS integration -- 📚 Scientific Communication - Literature review, peer review, scientific writing, document processing, publication workflows +- 📚 Scientific Communication - Literature review, peer review, scientific writing, document processing, posters, slides, schematics, citation management - 🔬 Multi-omics & Systems Biology - Multi-modal data integration, pathway analysis, network biology, systems-level insights - 🧬 Protein Engineering & Design - Protein language models, structure prediction, sequence design, function annotation +- 🎓 Research Methodology - Hypothesis generation, scientific brainstorming, critical thinking, grant writing, scholar evaluation **Transform Claude Code into an 'AI Scientist' on your desktop!** @@ -32,12 +33,13 @@ These skills enable Claude to seamlessly work with specialized scientific librar ## 📦 What's Included -This repository provides **125+ scientific skills** organized into the following categories: +This repository provides **138 scientific skills** organized into the following categories: -- **26+ Scientific Databases** - Direct API access to OpenAlex, PubMed, ChEMBL, UniProt, COSMIC, ClinicalTrials.gov, and more -- **54+ Python Packages** - RDKit, Scanpy, PyTorch Lightning, scikit-learn, BioPython, PennyLane, Qiskit, and others +- **28+ Scientific Databases** - Direct API access to OpenAlex, PubMed, bioRxiv, ChEMBL, UniProt, COSMIC, ClinicalTrials.gov, and more +- **55+ Python Packages** - RDKit, Scanpy, PyTorch Lightning, scikit-learn, BioPython, BioServices, PennyLane, Qiskit, and others - **15+ Scientific Integrations** - Benchling, DNAnexus, LatchBio, OMERO, Protocols.io, and more -- **20+ Analysis & Communication Tools** - Literature review, scientific writing, peer review, document processing +- **30+ Analysis & Communication Tools** - Literature review, scientific writing, peer review, document processing, posters, slides, schematics, and more +- **10+ Research & Clinical Tools** - Hypothesis generation, grant writing, clinical decision support, treatment plans, regulatory compliance Each skill includes: - ✅ Comprehensive documentation (`SKILL.md`) @@ -78,9 +80,9 @@ Each skill includes: - **Multi-Step Workflows** - Execute complex pipelines with a single prompt ### 🎯 **Comprehensive Coverage** -- **125+ Skills** - Extensive coverage across all major scientific domains -- **26+ Databases** - Direct access to OpenAlex, PubMed, ChEMBL, UniProt, COSMIC, and more -- **54+ Python Packages** - RDKit, Scanpy, PyTorch Lightning, scikit-learn, PennyLane, Qiskit, and others +- **138 Skills** - Extensive coverage across all major scientific domains +- **28+ Databases** - Direct access to OpenAlex, PubMed, bioRxiv, ChEMBL, UniProt, COSMIC, and more +- **55+ Python Packages** - RDKit, Scanpy, PyTorch Lightning, scikit-learn, BioServices, PennyLane, Qiskit, and others ### 🔧 **Easy Integration** - **One-Click Setup** - Install via Claude Code or MCP server @@ -335,12 +337,12 @@ networks, and search GEO for similar patterns. ## 📚 Available Skills -This repository contains **125+ scientific skills** organized across multiple domains. Each skill provides comprehensive documentation, code examples, and best practices for working with scientific libraries, databases, and tools. +This repository contains **138 scientific skills** organized across multiple domains. Each skill provides comprehensive documentation, code examples, and best practices for working with scientific libraries, databases, and tools. ### Skill Categories -#### 🧬 **Bioinformatics & Genomics** (15+ skills) -- Sequence analysis: BioPython, pysam, scikit-bio +#### 🧬 **Bioinformatics & Genomics** (16+ skills) +- Sequence analysis: BioPython, pysam, scikit-bio, BioServices - Single-cell analysis: Scanpy, AnnData, scvi-tools, Arboreto, Cellxgene Census - Genomic tools: gget, geniml, gtars, deepTools, FlowIO, Zarr - Phylogenetics: ETE Toolkit @@ -355,9 +357,10 @@ This repository contains **125+ scientific skills** organized across multiple do #### 🔬 **Proteomics & Mass Spectrometry** (2 skills) - Spectral processing: matchms, pyOpenMS -#### 🏥 **Clinical Research & Precision Medicine** (8+ skills) +#### 🏥 **Clinical Research & Precision Medicine** (12+ skills) - Clinical databases: ClinicalTrials.gov, ClinVar, ClinPGx, COSMIC, FDA Databases -- Healthcare AI: PyHealth, NeuroKit2 +- Healthcare AI: PyHealth, NeuroKit2, Clinical Decision Support +- Clinical documentation: Clinical Reports, Treatment Plans - Variant analysis: Ensembl, NCBI Gene #### 🖼️ **Medical Imaging & Digital Pathology** (3 skills) @@ -388,13 +391,15 @@ This repository contains **125+ scientific skills** organized across multiple do - Discrete-event simulation: SimPy - Data processing: Dask, Polars, Vaex -#### 📊 **Data Analysis & Visualization** (10+ skills) -- Visualization: Matplotlib, Seaborn, Plotly +#### 📊 **Data Analysis & Visualization** (14+ skills) +- Visualization: Matplotlib, Seaborn, Plotly, Scientific Visualization - Geospatial analysis: GeoPandas - Network analysis: NetworkX - Symbolic math: SymPy - PDF generation: ReportLab - Data access: Data Commons +- Exploratory data analysis: EDA workflows +- Statistical analysis: Statistical Analysis workflows #### 🧪 **Laboratory Automation** (3 skills) - Liquid handling: PyLabRobot @@ -410,18 +415,22 @@ This repository contains **125+ scientific skills** organized across multiple do - Protein language models: ESM - Cloud laboratory platform: Adaptyv (automated protein testing and validation) -#### 📚 **Scientific Communication** (10+ skills) -- Literature: OpenAlex, PubMed, Literature Review +#### 📚 **Scientific Communication** (20+ skills) +- Literature: OpenAlex, PubMed, bioRxiv, Literature Review - Web search: Perplexity Search (AI-powered search with real-time information) - Writing: Scientific Writing, Peer Review -- Document processing: XLSX, MarkItDown -- Publishing: Paper-2-Web +- Document processing: XLSX, MarkItDown, Document Skills +- Publishing: Paper-2-Web, Venue Templates +- Presentations: Scientific Slides, LaTeX Posters, PPTX Posters +- Diagrams: Scientific Schematics +- Citations: Citation Management - Illustration: Generate Image (AI image generation with FLUX.2 Pro and Gemini 3 Pro (Nano Banana Pro)) -#### 🔬 **Scientific Databases** (27+ skills) +#### 🔬 **Scientific Databases** (28+ skills) - Protein: UniProt, PDB, AlphaFold DB - Chemical: PubChem, ChEMBL, DrugBank, ZINC, HMDB - Genomic: Ensembl, NCBI Gene, GEO, ENA, GWAS Catalog +- Literature: bioRxiv (preprints) - Clinical: ClinVar, COSMIC, ClinicalTrials.gov, ClinPGx, FDA Databases - Pathways: KEGG, Reactome, STRING - Targets: Open Targets @@ -429,12 +438,22 @@ This repository contains **125+ scientific skills** organized across multiple do - Enzymes: BRENDA - Patents: USPTO -#### 🔧 **Infrastructure & Platforms** (5+ skills) +#### 🔧 **Infrastructure & Platforms** (6+ skills) - Cloud compute: Modal - Genomics platforms: DNAnexus, LatchBio - Microscopy: OMERO - Automation: Opentrons -- Tool discovery: ToolUniverse +- Tool discovery: ToolUniverse, Get Available Resources + +#### 🎓 **Research Methodology & Planning** (8+ skills) +- Ideation: Scientific Brainstorming, Hypothesis Generation +- Critical analysis: Scientific Critical Thinking, Scholar Evaluation +- Funding: Research Grants +- Discovery: Research Lookup +- Market analysis: Market Research Reports + +#### ⚖️ **Regulatory & Standards** (1 skill) +- Medical device standards: ISO 13485 Certification > 📖 **For complete details on all skills**, see [docs/scientific-skills.md](docs/scientific-skills.md) diff --git a/docs/scientific-skills.md b/docs/scientific-skills.md index e8386c1..2a8bffe 100644 --- a/docs/scientific-skills.md +++ b/docs/scientific-skills.md @@ -29,6 +29,7 @@ - **UniProt** - Universal Protein Resource for protein sequences, annotations, and functional information (UniProtKB/Swiss-Prot reviewed entries, TrEMBL unreviewed entries) with REST API access for search, retrieval, ID mapping, and batch operations across 200+ databases - **USPTO** - United States Patent and Trademark Office data access including patent searches, trademark lookups, patent examination history (PEDS), office actions, assignments, citations, and litigation records; supports PatentSearch API (ElasticSearch-based patent search), TSDR (Trademark Status & Document Retrieval), Patent/Trademark Assignment APIs, and additional specialized APIs for comprehensive IP analysis - **ZINC** - Free database of commercially-available compounds for virtual screening and drug discovery maintained by UCSF. Contains 230M+ purchasable compounds from 100+ vendors in ready-to-dock 3D formats (SDF, MOL2) with pre-computed conformers. Provides compound information including chemical structures, vendor information and pricing, physicochemical properties (molecular weight, logP, H-bond donors/acceptors, rotatable bonds), drug-likeness filters (Lipinski's Rule of Five, Veber rules), and substructure search capabilities. Features multiple compound subsets (drug-like, lead-like, fragment-like, natural products), downloadable subsets for specific screening campaigns, and integration with molecular docking software (AutoDock, DOCK, Glide). Supports structure-based and ligand-based virtual screening workflows. Use cases: virtual screening campaigns, lead identification, compound library design, high-throughput docking, and drug discovery research +- **bioRxiv** - Preprint server for the life sciences providing Python-based tools for searching and retrieving preprints. Supports comprehensive searches by keywords, authors, date ranges, and subject categories, returning structured JSON metadata including titles, abstracts, DOIs, and citation information. Features PDF downloads for full-text analysis, filtering by bioRxiv subject categories (neuroscience, bioinformatics, genomics, etc.), and integration with literature review workflows. Use cases: tracking recent preprints, conducting systematic literature reviews, analyzing research trends, monitoring publications by specific authors, and staying current with emerging research before formal peer review ## Scientific Integrations @@ -96,6 +97,11 @@ - **NeuroKit2** - Comprehensive biosignal processing toolkit for analyzing physiological data including ECG, EEG, EDA, RSP, PPG, EMG, and EOG signals. Use this skill when processing cardiovascular signals, brain activity, electrodermal responses, respiratory patterns, muscle activity, or eye movements. Key features include: automated signal processing pipelines (cleaning, peak detection, delineation, quality assessment), heart rate variability analysis across time/frequency/nonlinear domains (SDNN, RMSSD, LF/HF, DFA, entropy measures), EEG analysis (frequency band power, microstates, source localization), autonomic nervous system assessment (sympathetic indices, respiratory sinus arrhythmia), comprehensive complexity measures (25+ entropy types, 15+ fractal dimensions, Lyapunov exponents), event-related and interval-related analysis modes, epoch creation and averaging for stimulus-locked responses, multi-signal integration with unified workflows, and extensive signal processing utilities (filtering, decomposition, peak correction, spectral analysis). Includes modular reference documentation across 12 specialized domains. Use cases: heart rate variability for cardiovascular health assessment, EEG microstates for consciousness studies, electrodermal activity for emotion research, respiratory variability analysis, psychophysiology experiments, affective computing, stress monitoring, sleep staging, autonomic dysfunction assessment, biofeedback applications, and multi-modal physiological signal integration for comprehensive human state monitoring - **PyHealth** - Comprehensive healthcare AI toolkit for developing, testing, and deploying machine learning models with clinical data. Provides specialized tools for electronic health records (EHR), physiological signals, medical imaging, and clinical text analysis. Key features include: 10+ healthcare datasets (MIMIC-III/IV, eICU, OMOP, sleep EEG, COVID-19 CXR), 20+ predefined clinical prediction tasks (mortality, hospital readmission, length of stay, drug recommendation, sleep staging, EEG analysis), 33+ models (Logistic Regression, MLP, CNN, RNN, Transformer, GNN, plus healthcare-specific models like RETAIN, SafeDrug, GAMENet, StageNet), comprehensive data processing (sequence processors, signal processors, medical code translation between ICD-9/10, NDC, RxNorm, ATC systems), training/evaluation utilities (Trainer class, fairness metrics, calibration, uncertainty quantification), and interpretability tools (attention visualization, SHAP, ChEFER). 3x faster than pandas for healthcare data processing. Use cases: ICU mortality prediction, hospital readmission risk assessment, safe medication recommendation with drug-drug interaction constraints, sleep disorder diagnosis from EEG signals, medical code standardization and translation, clinical text to ICD coding, length of stay estimation, and any clinical ML application requiring interpretability, fairness assessment, and calibrated predictions for healthcare deployment +### Clinical Documentation & Decision Support +- **Clinical Decision Support** - Generate professional clinical decision support (CDS) documents for pharmaceutical and clinical research settings. Includes patient cohort analyses (biomarker-stratified with outcomes) and treatment recommendation reports (evidence-based guidelines with decision algorithms). Features GRADE evidence grading, statistical analysis (hazard ratios, survival curves, waterfall plots), biomarker integration (genomic alterations, gene expression signatures, IHC markers), and regulatory compliance. Use cases: pharmaceutical cohort reporting, clinical guideline development, comparative effectiveness analyses, treatment algorithm creation, and evidence synthesis for drug development +- **Clinical Reports** - Write comprehensive clinical reports following established guidelines and standards. Covers case reports (CARE guidelines), diagnostic reports (radiology, pathology, laboratory), clinical trial reports (ICH-E3, SAE, CSR), and patient documentation (SOAP notes, H&P, discharge summaries). Includes templates, regulatory compliance (HIPAA, FDA, ICH-GCP), and validation tools. Use cases: journal case reports, diagnostic findings documentation, clinical trial reporting, patient progress notes, and regulatory submissions +- **Treatment Plans** - Generate concise (3-4 page), focused medical treatment plans in LaTeX/PDF format for all clinical specialties. Supports general medical treatment, rehabilitation therapy, mental health care, chronic disease management, perioperative care, and pain management. Features SMART goal frameworks, evidence-based interventions, HIPAA compliance, and professional formatting. Use cases: individualized patient care plans, rehabilitation programs, psychiatric treatment plans, surgical care pathways, and pain management protocols + ### Neuroscience & Electrophysiology - **Neuropixels-Analysis** - Comprehensive toolkit for analyzing Neuropixels high-density neural recordings using SpikeInterface, Allen Institute, and International Brain Laboratory (IBL) best practices. Supports the full workflow from raw data to publication-ready curated units. Key features include: data loading from SpikeGLX, Open Ephys, and NWB formats, preprocessing pipelines (highpass filtering, phase shift correction for Neuropixels 1.0, bad channel detection, common average referencing), motion/drift estimation and correction (kilosort_like and nonrigid_accurate presets), spike sorting integration (Kilosort4 GPU, SpykingCircus2, Mountainsort5 CPU), comprehensive postprocessing (waveform extraction, template computation, spike amplitudes, correlograms, unit locations), quality metrics computation (SNR, ISI violations, presence ratio, amplitude cutoff, drift metrics), automated curation using Allen Institute and IBL criteria with configurable thresholds, AI-assisted visual curation for uncertain units using Claude API, and export to Phy for manual review or NWB for sharing. Supports Neuropixels 1.0 (960 electrodes, 384 channels) and Neuropixels 2.0 (single and 4-shank configurations). Use cases: extracellular electrophysiology analysis, spike sorting from silicon probes, neural population recordings, systems neuroscience research, unit quality assessment, publication-ready neural data processing, and integration of AI-assisted curation for borderline units @@ -158,9 +164,16 @@ - **HypoGeniC** - Automated hypothesis generation and testing using large language models to accelerate scientific discovery. Provides three frameworks: HypoGeniC (data-driven hypothesis generation from observational data), HypoRefine (synergistic approach combining literature insights with empirical patterns through an agentic system), and Union methods (mechanistic combination of literature and data-driven hypotheses). Features iterative refinement that improves hypotheses by learning from challenging examples, Redis caching for API cost reduction, and customizable YAML-based prompt templates. Includes command-line tools for generation (hypogenic_generation) and testing (hypogenic_inference). Research applications have demonstrated 14.19% accuracy improvement in AI-content detection and 7.44% in deception detection. Use cases: deception detection in reviews, AI-generated content identification, mental stress detection, exploratory research without existing literature, hypothesis-driven analysis in novel domains, and systematic exploration of competing explanations ### Scientific Communication & Publishing +- **Citation Management** - Comprehensive citation management for academic research. Search Google Scholar and PubMed for papers, extract accurate metadata from multiple sources (CrossRef, PubMed, arXiv), validate citations, and generate properly formatted BibTeX entries. Features include converting DOIs, PMIDs, or arXiv IDs to BibTeX, cleaning and formatting bibliography files, finding highly cited papers, checking for duplicates, and ensuring consistent citation formatting. Use cases: building bibliographies for manuscripts, verifying citation accuracy, citation deduplication, and maintaining reference databases - **Generate Image** - AI-powered image generation and editing for scientific illustrations, schematics, and visualizations using OpenRouter's image generation models. Supports multiple models including google/gemini-3-pro-image-preview (high quality, recommended default) and black-forest-labs/flux.2-pro (fast, high quality). Key features include: text-to-image generation from detailed prompts, image editing capabilities (modify existing images with natural language instructions), automatic base64 encoding/decoding, PNG output with configurable paths, and comprehensive error handling. Requires OpenRouter API key (via .env file or environment variable). Use cases: generating scientific diagrams and illustrations, creating publication-quality figures, editing existing images (changing colors, adding elements, removing backgrounds), producing schematics for papers and presentations, visualizing experimental setups, creating graphical abstracts, and generating conceptual illustrations for scientific communication +- **LaTeX Posters** - Create professional research posters in LaTeX using beamerposter, tikzposter, or baposter. Support for conference presentations, academic posters, and scientific communication with layout design, color schemes, multi-column formats, figure integration, and poster-specific best practices. Features compliance with conference size requirements (A0, A1, 36×48"), complex multi-column layouts, and integration of figures, tables, equations, and citations. Use cases: conference poster sessions, thesis defenses, symposia presentations, and research group templates +- **Market Research Reports** - Generate comprehensive market research reports (50+ pages) in the style of top consulting firms (McKinsey, BCG, Gartner). Features professional LaTeX formatting, extensive visual generation, deep integration with research-lookup for data gathering, and multi-framework strategic analysis including Porter's Five Forces, PESTLE, SWOT, TAM/SAM/SOM, and BCG Matrix. Use cases: investment decisions, strategic planning, competitive landscape analysis, market sizing, and market entry evaluation - **Paper-2-Web** - Autonomous pipeline for transforming academic papers into multiple promotional formats using the Paper2All system. Converts LaTeX or PDF papers into: (1) Paper2Web - interactive, layout-aware academic homepages with responsive design, interactive figures, and mobile support; (2) Paper2Video - professional presentation videos with slides, narration, cursor movements, and optional talking-head generation using Hallo2; (3) Paper2Poster - print-ready conference posters with custom dimensions, professional layouts, and institution branding. Supports GPT-4/GPT-4.1 models, batch processing, QR code generation, multi-language content, and quality assessment metrics. Use cases: conference materials, video abstracts, preprint enhancement, research promotion, poster sessions, and academic website creation - **Perplexity Search** - AI-powered web search using Perplexity models via LiteLLM and OpenRouter for real-time, web-grounded answers with source citations. Provides access to multiple Perplexity models: Sonar Pro (general-purpose, best cost-quality balance), Sonar Pro Search (most advanced agentic search with multi-step reasoning), Sonar (cost-effective for simple queries), Sonar Reasoning Pro (advanced step-by-step analysis), and Sonar Reasoning (basic reasoning). Key features include: single OpenRouter API key setup (no separate Perplexity account), real-time access to current information beyond training data cutoff, comprehensive query design guidance (domain-specific patterns, time constraints, source preferences), cost optimization strategies with usage monitoring, programmatic and CLI interfaces, batch processing support, and integration with other scientific skills. Installation uses uv pip for LiteLLM, with detailed setup, troubleshooting, and security documentation. Use cases: finding recent scientific publications and research, conducting literature searches across domains, verifying facts with source citations, accessing current developments in any field, comparing technologies and approaches, performing domain-specific research (biomedical, clinical, technical), supplementing PubMed searches with real-time web results, and discovering latest developments post-database indexing +- **PPTX Posters** - Create professional research posters using PowerPoint/HTML formats for researchers who prefer WYSIWYG tools over LaTeX. Features design principles, layout templates, quality checklists, and export guidance for poster sessions. Use cases: conference posters when LaTeX is not preferred, quick poster creation, and collaborative poster design +- **Scientific Schematics** - Create publication-quality scientific diagrams using Nano Banana Pro AI with smart iterative refinement. Uses Gemini 3 Pro for quality review with document-type-specific thresholds (journal: 8.5/10, conference: 8.0/10, poster: 7.0/10). Specializes in neural network architectures, system diagrams, flowcharts, biological pathways, and complex scientific visualizations. Features natural language input, automatic quality assessment, and publication-ready output. Use cases: creating figures for papers, generating workflow diagrams, visualizing experimental designs, and producing graphical abstracts +- **Scientific Slides** - Build slide decks and presentations for research talks using PowerPoint and LaTeX Beamer. Features slide structure, design templates, timing guidance, and visual validation. Emphasizes visual engagement with minimal text, research-backed content with proper citations, and story-driven narrative. Use cases: conference presentations, academic seminars, thesis defenses, grant pitches, and professional talks +- **Venue Templates** - Access comprehensive LaTeX templates, formatting requirements, and submission guidelines for major scientific publication venues (Nature, Science, PLOS, IEEE, ACM), academic conferences (NeurIPS, ICML, CVPR, CHI), research posters, and grant proposals (NSF, NIH, DOE, DARPA). Provides ready-to-use templates and detailed specifications for successful academic submissions. Use cases: manuscript preparation, conference papers, research posters, and grant proposals with venue-specific formatting ### Document Processing & Conversion - **MarkItDown** - Python utility for converting 20+ file formats to Markdown optimized for LLM processing. Converts Office documents (PDF, DOCX, PPTX, XLSX), images with OCR, audio with transcription, web content (HTML, YouTube transcripts, EPUB), and structured data (CSV, JSON, XML) while preserving document structure (headings, lists, tables, hyperlinks). Key features include: Azure Document Intelligence integration for enhanced PDF table extraction, LLM-powered image descriptions using GPT-4o, batch processing with ZIP archive support, modular installation for specific formats, streaming approach without temporary files, and plugin system for custom converters. Supports Python 3.10+. Use cases: preparing documents for RAG systems, extracting text from PDFs and Office files, transcribing audio to text, performing OCR on images and scanned documents, converting YouTube videos to searchable text, processing HTML and EPUB books, converting structured data to readable format, document analysis pipelines, and LLM training data preparation @@ -169,8 +182,17 @@ - **PyLabRobot** - Hardware-agnostic, pure Python SDK for automated and autonomous laboratories. Provides unified interface for controlling liquid handling robots (Hamilton STAR/STARlet, Opentrons OT-2, Tecan EVO), plate readers (BMG CLARIOstar), heater shakers, incubators, centrifuges, pumps, and scales. Key features include: modular resource management system for plates, tips, and containers with hierarchical deck layouts and JSON serialization; comprehensive liquid handling operations (aspirate, dispense, transfer, serial dilutions, plate replication) with automatic tip and volume tracking; backend abstraction enabling hardware-agnostic protocols that work across different robots; ChatterboxBackend for protocol simulation and testing without hardware; browser-based visualizer for real-time 3D deck state visualization; cross-platform support (Windows, macOS, Linux, Raspberry Pi); and integration capabilities for multi-device workflows combining liquid handlers, analytical equipment, and material handling devices. Use cases: automated sample preparation, high-throughput screening, serial dilution protocols, plate reading workflows, laboratory protocol development and validation, robotic liquid handling automation, and reproducible laboratory automation with state tracking and persistence ### Tool Discovery & Research Platforms +- **Get Available Resources** - Detect available computational resources and generate strategic recommendations for scientific computing tasks at the start of any computationally intensive scientific task. Automatically identifies CPU capabilities, GPU availability (NVIDIA CUDA, AMD ROCm, Apple Silicon Metal), memory constraints, and disk space. Creates JSON file with resource information and recommendations for parallel processing (joblib, multiprocessing), out-of-core computing (Dask, Zarr), GPU acceleration (PyTorch, JAX), or memory-efficient strategies. Use cases: determining optimal computational approaches before data analysis, model training, or large file operations - **ToolUniverse** - Unified ecosystem providing standardized access to 600+ scientific tools, models, datasets, and APIs across bioinformatics, cheminformatics, genomics, structural biology, and proteomics. Enables AI agents to function as research scientists through: (1) Tool Discovery - natural language, semantic, and keyword-based search for finding relevant scientific tools (Tool_Finder, Tool_Finder_LLM, Tool_Finder_Keyword); (2) Tool Execution - standardized AI-Tool Interaction Protocol for running tools with consistent interfaces; (3) Tool Composition - sequential and parallel workflow chaining for multi-step research pipelines; (4) Model Context Protocol (MCP) integration for Claude Desktop/Code. Supports drug discovery workflows (disease→targets→structures→screening→candidates), genomics analysis (expression→differential analysis→pathways), clinical genomics (variants→annotation→pathogenicity→disease associations), and cross-domain research. Use cases: accessing scientific databases (OpenTargets, PubChem, UniProt, PDB, ChEMBL, KEGG), protein structure prediction (AlphaFold), molecular docking, pathway enrichment, variant annotation, literature searches, and automated scientific workflows +### Research Methodology & Proposal Writing +- **Research Grants** - Write competitive research proposals for NSF, NIH, DOE, and DARPA. Features agency-specific formatting, review criteria understanding, budget preparation, broader impacts statements, significance narratives, innovation sections, and compliance with submission requirements. Covers project descriptions, specific aims, technical narratives, milestone plans, budget justifications, and biosketches. Use cases: federal grant applications, resubmissions with reviewer response, multi-institutional collaborations, and preliminary data sections +- **Research Lookup** - Look up current research information using Perplexity's Sonar Pro Search or Sonar Reasoning Pro models through OpenRouter. Intelligently selects models based on query complexity. Provides access to current academic literature, recent studies, technical documentation, and general research information with proper citations. Use cases: finding latest research, literature verification, gathering background research, finding citation sources, and staying current with emerging trends +- **Scholar Evaluation** - Apply the ScholarEval framework to systematically evaluate scholarly and research work. Provides structured evaluation methodology based on peer-reviewed research assessment criteria for analyzing academic papers, research proposals, literature reviews, and scholarly writing across multiple quality dimensions. Use cases: evaluating research papers for quality and rigor, assessing methodology design, scoring data analysis approaches, benchmarking research quality, and assessing publication readiness + +### Regulatory & Standards Compliance +- **ISO 13485 Certification** - Comprehensive toolkit for preparing ISO 13485:2016 certification documentation for medical device Quality Management Systems. Provides gap analysis of existing documentation, templates for all mandatory documents, compliance checklists, and step-by-step documentation creation. Covers 31 required procedures including Quality Manuals, Medical Device Files, and work instructions. Use cases: starting ISO 13485 certification process, conducting gap analysis, creating or updating QMS documentation, preparing for certification audits, transitioning from FDA QSR to QMSR, and harmonizing with EU MDR requirements + ## Scientific Thinking & Analysis ### Analysis & Methodology diff --git a/scientific-skills/iso-13485-certification/SKILL.md b/scientific-skills/iso-13485-certification/SKILL.md new file mode 100644 index 0000000..f5593bd --- /dev/null +++ b/scientific-skills/iso-13485-certification/SKILL.md @@ -0,0 +1,674 @@ +--- +name: iso-13485-certification +description: Comprehensive toolkit for preparing ISO 13485 certification documentation for medical device Quality Management Systems. Use when users need help with ISO 13485 QMS documentation, including (1) conducting gap analysis of existing documentation, (2) creating Quality Manuals, (3) developing required procedures and work instructions, (4) preparing Medical Device Files, (5) understanding ISO 13485 requirements, or (6) identifying missing documentation for medical device certification. Also use when users mention medical device regulations, QMS certification, FDA QMSR, EU MDR, or need help with quality system documentation. +--- + +# ISO 13485 Certification Documentation Assistant + +## Overview + +This skill helps medical device manufacturers prepare comprehensive documentation for ISO 13485:2016 certification. It provides tools, templates, references, and guidance to create, review, and gap-analyze all required Quality Management System (QMS) documentation. + +**What this skill provides:** +- Gap analysis of existing documentation +- Templates for all mandatory documents +- Comprehensive requirements guidance +- Step-by-step documentation creation +- Identification of missing documentation +- Compliance checklists + +**When to use this skill:** +- Starting ISO 13485 certification process +- Conducting gap analysis against ISO 13485 +- Creating or updating QMS documentation +- Preparing for certification audit +- Transitioning from FDA QSR to QMSR +- Harmonizing with EU MDR requirements + +## Core Workflow + +### 1. Assess Current State (Gap Analysis) + +**When to start here:** User has existing documentation and needs to identify gaps + +**Process:** + +1. **Collect existing documentation:** + - Ask user to provide directory of current QMS documents + - Documents can be in any format (.txt, .md, .doc, .docx, .pdf) + - Include any procedures, manuals, work instructions, forms + +2. **Run gap analysis script:** + ```bash + python scripts/gap_analyzer.py --docs-dir --output gap-report.json + ``` + +3. **Review results:** + - Identify which of the 31 required procedures are present + - Identify missing key documents (Quality Manual, MDF, etc.) + - Calculate compliance percentage + - Prioritize missing documentation + +4. **Present findings to user:** + - Summarize what exists + - Clearly list what's missing + - Provide prioritized action plan + - Estimate effort required + +**Output:** Comprehensive gap analysis report with prioritized action items + +### 2. Understand Requirements (Reference Consultation) + +**When to use:** User needs to understand specific ISO 13485 requirements + +**Available references:** +- `references/iso-13485-requirements.md` - Complete clause-by-clause breakdown +- `references/mandatory-documents.md` - All 31 required procedures explained +- `references/gap-analysis-checklist.md` - Detailed compliance checklist +- `references/quality-manual-guide.md` - How to create Quality Manual + +**How to use:** + +1. **For specific clause questions:** + - Read relevant section from `iso-13485-requirements.md` + - Explain requirements in plain language + - Provide practical examples + +2. **For document requirements:** + - Consult `mandatory-documents.md` + - Explain what must be documented + - Clarify when documents are applicable vs. excludable + +3. **For implementation guidance:** + - Use `quality-manual-guide.md` for policy-level documents + - Provide step-by-step creation process + - Show examples of good vs. poor implementation + +**Key reference sections to know:** + +- **Clause 4:** QMS requirements, documentation, risk management, software validation +- **Clause 5:** Management responsibility, quality policy, objectives, management review +- **Clause 6:** Resources, competence, training, infrastructure +- **Clause 7:** Product realization, design, purchasing, production, traceability +- **Clause 8:** Measurement, audits, CAPA, complaints, data analysis + +### 3. Create Documentation (Template-Based Generation) + +**When to use:** User needs to create specific QMS documents + +**Available templates:** +- Quality Manual: `assets/templates/quality-manual-template.md` +- CAPA Procedure: `assets/templates/procedures/CAPA-procedure-template.md` +- Document Control: `assets/templates/procedures/document-control-procedure-template.md` + +**Process for document creation:** + +1. **Identify what needs to be created:** + - Based on gap analysis or user request + - Prioritize critical documents first (Quality Manual, CAPA, Complaints, Audits) + +2. **Select appropriate template:** + - Use Quality Manual template for QM + - Use procedure templates as examples for SOPs + - Adapt structure to organization's needs + +3. **Customize template with user-specific information:** + - Replace all placeholder text: [COMPANY NAME], [DATE], [NAME], etc. + - Tailor scope to user's actual operations + - Add or remove sections based on applicability + - Ensure consistency with organization's processes + +4. **Key customization areas:** + - Company information and addresses + - Product types and classifications + - Applicable regulatory requirements + - Organization structure and responsibilities + - Actual processes and procedures + - Document numbering schemes + - Exclusions and justifications + +5. **Validate completeness:** + - All required sections present + - All placeholders replaced + - Cross-references correct + - Approval sections complete + +**Document creation priority order:** + +**Phase 1 - Foundation (Critical):** +1. Quality Manual +2. Quality Policy and Objectives +3. Document Control procedure +4. Record Control procedure + +**Phase 2 - Core Processes (High Priority):** +5. Corrective and Preventive Action (CAPA) +6. Complaint Handling +7. Internal Audit +8. Management Review +9. Risk Management + +**Phase 3 - Product Realization (High Priority):** +10. Design and Development (if applicable) +11. Purchasing +12. Production and Service Provision +13. Control of Nonconforming Product + +**Phase 4 - Supporting Processes (Medium Priority):** +14. Training and Competence +15. Calibration/Control of M&M Equipment +16. Process Validation +17. Product Identification and Traceability + +**Phase 5 - Additional Requirements (Medium Priority):** +18. Feedback and Post-Market Surveillance +19. Regulatory Reporting +20. Customer Communication +21. Data Analysis + +**Phase 6 - Specialized (If Applicable):** +22. Installation (if applicable) +23. Servicing (if applicable) +24. Sterilization (if applicable) +25. Contamination Control (if applicable) + +### 4. Develop Specific Documents + +#### Creating a Quality Manual + +**Process:** + +1. **Read the comprehensive guide:** + - Read `references/quality-manual-guide.md` in full + - Understand structure and required content + - Review examples provided + +2. **Gather organization information:** + - Legal company name and addresses + - Product types and classifications + - Organizational structure + - Applicable regulations + - Scope of operations + - Any exclusions needed + +3. **Use template:** + - Start with `assets/templates/quality-manual-template.md` + - Follow structure exactly (required by ISO 13485) + - Replace all placeholders + +4. **Complete required sections:** + - **Section 0:** Document control, approvals + - **Section 1:** Introduction, company overview + - **Section 2:** Scope and exclusions (critical - must justify exclusions) + - **Section 3:** Quality Policy (must be signed by top management) + - **Sections 4-8:** Address each ISO 13485 clause at policy level + - **Appendices:** Procedure list, org chart, process map, definitions + +5. **Key requirements:** + - Must reference all 31 documented procedures (Appendix A) + - Must describe process interactions (Appendix C - create process map) + - Must define documentation structure (Section 4.2) + - Must justify any exclusions (Section 2.4) + +6. **Validation checklist:** + - [ ] All required content per ISO 13485 Clause 4.2.2 + - [ ] Quality Policy signed by top management + - [ ] All exclusions justified + - [ ] All procedures listed in Appendix A + - [ ] Process map included + - [ ] Organization chart included + +#### Creating Procedures (SOPs) + +**General approach for all procedures:** + +1. **Understand the requirement:** + - Read relevant clause in `references/iso-13485-requirements.md` + - Understand WHAT must be documented + - Identify WHO, WHEN, WHERE for your organization + +2. **Use template structure:** + - Follow CAPA or Document Control templates as examples + - Standard sections: Purpose, Scope, Definitions, Responsibilities, Procedure, Records, References + - Keep procedures clear and actionable + +3. **Define responsibilities clearly:** + - Identify specific roles (not names) + - Define responsibilities for each role + - Ensure coverage of all required activities + +4. **Document the "what" not excessive "how":** + - Procedures should define WHAT must be done + - Detailed HOW-TO goes in Work Instructions (Tier 3) + - Strike balance between guidance and flexibility + +5. **Include required elements:** + - All elements specified in ISO 13485 clause + - Records that must be maintained + - Responsibilities for each activity + - References to related documents + +**Example: Creating CAPA Procedure** + +1. Read ISO 13485 Clauses 8.5.2 and 8.5.3 from references +2. Use `assets/templates/procedures/CAPA-procedure-template.md` +3. Customize: + - CAPA prioritization criteria for your organization + - Root cause analysis methods you'll use + - Approval authorities and responsibilities + - Timeframes based on your operations + - Integration with complaint handling, audits, etc. +4. Add forms as attachments: + - CAPA Request Form + - Root Cause Analysis Worksheet + - Action Plan Template + - Effectiveness Verification Checklist + +#### Creating Medical Device Files (MDF) + +**What is an MDF:** +- File for each medical device type or family +- Replaces separate DHF, DMR, DHR (per FDA QMSR harmonization) +- Contains all documentation about the device + +**Required contents per ISO 13485 Clause 4.2.3:** + +1. General description and intended use +2. Label and instructions for use specifications +3. Product specifications +4. Manufacturing specifications +5. Procedures for purchasing, manufacturing, servicing +6. Procedures for measuring and monitoring +7. Installation requirements (if applicable) +8. Risk management file(s) +9. Verification and validation information +10. Design and development file(s) (when applicable) + +**Process:** + +1. Identify each device type or family +2. Create MDF structure (folder or binder) +3. Collect or create each required element +4. Ensure traceability between documents +5. Maintain as living document (update with changes) + +### 5. Conduct Comprehensive Gap Analysis + +**When to use:** User wants detailed assessment of all requirements + +**Process:** + +1. **Use comprehensive checklist:** + - Open `references/gap-analysis-checklist.md` + - Work through clause by clause + - Mark status for each requirement: Compliant, Partial, Non-compliant, N/A + +2. **For each clause:** + - Read requirement description + - Identify existing evidence + - Note gaps or deficiencies + - Define action required + - Assign responsibility and target date + +3. **Summarize by clause:** + - Calculate compliance percentage per clause + - Identify highest-risk gaps + - Prioritize actions + +4. **Create action plan:** + - List all gaps + - Prioritize: Critical > High > Medium > Low + - Assign owners and dates + - Estimate resources needed + +5. **Output:** + - Completed gap analysis checklist + - Summary report with compliance percentages + - Prioritized action plan + - Timeline and milestones + +## Common Scenarios + +### Scenario 1: Starting from Scratch + +**User request:** "We're a medical device startup and need to implement ISO 13485. Where do we start?" + +**Approach:** + +1. **Explain the journey:** + - ISO 13485 requires comprehensive QMS documentation + - Typically 6-12 months for full implementation + - Can be done incrementally + +2. **Start with foundation:** + - Quality Policy and Objectives + - Quality Manual + - Organization structure and responsibilities + +3. **Follow the priority order:** + - Use Phase 1-6 priority list above + - Create documents in logical sequence + - Build on previously created documents + +4. **Key milestones:** + - Month 1-2: Foundation documents (Quality Manual, policies) + - Month 3-4: Core processes (CAPA, Complaints, Audits) + - Month 5-6: Product realization processes + - Month 7-8: Supporting processes + - Month 9-10: Internal audits and refinement + - Month 11-12: Management review and certification audit + +### Scenario 2: Gap Analysis for Existing QMS + +**User request:** "We have some procedures but don't know what we're missing for ISO 13485." + +**Approach:** + +1. **Run automated gap analysis:** + - Ask for document directory + - Run `scripts/gap_analyzer.py` + - Review automated findings + +2. **Conduct detailed assessment:** + - Use comprehensive checklist for user's specific situation + - Go deeper than automated analysis + - Assess quality of existing documents, not just presence + +3. **Provide prioritized gap list:** + - Missing mandatory procedures + - Incomplete procedures + - Quality issues with existing documents + - Missing records or forms + +4. **Create remediation plan:** + - High priority: Safety-related, regulatory-required + - Medium priority: Core QMS processes + - Low priority: Improvement opportunities + +### Scenario 3: Creating Specific Document + +**User request:** "Help me create a CAPA procedure." + +**Approach:** + +1. **Explain requirements:** + - Read ISO 13485 Clauses 8.5.2 and 8.5.3 from references + - Explain what must be in CAPA procedure + - Provide examples of good CAPA processes + +2. **Use template:** + - Start with CAPA procedure template + - Explain each section's purpose + - Show what needs customization + +3. **Gather user-specific info:** + - How are CAPAs initiated in their organization? + - Who are the responsible parties? + - What prioritization criteria make sense? + - What RCA methods will they use? + - What are appropriate timeframes? + +4. **Create customized procedure:** + - Replace all placeholders + - Adapt to user's processes + - Ensure completeness + +5. **Add supporting materials:** + - CAPA request form + - RCA worksheets + - Action plan template + - Effectiveness verification checklist + +### Scenario 4: Updating for Regulatory Changes + +**User request:** "We need to update our QMS for FDA QMSR harmonization." + +**Approach:** + +1. **Explain changes:** + - FDA 21 CFR Part 820 harmonized with ISO 13485 + - Now called QMSR (effective Feb 2, 2026) + - Key change: Medical Device File replaces DHF/DMR/DHR + +2. **Review current documentation:** + - Identify documents referencing QSR + - Find separate DHF, DMR, DHR structures + - Check for ISO 13485 compliance gaps + +3. **Update strategy:** + - Update references from QSR to QMSR + - Consolidate DHF/DMR/DHR into Medical Device Files + - Add any missing ISO 13485 requirements + - Maintain backward compatibility during transition + +4. **Create transition plan:** + - Update Quality Manual + - Update MDF procedure + - Reorganize device history files + - Train personnel on changes + +### Scenario 5: Preparing for Certification Audit + +**User request:** "We have our documentation ready. How do we prepare for the certification audit?" + +**Approach:** + +1. **Conduct readiness assessment:** + - Use comprehensive gap analysis checklist + - Review all documentation for completeness + - Verify records exist for all required items + - Check for consistent implementation + +2. **Pre-audit checklist:** + - [ ] All 31 procedures documented and approved + - [ ] Quality Manual complete with all required content + - [ ] Medical Device Files complete for all products + - [ ] Internal audit completed with findings addressed + - [ ] Management review completed + - [ ] Personnel trained on QMS procedures + - [ ] Records maintained per retention requirements + - [ ] CAPA system functional with effectiveness demonstrated + - [ ] Complaints system operational + +3. **Conduct mock audit:** + - Use ISO 13485 requirements as audit criteria + - Sample records to verify consistent implementation + - Interview personnel to verify understanding + - Identify any non-conformances + +4. **Address findings:** + - Correct any deficiencies + - Document corrections + - Verify effectiveness + +5. **Final preparation:** + - Brief management and staff + - Prepare audit schedule + - Organize evidence and records + - Designate escorts and support personnel + +## Best Practices + +### Document Development + +1. **Start at policy level, then add detail:** + - Quality Manual = policy level + - Procedures = what, who, when + - Work Instructions = detailed how-to + - Forms = data collection + +2. **Maintain consistency:** + - Use same terminology throughout + - Cross-reference related documents + - Keep numbering scheme consistent + - Update all related documents together + +3. **Write for your audience:** + - Clear, simple language + - Avoid jargon + - Define technical terms + - Provide examples where helpful + +4. **Make procedures usable:** + - Action-oriented language + - Logical flow + - Clear responsibilities + - Realistic timeframes + +### Exclusions + +**When you can exclude:** +- Design and development (if contract manufacturer only) +- Installation (if product requires no installation) +- Servicing (if not offered) +- Sterilization (if non-sterile product) + +**Justification requirements:** +- Must be in Quality Manual +- Must explain why excluded +- Cannot exclude if process performed +- Cannot affect ability to provide safe, effective devices + +**Example good justification:** +> "Clause 7.3 Design and Development is excluded. ABC Company operates as a contract manufacturer and produces medical devices according to complete design specifications provided by customers. All design activities are performed by the customer and ABC Company has no responsibility for design inputs, outputs, verification, validation, or design changes." + +**Example poor justification:** +> "We don't do design." (Too brief, doesn't explain why or demonstrate no impact) + +### Common Mistakes to Avoid + +1. **Copying ISO 13485 text verbatim** + - Write in your own words + - Describe YOUR processes + - Make it actionable for your organization + +2. **Making procedures too detailed** + - Procedures should be stable + - Excessive detail belongs in work instructions + - Balance guidance with flexibility + +3. **Creating documents in isolation** + - Ensure consistency across QMS + - Cross-reference related documents + - Build on previously created documents + +4. **Forgetting records** + - Every procedure should specify records + - Define retention requirements + - Ensure records actually maintained + +5. **Inadequate approval** + - Quality Manual must be signed by top management + - All procedures must be properly approved + - Train staff before documents become effective + +## Resources + +### scripts/ +- `gap_analyzer.py` - Automated tool to analyze existing documentation and identify gaps against ISO 13485 requirements + +### references/ +- `iso-13485-requirements.md` - Complete breakdown of ISO 13485:2016 requirements clause by clause +- `mandatory-documents.md` - Detailed list of all 31 required procedures plus other mandatory documents +- `gap-analysis-checklist.md` - Comprehensive checklist for detailed gap assessment +- `quality-manual-guide.md` - Step-by-step guide for creating a compliant Quality Manual + +### assets/templates/ +- `quality-manual-template.md` - Complete template for Quality Manual with all required sections +- `procedures/CAPA-procedure-template.md` - Example CAPA procedure following best practices +- `procedures/document-control-procedure-template.md` - Example document control procedure + +## Quick Reference + +### The 31 Required Documented Procedures + +1. Risk Management (4.1.5) +2. Software Validation (4.1.6) +3. Control of Documents (4.2.4) +4. Control of Records (4.2.5) +5. Internal Communication (5.5.3) +6. Management Review (5.6.1) +7. Human Resources/Competence (6.2) +8. Infrastructure Maintenance (6.3) - when applicable +9. Contamination Control (6.4.2) - when applicable +10. Customer Communication (7.2.3) +11. Design and Development (7.3.1-10) - when applicable +12. Purchasing (7.4.1) +13. Verification of Purchased Product (7.4.3) +14. Production Control (7.5.1) +15. Product Cleanliness (7.5.2) - when applicable +16. Installation (7.5.3) - when applicable +17. Servicing (7.5.4) - when applicable +18. Process Validation (7.5.6) - when applicable +19. Sterilization Validation (7.5.7) - when applicable +20. Product Identification (7.5.8) +21. Traceability (7.5.9) +22. Customer Property (7.5.10) - when applicable +23. Preservation of Product (7.5.11) +24. Control of M&M Equipment (7.6) +25. Feedback (8.2.1) +26. Complaint Handling (8.2.2) +27. Regulatory Reporting (8.2.3) +28. Internal Audit (8.2.4) +29. Process Monitoring (8.2.5) +30. Product Monitoring (8.2.6) +31. Control of Nonconforming Product (8.3) +32. Corrective Action (8.5.2) +33. Preventive Action (8.5.3) + +*(Note: Traditional count is "31 procedures" though list shows more because some are conditional)* + +### Key Regulatory Requirements + +**FDA (United States):** +- 21 CFR Part 820 (now QMSR) - harmonized with ISO 13485 as of Feb 2026 +- Device classification determines requirements +- Establishment registration and device listing required + +**EU (European Union):** +- MDR 2017/745 (Medical Devices Regulation) +- IVDR 2017/746 (In Vitro Diagnostic Regulation) +- Technical documentation requirements +- CE marking requirements + +**Canada:** +- Canadian Medical Devices Regulations (SOR/98-282) +- Device classification system +- Medical Device Establishment License (MDEL) + +**Other Regions:** +- Australia TGA, Japan PMDA, China NMPA, etc. +- Often require or recognize ISO 13485 certification + +### Document Retention + +**Minimum retention:** Lifetime of medical device as defined by organization + +**Typical retention periods:** +- Design documents: Life of device + 5-10 years +- Manufacturing records: Life of device +- Complaint records: Life of device + 5-10 years +- CAPA records: 5-10 years minimum +- Calibration records: Retention period of equipment + 1 calibration cycle + +**Always comply with applicable regulatory requirements which may specify longer periods.** + +--- + +## Getting Started + +**First-time users should:** + +1. Read `references/iso-13485-requirements.md` to understand the standard +2. If you have existing documentation, run gap analysis script +3. Create Quality Manual using template and guide +4. Develop procedures in priority order +5. Use comprehensive checklist for final validation + +**For specific tasks:** +- Creating Quality Manual → See Section 4 and use quality-manual-guide.md +- Creating CAPA procedure → See Section 4 and use CAPA template +- Gap analysis → See Section 1 and 5 +- Understanding requirements → See Section 2 + +**Need help?** Start by describing your situation: what stage you're at, what you have, and what you need to create. diff --git a/scientific-skills/iso-13485-certification/assets/templates/procedures/CAPA-procedure-template.md b/scientific-skills/iso-13485-certification/assets/templates/procedures/CAPA-procedure-template.md new file mode 100644 index 0000000..af44a77 --- /dev/null +++ b/scientific-skills/iso-13485-certification/assets/templates/procedures/CAPA-procedure-template.md @@ -0,0 +1,453 @@ +# Corrective and Preventive Action (CAPA) Procedure Template + +**Document Number:** SOP-8.5-001 +**Title:** Corrective and Preventive Action (CAPA) +**Revision:** 00 +**Effective Date:** [DATE] +**Page:** 1 of [X] + +--- + +## DOCUMENT CONTROL + +### Approval Signatures + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| Author | [NAME] | | [DATE] | +| Reviewer | [NAME] | | [DATE] | +| Approver (Quality Manager) | [NAME] | | [DATE] | + +### Revision History + +| Revision | Date | Description of Changes | Approved By | +|----------|------|------------------------|-------------| +| 00 | [DATE] | Initial release | [NAME] | +| | | | | + +--- + +## TABLE OF CONTENTS + +1. [Purpose](#1-purpose) +2. [Scope](#2-scope) +3. [Definitions](#3-definitions) +4. [Responsibilities](#4-responsibilities) +5. [Procedure](#5-procedure) + - 5.1 [Corrective Action Process](#51-corrective-action-process) + - 5.2 [Preventive Action Process](#52-preventive-action-process) + - 5.3 [CAPA Prioritization](#53-capa-prioritization) + - 5.4 [Investigation and Root Cause Analysis](#54-investigation-and-root-cause-analysis) + - 5.5 [Action Planning and Implementation](#55-action-planning-and-implementation) + - 5.6 [Effectiveness Review](#56-effectiveness-review) + - 5.7 [CAPA Closure](#57-capa-closure) +6. [Records](#6-records) +7. [References](#7-references) +8. [Attachments](#8-attachments) + +--- + +## 1. PURPOSE + +This procedure establishes requirements for: + +- Corrective action to eliminate causes of nonconformities and prevent recurrence +- Preventive action to eliminate causes of potential nonconformities and prevent occurrence +- Systematic investigation and analysis of problems and risks +- Implementation and verification of effective actions +- Continuous improvement of the Quality Management System + +This procedure ensures compliance with ISO 13485:2016 Clauses 8.5.2 (Corrective Action) and 8.5.3 (Preventive Action). + +--- + +## 2. SCOPE + +This procedure applies to: + +- All nonconformities identified through any means (internal audits, customer complaints, process monitoring, product inspection, etc.) +- Potential nonconformities identified through risk analysis, trend analysis, and proactive reviews +- All products, processes, and QMS elements +- All departments and personnel within [COMPANY NAME] + +--- + +## 3. DEFINITIONS + +| Term | Definition | +|------|------------| +| **CAPA** | Corrective and Preventive Action | +| **Corrective Action** | Action to eliminate the cause of a detected nonconformity or other undesirable situation to prevent recurrence | +| **Preventive Action** | Action to eliminate the cause of a potential nonconformity or other potential undesirable situation to prevent occurrence | +| **Nonconformity** | Non-fulfillment of a requirement | +| **Root Cause** | The fundamental reason for the occurrence of a problem | +| **Root Cause Analysis (RCA)** | Systematic process to identify the root cause of a problem | +| **Effectiveness Check** | Verification that implemented actions have achieved the intended result | +| **5 Whys** | Iterative questioning technique used to explore cause-and-effect relationships | +| **Fishbone Diagram** | Visual tool for categorizing potential causes of a problem (also called Ishikawa diagram) | + +--- + +## 4. RESPONSIBILITIES + +### 4.1 Quality Manager +- Overall responsibility for CAPA system +- Reviews all CAPAs for adequacy +- Approves CAPA closures +- Reports CAPA metrics in management review +- Ensures resources are available for CAPA activities + +### 4.2 CAPA Coordinator +- Manages CAPA database/system +- Assigns CAPA numbers +- Tracks CAPA status and due dates +- Sends reminders for overdue actions +- Generates CAPA metrics and reports +- Maintains CAPA records + +### 4.3 CAPA Owner (Assigned Personnel) +- Leads investigation and root cause analysis +- Develops action plan +- Implements corrective/preventive actions +- Coordinates with affected departments +- Documents all CAPA activities +- Performs effectiveness checks +- Requests CAPA closure when complete + +### 4.4 Department Managers +- Provide resources and support for CAPA activities +- Participate in investigations within their areas +- Implement actions within their departments +- Verify implementation of actions + +### 4.5 All Personnel +- Report nonconformities and improvement opportunities +- Participate in CAPA investigations as requested +- Implement actions assigned to them +- Support CAPA effectiveness + +--- + +## 5. PROCEDURE + +### 5.1 Corrective Action Process + +Corrective actions are initiated in response to identified nonconformities from sources including: + +**Sources of Nonconformities:** +- Customer complaints (per SOP-[NUMBER]) +- Internal nonconforming product (per SOP-[NUMBER]) +- Internal audit findings (per SOP-[NUMBER]) +- Process monitoring out-of-specification results +- Product inspection failures +- Supplier nonconformances +- Regulatory inspections or observations +- Management review action items +- Risk management outputs +- Returned or rejected product + +**5.1.1 CAPA Initiation** + +1. When a nonconformity is identified, the individual discovering it: + - Completes a CAPA Request Form (Attachment A) or enters information into CAPA system + - Describes the nonconformity clearly and completely + - Attaches supporting documentation (NCRs, complaints, audit findings, etc.) + - Submits to Quality department + +2. CAPA Coordinator: + - Receives CAPA request + - Assigns unique CAPA number: CAPA-[YEAR]-[###] + - Logs CAPA in tracking system + - Routes to Quality Manager for review + +3. Quality Manager: + - Reviews CAPA request for completeness and clarity + - Determines if corrective action is warranted + - Assigns priority (see Section 5.3) + - Assigns CAPA Owner + - Sets due date based on priority + - Approves initiation of CAPA investigation + +### 5.2 Preventive Action Process + +Preventive actions are initiated proactively to address potential problems before they occur. + +**Sources of Preventive Action:** +- Trend analysis of complaints, NCRs, or other data +- Risk management activities (per SOP-[NUMBER]) +- Process capability studies +- Near-miss events +- Lessons learned from other organizations or devices +- Changes in regulations or standards +- Proactive process improvements +- Management review outputs +- Employee suggestions + +**5.2.1 Preventive Action Initiation** + +Process is similar to corrective action (Section 5.1.1), but: +- Describes potential nonconformity and its possible consequences +- Includes data or rationale supporting the need for preventive action +- May have different prioritization based on risk of occurrence + +### 5.3 CAPA Prioritization + +All CAPAs are prioritized based on: +- Severity of impact (safety, regulatory, customer impact) +- Frequency or likelihood of occurrence +- Detectability before reaching customer + +**Priority Levels:** + +| Priority | Criteria | Due Date for Completion | +|----------|----------|-------------------------| +| **Critical** | Safety issue, regulatory requirement, major customer impact, Class I recall potential | [X] days | +| **High** | Significant quality impact, repeat issue, moderate customer impact, regulatory reporting | [X] days | +| **Medium** | Moderate impact, isolated occurrence, minor customer impact | [X] days | +| **Low** | Minor impact, isolated occurrence, no customer impact, improvement opportunity | [X] days | + +Priority is determined by Quality Manager in consultation with CAPA Owner and affected department managers. + +### 5.4 Investigation and Root Cause Analysis + +**5.4.1 Investigation Planning** + +CAPA Owner develops investigation plan including: +- Scope of investigation +- Team members needed (if applicable) +- Data to be collected +- Analysis methods to be used +- Timeline + +**5.4.2 Data Collection** + +Collect relevant data: +- Review related records (batch records, inspection records, training records, etc.) +- Interview personnel involved +- Review similar past occurrences +- Examine physical evidence (product samples, equipment, etc.) +- Review applicable procedures and work instructions +- Analyze trend data if available + +**5.4.3 Root Cause Analysis** + +Use appropriate RCA tools based on complexity: + +**For Simple Issues:** +- 5 Whys technique +- Cause and effect analysis + +**For Complex Issues:** +- Fishbone (Ishikawa) diagram +- Fault tree analysis +- Failure mode and effects analysis (FMEA) +- Statistical analysis + +**RCA Requirements:** +- Dig beyond superficial causes to find root cause +- Distinguish between symptoms and causes +- Consider multiple contributing factors +- Ask "why" repeatedly until fundamental cause identified +- Consider human factors, procedural inadequacies, system weaknesses +- Document analysis process and findings + +**5.4.4 Root Cause Documentation** + +Document in CAPA record: +- Summary of investigation findings +- Root cause(s) identified +- Supporting data and analysis +- RCA tool(s) used +- Team members involved +- Date investigation completed + +Quality Manager reviews and approves root cause determination. + +### 5.5 Action Planning and Implementation + +**5.5.1 Action Planning** + +Based on root cause, CAPA Owner develops action plan: + +**Actions must be:** +- **Effective:** Address root cause, not just symptoms +- **Achievable:** Realistic with available resources +- **Measurable:** Include objective success criteria +- **Timely:** Include target completion dates +- **Risk-appropriate:** Commensurate with severity and likelihood + +**Action Plan includes:** +- Specific actions to be taken +- Responsible person for each action +- Target completion date for each action +- Resources required +- Expected outcome/success criteria +- How effectiveness will be measured + +**5.5.2 Types of Actions** + +Actions may include: +- Procedure revisions or clarifications +- Training or retraining +- Equipment repair, replacement, or modification +- Process changes or improvements +- Design changes (when applicable) +- Supplier corrective action requests +- Increased inspection or monitoring +- Software updates or validation +- Physical facility changes +- Organizational changes + +**5.5.3 Action Approval** + +- CAPA Owner submits action plan to Quality Manager +- Quality Manager reviews for adequacy and appropriateness +- Department Managers review actions affecting their areas +- Quality Manager approves action plan +- Actions assigned to responsible parties with due dates + +**5.5.4 Implementation** + +- Responsible parties implement assigned actions +- Implementation is documented (procedure revisions, training records, etc.) +- CAPA Owner tracks implementation progress +- CAPA Coordinator sends reminders for overdue actions +- Interim updates provided for long-duration CAPAs + +**5.5.5 Documentation of Implementation** + +For each action, document: +- Date implemented +- Evidence of implementation (updated procedures, training records, work orders, etc.) +- Any deviations from planned actions and justification +- Responsible person confirmation + +### 5.6 Effectiveness Review + +**5.6.1 Timing of Effectiveness Check** + +Effectiveness is verified after: +- Sufficient time has passed to observe results +- Minimum: [X days/weeks] after implementation +- Extended period for process or trend verification: [X months] +- Timing based on priority and nature of issue + +**5.6.2 Effectiveness Verification Methods** + +Methods appropriate to the CAPA may include: +- Review of process or product data for improved performance +- Inspection or test results showing improvement +- Absence of recurrence over defined period +- Customer feedback or complaint trends +- Internal audit verification +- Process capability analysis +- Statistical analysis of relevant metrics +- Re-audit of corrective action area +- Follow-up inspection or testing + +**5.6.3 Effectiveness Determination** + +CAPA Owner: +- Collects effectiveness data using planned method +- Analyzes data to determine if actions achieved intended result +- Documents findings in CAPA record +- Recommends effectiveness status: + - **Effective:** Actions achieved intended result, no recurrence + - **Not Effective:** Actions did not achieve intended result, recurrence observed + - **Additional Data Needed:** Insufficient time or data to determine effectiveness + +**5.6.4 Ineffective Actions** + +If actions determined not effective: +- CAPA remains open +- Re-investigation performed +- Alternative actions developed +- Cycle repeats until effectiveness achieved + +### 5.7 CAPA Closure + +**5.7.1 Closure Criteria** + +CAPA may be closed when: +- All planned actions implemented and verified +- Effectiveness check completed and actions determined effective +- All documentation complete +- No recurrence of issue during effectiveness period + +**5.7.2 Closure Process** + +1. CAPA Owner: + - Verifies all closure criteria met + - Completes final CAPA summary + - Submits closure request to Quality Manager + +2. Quality Manager: + - Reviews entire CAPA record for completeness + - Verifies effectiveness evidence + - Approves closure or requests additional information + - Signs and dates CAPA closure + +3. CAPA Coordinator: + - Updates CAPA status to "Closed" + - Files CAPA record per retention requirements + - Updates metrics and reports + +**5.7.3 CAPA Extension** + +If additional time needed: +- CAPA Owner submits extension request with justification +- Quality Manager reviews and approves/denies extension +- New due date established +- Extension documented in CAPA record + +--- + +## 6. RECORDS + +Records generated and maintained per this procedure: + +| Record | Retention Period | Location | Responsible Party | +|--------|------------------|----------|-------------------| +| CAPA Request Forms | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| CAPA Investigation Records | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| Root Cause Analysis Documentation | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| Action Plans | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| Implementation Evidence | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| Effectiveness Verification Records | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| CAPA Closure Approvals | [X years or device lifetime] | [LOCATION/SYSTEM] | CAPA Coordinator | +| CAPA Metrics and Trend Reports | [X years] | [LOCATION] | Quality Manager | + +--- + +## 7. REFERENCES + +- ISO 13485:2016, Clause 8.5.2 - Corrective Action +- ISO 13485:2016, Clause 8.5.3 - Preventive Action +- Quality Manual, Section 8.5 +- SOP-[NUMBER] - Control of Nonconforming Product +- SOP-[NUMBER] - Complaint Handling +- SOP-[NUMBER] - Internal Audit +- SOP-[NUMBER] - Risk Management +- SOP-[NUMBER] - Analysis of Data + +--- + +## 8. ATTACHMENTS + +**Attachment A:** CAPA Request Form +**Attachment B:** Root Cause Analysis Worksheet +**Attachment C:** CAPA Action Plan Template +**Attachment D:** Effectiveness Verification Checklist +**Attachment E:** 5 Whys Worksheet +**Attachment F:** Fishbone Diagram Template +**Attachment G:** CAPA Flowchart + +--- + +**END OF PROCEDURE** + +--- + +**Document Number:** SOP-8.5-001 +**Revision:** 00 +**Page:** [X] of [X] diff --git a/scientific-skills/iso-13485-certification/assets/templates/procedures/document-control-procedure-template.md b/scientific-skills/iso-13485-certification/assets/templates/procedures/document-control-procedure-template.md new file mode 100644 index 0000000..6794024 --- /dev/null +++ b/scientific-skills/iso-13485-certification/assets/templates/procedures/document-control-procedure-template.md @@ -0,0 +1,567 @@ +# Document Control Procedure Template + +**Document Number:** SOP-4.2.4-001 +**Title:** Control of Documents +**Revision:** 00 +**Effective Date:** [DATE] +**Page:** 1 of [X] + +--- + +## DOCUMENT CONTROL + +### Approval Signatures + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| Author | [NAME] | | [DATE] | +| Reviewer | [NAME] | | [DATE] | +| Approver (Quality Manager) | [NAME] | | [DATE] | + +### Revision History + +| Revision | Date | Description of Changes | Approved By | +|----------|------|------------------------|-------------| +| 00 | [DATE] | Initial release | [NAME] | +| | | | | + +--- + +## TABLE OF CONTENTS + +1. [Purpose](#1-purpose) +2. [Scope](#2-scope) +3. [Definitions](#3-definitions) +4. [Responsibilities](#4-responsibilities) +5. [Procedure](#5-procedure) + - 5.1 [Document Types and Hierarchy](#51-document-types-and-hierarchy) + - 5.2 [Document Numbering System](#52-document-numbering-system) + - 5.3 [Document Creation](#53-document-creation) + - 5.4 [Document Review and Approval](#54-document-review-and-approval) + - 5.5 [Document Distribution and Access](#55-document-distribution-and-access) + - 5.6 [Document Changes](#56-document-changes) + - 5.7 [Control of Obsolete Documents](#57-control-of-obsolete-documents) + - 5.8 [Control of External Documents](#58-control-of-external-documents) +6. [Records](#6-records) +7. [References](#7-references) +8. [Attachments](#8-attachments) + +--- + +## 1. PURPOSE + +This procedure establishes requirements for the control of documents within the Quality Management System to ensure: + +- Documents are approved before use +- Documents are reviewed, updated, and re-approved as necessary +- Changes and current revision status are identified +- Relevant versions of documents are available at points of use +- Documents remain legible and readily identifiable +- External documents are identified and controlled +- Obsolete documents are prevented from unintended use +- Obsolete documents are appropriately identified if retained + +This procedure ensures compliance with ISO 13485:2016 Clause 4.2.4. + +--- + +## 2. SCOPE + +This procedure applies to all controlled documents within the Quality Management System, including but not limited to: + +- Quality Manual +- Standard Operating Procedures (SOPs) +- Work Instructions (WIs) +- Forms and templates +- Medical Device Files +- Design and Development documents +- Risk management documents +- Validation and verification protocols and reports +- Specifications (product, process, test methods, materials) +- Drawings and schematics +- Labels and instructions for use +- External documents (standards, regulations, customer specifications) + +This procedure does NOT apply to: +- Records (controlled per SOP-[NUMBER] Control of Records) +- Transient documents (emails, meeting notes not part of QMS) +- Marketing and sales materials (unless affecting product quality or regulatory compliance) + +--- + +## 3. DEFINITIONS + +| Term | Definition | +|------|------------| +| **Controlled Document** | A document that is subject to review, approval, distribution control, and change management per this procedure | +| **Master Document** | The official controlled copy maintained by Document Control, from which all distributed copies originate | +| **Document Owner** | The person or department responsible for the content, accuracy, and maintenance of a document | +| **Document Control Coordinator** | Person responsible for managing the document control system | +| **Revision** | A change to a controlled document that has been approved and issued | +| **Obsolete Document** | A document that has been superseded by a newer revision or is no longer applicable | +| **External Document** | A document originating from outside the organization (standards, regulations, customer specifications, etc.) | +| **SUPERSEDED** | Watermark applied to obsolete documents retained for reference | + +--- + +## 4. RESPONSIBILITIES + +### 4.1 Document Control Coordinator +- Manages document control system +- Assigns document numbers +- Maintains master document repository +- Ensures proper document approval before release +- Distributes controlled documents +- Maintains distribution lists +- Retrieves and destroys/archives obsolete documents +- Maintains document control records +- Trains personnel on document control procedures + +### 4.2 Document Owners +- Create and maintain documents within their area +- Ensure document accuracy and completeness +- Initiate document changes when needed +- Participate in document review and approval +- Identify when documents become obsolete +- Ensure personnel in their area use current documents + +### 4.3 Quality Manager +- Approves all QMS documents (SOPs, Quality Manual) +- Reviews document changes for QMS impact +- Ensures document control system effectiveness +- Audits document control compliance + +### 4.4 Department Managers +- Approve department-specific work instructions +- Ensure current documents available in their areas +- Ensure personnel trained on document changes +- Remove obsolete documents from use areas + +### 4.5 All Personnel +- Use only current, approved documents +- Report document issues (errors, illegibility, missing documents) +- Do not use obsolete or unapproved documents +- Maintain documents in good condition + +--- + +## 5. PROCEDURE + +### 5.1 Document Types and Hierarchy + +QMS documents are organized in a four-tier hierarchy: + +**Tier 1: Quality Manual (QM)** +- Policy-level document +- Describes overall QMS +- References all Tier 2 procedures +- Approved by CEO and Quality Manager + +**Tier 2: Standard Operating Procedures (SOPs)** +- Define WHAT must be done, WHO does it, WHEN +- Cross-functional processes +- Include all 31 required documented procedures per ISO 13485 +- Approved by Quality Manager + +**Tier 3: Work Instructions (WIs)** +- Define HOW to perform specific tasks +- Step-by-step instructions +- Department or process-specific +- Approved by Department Manager and Quality Manager + +**Tier 4: Forms and Templates** +- Standardized formats for data collection +- Support SOPs and WIs +- Approved by Document Owner and Quality Manager + +**Other Controlled Documents:** +- Medical Device Files (MDFs) +- Design History Files (DHFs) +- Validation documents +- Specifications +- Drawings +- Labels and instructions for use + +### 5.2 Document Numbering System + +All controlled documents are assigned unique identification numbers: + +**Quality Manual:** +- Format: QM-[###] +- Example: QM-001 + +**Standard Operating Procedures:** +- Format: SOP-[ISO Clause]-[###] +- Example: SOP-4.2.4-001 (for Clause 4.2.4 Control of Documents) +- Example: SOP-8.5-001 (for CAPA procedure) + +**Work Instructions:** +- Format: WI-[Department Code]-[###] +- Example: WI-MFG-001 (Manufacturing department work instruction) +- Department codes: MFG (Manufacturing), QC (Quality Control), ENG (Engineering), etc. + +**Forms:** +- Format: FORM-[SOP/WI Number]-[Letter] +- Example: FORM-SOP-8.5-001-A (CAPA Request Form) + +**Medical Device Files:** +- Format: MDF-[Product Code]-[###] +- Example: MDF-ABC-001 + +**Other Documents:** +- Format varies by document type +- Assigned by Document Control Coordinator + +**Revision Designation:** +- Initial release: Revision 00 +- First revision: Revision 01 +- Subsequent revisions: 02, 03, 04, etc. +- Format: [Document Number] Rev [##] + +### 5.3 Document Creation + +**5.3.1 Initiating Document Creation** + +1. Document Owner identifies need for new document +2. Document Owner notifies Document Control Coordinator +3. Document Control Coordinator: + - Assigns document number + - Provides document template (if applicable) + - Logs document in master list as "In Development" + +**5.3.2 Document Format Requirements** + +All controlled documents must include: + +**Header (on each page):** +- Document number +- Document title +- Revision number +- Effective date +- Page number (Page X of Y) + +**Document Control Section:** +- Approval signature table +- Revision history table + +**Content Requirements:** +- Clear, concise language +- Present tense, active voice +- Consistent terminology +- Numbered sections and subsections +- References to related documents +- Records generated (if applicable) + +**5.3.3 Document Drafting** + +1. Document Owner drafts document content +2. Document Owner marks document as "DRAFT" on each page +3. Draft may be circulated for informal review and input +4. When ready for formal review, Document Owner submits to Document Control Coordinator + +### 5.4 Document Review and Approval + +**5.4.1 Review Process** + +1. Document Control Coordinator: + - Verifies document number correct + - Verifies format compliance + - Checks for required sections + - Routes for review + +2. Reviews conducted by: + - Technical reviewer (subject matter expert) + - Quality reviewer (for QMS compliance) + - Other stakeholders as appropriate + +3. Reviewers: + - Review for technical accuracy + - Review for clarity and completeness + - Review for compliance with requirements + - Provide comments to Document Owner + +4. Document Owner: + - Addresses all comments + - Revises document as needed + - Resubmits for approval + +**5.4.2 Approval Process** + +Approval authority based on document type: + +| Document Type | Approval Authority | +|---------------|-------------------| +| Quality Manual | CEO and Quality Manager | +| Standard Operating Procedures | Quality Manager | +| Work Instructions | Department Manager and Quality Manager | +| Forms | Document Owner and Quality Manager | +| Specifications | Engineering Manager and Quality Manager | +| Medical Device Files | [Per regulatory requirements] | + +**Approval Steps:** + +1. Document Control Coordinator routes document to approvers +2. Approvers review and sign/date approval section +3. All required approvals must be obtained before document becomes effective +4. Document Control Coordinator: + - Removes "DRAFT" watermark + - Adds effective date (typically [X] days after approval) + - Assigns final format + - Adds to controlled document system + - Updates master document list + +**5.4.3 Training Requirements** + +Before document becomes effective: +- Affected personnel identified +- Training conducted as needed +- Training records maintained per SOP-[NUMBER] + +### 5.5 Document Distribution and Access + +**5.5.1 Master Document** + +- Document Control Coordinator maintains master copy +- Master stored in: [ELECTRONIC SYSTEM or PHYSICAL LOCATION] +- Master clearly identified as "MASTER COPY" +- Master is reference for all distributed copies + +**5.5.2 Controlled Copies** + +**Electronic Distribution (Primary Method):** +- Documents stored in [DOCUMENT MANAGEMENT SYSTEM] +- Access controlled by user permissions +- Read-only access for most users +- Always displays current revision +- Obsolete revisions automatically removed from access +- Users may print for immediate use (uncontrolled copies) + +**Physical Distribution (When Necessary):** +- Controlled copies issued for specific locations/uses +- Each copy stamped "CONTROLLED COPY - [Copy Number]" +- Distribution list maintained showing: + - Copy number + - Document number and revision + - Holder name and location + - Date issued +- Holders responsible for maintaining copy in good condition +- When document revised, Document Control retrieves old copy and issues new copy + +**5.5.3 Uncontrolled Copies** + +- Printed for temporary, immediate use +- Stamped or marked "UNCONTROLLED COPY" +- User responsible for verifying current revision before each use +- Should be destroyed after use or within [X] days + +**5.5.4 Availability at Point of Use** + +- Current documents available where work is performed +- Electronic access at workstations +- Controlled physical copies in areas without electronic access +- Documents protected from damage, loss, deterioration + +### 5.6 Document Changes + +**5.6.1 Initiating Changes** + +Changes may be initiated by: +- Document Owner identifying need +- CAPA requiring procedure change +- Internal audit finding +- Management review action +- Regulatory or standard update +- Process improvement + +**5.6.2 Change Request Process** + +1. Requestor: + - Completes Document Change Request Form (Attachment A) + - Describes change needed and justification + - Submits to Document Owner + +2. Document Owner: + - Reviews change request + - Determines if change appropriate + - Approves or denies request + - If approved, initiates document revision + +**5.6.3 Making Changes** + +1. Document Owner: + - Requests current master from Document Control + - Creates revised version with changes + - Increments revision number + - Updates revision history table + - Identifies changes in document (change bars, highlights, or summary) + - Marks as "DRAFT REVISION" + +2. Changes reviewed and approved by: + - Same approval authority as original document + - UNLESS different approval authority designated by original approver + - Reviewers have access to previous revision for comparison + +3. Approval: + - New revision approved per Section 5.4.2 + - Previous revision becomes obsolete on effective date of new revision + +**5.6.4 Indication of Changes** + +Changes are indicated by: +- Revision history table (describes nature of changes) +- Change bars or highlights in document (optional but recommended) +- Change summary page for significant revisions (optional) + +**5.6.5 Urgent Changes** + +For urgent changes affecting safety or regulatory compliance: +- Expedited review and approval process +- May use interim method (e.g., hand-written changes with approval) +- Formal document revision completed as soon as practical +- Document per CAPA process if change due to nonconformity + +### 5.7 Control of Obsolete Documents + +**5.7.1 When Document Becomes Obsolete** + +Document becomes obsolete when: +- New revision approved and becomes effective +- Document no longer applicable to operations +- Product discontinued +- Process changed + +**5.7.2 Removal from Use** + +1. Document Control Coordinator: + - On effective date of new revision, marks superseded revision as obsolete + - Removes from electronic document system OR limits access with "OBSOLETE" notation + - Retrieves physical controlled copies from distribution locations + - Updates distribution lists + +2. Department Managers: + - Remove obsolete copies from work areas + - Return to Document Control or destroy + - Ensure personnel aware of new revision + +**5.7.3 Retention of Obsolete Documents** + +Obsolete documents may be retained for: +- Reference purposes +- Product investigations +- Regulatory or legal requirements +- Historical record + +**If retained:** +- Clearly marked "OBSOLETE - FOR REFERENCE ONLY" or "SUPERSEDED" +- Stored separately from current documents +- Access restricted and controlled +- Retained per applicable retention requirements + +**Retention Locations:** +- Electronic archive with "OBSOLETE" watermark +- Separate physical archive area + +**5.7.4 Prevention of Unintended Use** + +To prevent unintended use: +- Physical copies stamped "OBSOLETE" in red +- Electronic copies watermarked "OBSOLETE" +- Removed from active work areas +- Stored in separate archive +- Training on document control system and how to verify current revision + +### 5.8 Control of External Documents + +**5.8.1 Types of External Documents** + +External documents include: +- ISO standards +- IEC standards +- FDA regulations and guidance documents +- EU regulations (MDR, IVDR) +- Other regulatory requirements +- Customer specifications +- Supplier certifications +- Calibration certificates +- Reference materials + +**5.8.2 Identification and Control** + +1. Document Owner or requestor: + - Identifies external document needed + - Provides copy to Document Control Coordinator + +2. Document Control Coordinator: + - Assigns external document number: EXT-[Category]-[###] + - Logs in external document register including: + - Document title and number + - Source/publisher + - Date/version + - Location in organization + - Responsible person for monitoring updates + - Files in external document repository + +**5.8.3 Reviewing for Currency** + +- Document Owner responsible for monitoring updates to external documents +- Frequency: [Annually or as notified of updates] +- Check publisher website for updates +- Subscribe to update notifications when available +- When update identified: + - Obtain new version + - Provide to Document Control + - Review for impact on QMS documents + - Update QMS documents as needed (per CAPA if necessary) + - Obsolete previous version per Section 5.7 + +**5.8.4 Customer-Supplied Documents** + +- Customer specifications and drawings controlled as external documents +- Review for clarity and completeness upon receipt +- Discrepancies communicated to customer for resolution +- Controlled per this procedure to ensure current version used + +--- + +## 6. RECORDS + +Records generated and maintained per this procedure: + +| Record | Retention Period | Location | Responsible Party | +|--------|------------------|----------|-------------------| +| Master Document List | Current + [X] years | [LOCATION/SYSTEM] | Document Control Coordinator | +| Document Approval Records | [X years or device lifetime] | Document Control System | Document Control Coordinator | +| Document Revision History | [X years or device lifetime] | Document Control System | Document Control Coordinator | +| Document Change Requests | [X years] | [LOCATION] | Document Control Coordinator | +| Distribution Lists | Current + [X] years | [LOCATION] | Document Control Coordinator | +| Obsolete Document Archive | [Per retention schedule] | [LOCATION] | Document Control Coordinator | +| External Document Register | Current + [X] years | [LOCATION] | Document Control Coordinator | + +--- + +## 7. REFERENCES + +- ISO 13485:2016, Clause 4.2.4 - Control of Documents +- Quality Manual, Section 4.2.4 +- SOP-4.2.5 - Control of Records +- SOP-6.2 - Training and Competence + +--- + +## 8. ATTACHMENTS + +**Attachment A:** Document Change Request Form +**Attachment B:** Document Templates (QM, SOP, WI, Form) +**Attachment C:** Document Control Flowchart +**Attachment D:** Master Document List Template +**Attachment E:** Distribution List Template + +--- + +**END OF PROCEDURE** + +--- + +**Document Number:** SOP-4.2.4-001 +**Revision:** 00 +**Page:** [X] of [X] diff --git a/scientific-skills/iso-13485-certification/assets/templates/quality-manual-template.md b/scientific-skills/iso-13485-certification/assets/templates/quality-manual-template.md new file mode 100644 index 0000000..d882ed1 --- /dev/null +++ b/scientific-skills/iso-13485-certification/assets/templates/quality-manual-template.md @@ -0,0 +1,521 @@ +# Quality Manual Template + +# [COMPANY NAME] +## QUALITY MANUAL + +**Document Number:** QM-001 +**Revision:** 00 +**Effective Date:** [DATE] +**Page:** 1 of [X] + +--- + +## DOCUMENT CONTROL + +### Approval Signatures + +| Role | Name | Signature | Date | +|------|------|-----------|------| +| Chief Executive Officer | [NAME] | | [DATE] | +| Quality Manager | [NAME] | | [DATE] | +| Management Representative | [NAME] | | [DATE] | + +### Revision History + +| Revision | Date | Description of Changes | Approved By | +|----------|------|------------------------|-------------| +| 00 | [DATE] | Initial release | [NAME] | +| | | | | + +### Distribution List + +| Copy No. | Holder | Location | Date Issued | +|----------|--------|----------|-------------| +| 001 | Master Copy | Document Control | [DATE] | +| 002 | [NAME/DEPT] | [LOCATION] | [DATE] | +| | | | | + +--- + +## TABLE OF CONTENTS + +1. [Introduction](#1-introduction) + - 1.1 [Company Overview](#11-company-overview) + - 1.2 [Purpose of the Quality Manual](#12-purpose-of-the-quality-manual) + - 1.3 [Document Control and Revisions](#13-document-control-and-revisions) + - 1.4 [Definitions and Abbreviations](#14-definitions-and-abbreviations) + +2. [Scope and Exclusions](#2-scope-and-exclusions) + - 2.1 [Scope of QMS](#21-scope-of-qms) + - 2.2 [Products Covered](#22-products-covered) + - 2.3 [Applicable Regulatory Requirements](#23-applicable-regulatory-requirements) + - 2.4 [Exclusions and Justifications](#24-exclusions-and-justifications) + +3. [Quality Policy and Objectives](#3-quality-policy-and-objectives) + - 3.1 [Quality Policy Statement](#31-quality-policy-statement) + - 3.2 [Quality Objectives](#32-quality-objectives) + - 3.3 [Communication of Policy and Objectives](#33-communication-of-policy-and-objectives) + +4. [Quality Management System](#4-quality-management-system) + - 4.1 [General Requirements](#41-general-requirements) + - 4.2 [Documentation Requirements](#42-documentation-requirements) + +5. [Management Responsibility](#5-management-responsibility) + - 5.1 [Management Commitment](#51-management-commitment) + - 5.2 [Customer Focus](#52-customer-focus) + - 5.3 [Quality Policy](#53-quality-policy) + - 5.4 [Planning](#54-planning) + - 5.5 [Responsibility, Authority and Communication](#55-responsibility-authority-and-communication) + - 5.6 [Management Review](#56-management-review) + +6. [Resource Management](#6-resource-management) + - 6.1 [Provision of Resources](#61-provision-of-resources) + - 6.2 [Human Resources](#62-human-resources) + - 6.3 [Infrastructure](#63-infrastructure) + - 6.4 [Work Environment and Contamination Control](#64-work-environment-and-contamination-control) + +7. [Product Realization](#7-product-realization) + - 7.1 [Planning of Product Realization](#71-planning-of-product-realization) + - 7.2 [Customer-Related Processes](#72-customer-related-processes) + - 7.3 [Design and Development](#73-design-and-development) + - 7.4 [Purchasing](#74-purchasing) + - 7.5 [Production and Service Provision](#75-production-and-service-provision) + - 7.6 [Control of Monitoring and Measuring Equipment](#76-control-of-monitoring-and-measuring-equipment) + +8. [Measurement, Analysis and Improvement](#8-measurement-analysis-and-improvement) + - 8.1 [General](#81-general) + - 8.2 [Monitoring and Measurement](#82-monitoring-and-measurement) + - 8.3 [Control of Nonconforming Product](#83-control-of-nonconforming-product) + - 8.4 [Analysis of Data](#84-analysis-of-data) + - 8.5 [Improvement](#85-improvement) + +9. [Appendices](#9-appendices) + - Appendix A: [List of Documented Procedures](#appendix-a-list-of-documented-procedures) + - Appendix B: [Organization Chart](#appendix-b-organization-chart) + - Appendix C: [Process Map](#appendix-c-process-map) + - Appendix D: [Definitions and Abbreviations](#appendix-d-definitions-and-abbreviations) + - Appendix E: [Applicable Regulatory Requirements](#appendix-e-applicable-regulatory-requirements) + +--- + +## 1. INTRODUCTION + +### 1.1 Company Overview + +**Company Legal Name:** [FULL LEGAL COMPANY NAME] +**Business Address:** [STREET ADDRESS, CITY, STATE/PROVINCE, ZIP/POSTAL CODE, COUNTRY] +**Manufacturing Site(s):** [LIST ALL MANUFACTURING SITES] +**Type of Business:** [e.g., Medical Device Manufacturer, Contract Manufacturer, etc.] + +[COMPANY NAME] was [established/founded] in [YEAR] and specializes in [BRIEF DESCRIPTION OF BUSINESS FOCUS]. + +**Mission Statement:** [INSERT COMPANY MISSION STATEMENT] + +### 1.2 Purpose of the Quality Manual + +This Quality Manual documents the Quality Management System (QMS) of [COMPANY NAME]. The purpose of this manual is to: + +- Describe the QMS established and maintained in accordance with ISO 13485:2016 +- Demonstrate compliance with applicable regulatory requirements +- Serve as the primary reference document for the structure and operation of the QMS +- Provide guidance for employees, customers, regulatory authorities, and certification bodies + +This manual applies to all activities affecting the quality of medical devices designed, manufactured, distributed, and/or serviced by [COMPANY NAME]. + +### 1.3 Document Control and Revisions + +This Quality Manual is a controlled document. The Document Control Coordinator maintains the master copy and distribution list. + +- **Approval Authority:** Chief Executive Officer and Quality Manager +- **Review Frequency:** Annually, or as needed when significant changes occur +- **Revision Process:** Changes are reviewed and approved per SOP-4.2.4 Control of Documents +- **Distribution:** Controlled copies are issued to individuals listed in the Distribution List + +All recipients of controlled copies are responsible for ensuring they are using the current revision. + +### 1.4 Definitions and Abbreviations + +| Term/Abbreviation | Definition | +|-------------------|------------| +| CAPA | Corrective and Preventive Action | +| CFR | Code of Federal Regulations | +| DHF | Design History File | +| DHR | Device History Record | +| DMR | Device Master Record | +| FDA | U.S. Food and Drug Administration | +| IFU | Instructions for Use | +| ISO | International Organization for Standardization | +| MDF | Medical Device File | +| MDR | Medical Device Regulation (EU) | +| M&M Equipment | Monitoring and Measuring Equipment | +| NCR | Nonconformance Report | +| QMS | Quality Management System | +| QMSR | Quality Management System Regulation (FDA) | +| QSR | Quality System Regulation (FDA - former) | +| SOP | Standard Operating Procedure | +| WI | Work Instruction | + +--- + +## 2. SCOPE AND EXCLUSIONS + +### 2.1 Scope of QMS + +This Quality Management System applies to [COMPANY NAME] and covers all activities related to [LIST ACTIVITIES: e.g., design, development, production, storage, distribution, installation, servicing] of medical devices. + +**Organizational Scope:** +- All departments and functions at [COMPANY NAME] +- All employees, contractors, and temporary staff performing work affecting product quality + +**Physical Locations:** +- [LIST ALL FACILITIES AND ADDRESSES] + +**Activities Covered:** +- [✓ / ✗] Design and Development +- [✓ / ✗] Manufacturing and Production +- [✓ / ✗] Installation +- [✓ / ✗] Servicing +- [✓] Storage and Distribution +- [✓] Purchasing +- [✓] Customer Communication + +### 2.2 Products Covered + +This QMS covers the following medical device product families: + +| Product Family | Device Classification | Intended Use | Applicable Markets | +|----------------|----------------------|--------------|-------------------| +| [PRODUCT NAME/FAMILY] | [Class I/II/III] | [BRIEF INTENDED USE] | [FDA/EU/Other] | +| | | | | + +### 2.3 Applicable Regulatory Requirements + +The QMS is designed to comply with the following standards and regulatory requirements: + +**International Standards:** +- ISO 13485:2016 - Medical devices — Quality management systems — Requirements for regulatory purposes +- ISO 14971:[YEAR] - Medical devices — Application of risk management to medical devices +- [OTHER APPLICABLE ISO/IEC STANDARDS] + +**Regulatory Requirements:** +- **United States:** FDA 21 CFR Part 820 (QMSR) - Quality Management System Regulation +- **European Union:** EU MDR 2017/745 - Medical Devices Regulation [or IVDR 2017/746 for IVDs] +- **Canada:** Canadian Medical Devices Regulations (SOR/98-282) +- [OTHER APPLICABLE REGIONAL REQUIREMENTS] + +**Recognized Standards:** +- [LIST PRODUCT-SPECIFIC STANDARDS, e.g., IEC 60601, ISO 10993, etc.] + +### 2.4 Exclusions and Justifications + +The following clauses of ISO 13485:2016 are excluded from the scope of this QMS: + +[IF NO EXCLUSIONS:] +> There are no exclusions from ISO 13485:2016. All clauses are applicable and have been implemented. + +[IF EXCLUSIONS EXIST, USE THIS FORMAT:] + +**Clause 7.3 - Design and Development** + +**Status:** [EXCLUDED / PARTIALLY EXCLUDED / FULLY IMPLEMENTED] + +**Justification (if excluded):** +> [COMPANY NAME] [operates as a contract manufacturer and produces medical devices according to complete design specifications provided by customers / only distributes medical devices designed and manufactured by third parties / etc.]. All design and development activities are [performed by customers / performed by a separate corporate entity / not applicable to business model]. [COMPANY NAME] has no responsibility for design inputs, outputs, verification, validation, design changes, or design history files. + +**Clause 7.5.3 - Installation Activities** + +**Status:** [EXCLUDED / PARTIALLY EXCLUDED / FULLY IMPLEMENTED] + +**Justification (if excluded):** +> The medical devices manufactured by [COMPANY NAME] are [supplied ready for use and do not require installation / intended for installation by customer personnel under separate contractual arrangements]. Installation activities are [not performed / performed by authorized distributors or customers]. + +**Clause 7.5.4 - Servicing Activities** + +**Status:** [EXCLUDED / PARTIALLY EXCLUDED / FULLY IMPLEMENTED] + +**Justification (if excluded):** +> [COMPANY NAME] does not provide servicing of medical devices after delivery. Products are [intended for single use / serviced by authorized service partners under separate arrangements / serviced by customer personnel]. Post-delivery activities are limited to technical support and complaint handling. + +--- + +## 3. QUALITY POLICY AND OBJECTIVES + +### 3.1 Quality Policy Statement + +**QUALITY POLICY** + +[INSERT YOUR COMPANY-SPECIFIC QUALITY POLICY HERE. The policy should include: +- Commitment to meeting customer and regulatory requirements +- Commitment to maintaining QMS effectiveness +- Framework for quality objectives +- Signature of top management +- Date + +Example:] + +> At [COMPANY NAME], quality is our highest priority. We are committed to designing, manufacturing, and delivering medical devices that meet the highest standards of safety, performance, and reliability. +> +> Our commitments include: +> - Compliance with ISO 13485 and all applicable regulatory requirements +> - Understanding and meeting customer and patient needs +> - Establishing and achieving measurable quality objectives +> - Managing risks throughout the product lifecycle +> - Continually improving our processes and products +> - Maintaining competent and motivated personnel +> - Responding promptly and effectively to feedback and complaints +> +> This policy applies to all employees, contractors, and suppliers. This policy is reviewed annually and communicated throughout the organization. +> +> [SIGNATURE] +> [NAME], Chief Executive Officer +> [DATE] + +### 3.2 Quality Objectives + +The organization has established the following measurable quality objectives to support the Quality Policy: + +| Objective | Measurement | Target | Responsibility | Review Frequency | +|-----------|-------------|--------|----------------|------------------| +| Customer Satisfaction | Survey rating | ≥ [X] out of 5.0 | [ROLE] | Quarterly | +| Product Quality | Defect rate | < [X]% | [ROLE] | Monthly | +| On-Time Delivery | % on-time | ≥ [X]% | [ROLE] | Monthly | +| CAPA Effectiveness | % closed on time | ≥ [X]% | [ROLE] | Monthly | +| Training Completion | % complete on schedule | 100% | [ROLE] | Quarterly | +| Internal Audit Findings | Findings addressed | ≥ [X]% within 30 days | [ROLE] | After each audit | +| [OTHER OBJECTIVES] | | | | | + +Quality objectives are monitored, reported in management review, and revised as necessary to drive continual improvement. + +### 3.3 Communication of Policy and Objectives + +The Quality Policy and Quality Objectives are communicated to all personnel through: + +- Employee orientation and training +- Posting in common areas of the facility +- Inclusion in employee handbook +- Management review meetings +- Department meetings +- This Quality Manual (available to all personnel) +- [OTHER COMMUNICATION METHODS] + +All employees are made aware of the relevance and importance of their activities and how they contribute to achieving quality objectives. + +--- + +## 4. QUALITY MANAGEMENT SYSTEM + +### 4.1 General Requirements + +#### 4.1.1 QMS Establishment + +[COMPANY NAME] has established, documented, implemented, and maintains a Quality Management System in accordance with ISO 13485:2016 and applicable regulatory requirements. The QMS covers all processes necessary to ensure medical device safety, performance, and regulatory compliance. + +The QMS processes have been identified and are documented in this Quality Manual and referenced procedures. These processes include: + +**Management Processes:** +- Management commitment and review +- Quality planning +- Internal communication +- Resource management + +**Product Realization Processes:** +- [Design and development - if applicable] +- Purchasing +- Production and service provision +- Customer-related processes + +**Support Processes:** +- Document and record control +- Human resources and training +- Infrastructure and maintenance +- Software validation + +**Monitoring and Measurement Processes:** +- Customer feedback and complaints +- Internal audits +- Process and product monitoring +- Nonconformance control +- Corrective and preventive action +- Data analysis + +#### 4.1.2 Process Interactions + +The QMS processes are interconnected and operate as a system. Process interactions are illustrated in the Process Map (Appendix C). Key interactions include: + +- Management review provides direction and resources for all processes +- Product realization processes transform customer requirements into conforming products +- Support processes enable effective product realization +- Monitoring processes provide feedback for improvement +- Risk management is integrated throughout all processes +- All processes contribute to meeting quality objectives + +#### 4.1.3 Outsourced Processes + +[IF APPLICABLE - otherwise state "Not applicable"] + +The following QMS processes are outsourced to external parties: + +| Process | Service Provider | Control Method | Responsible Party | +|---------|-----------------|----------------|-------------------| +| [e.g., Sterilization] | [PROVIDER NAME] | Supplier qualification, contract, ongoing monitoring | [ROLE] | +| [e.g., Calibration] | [PROVIDER NAME] | Qualified service provider, certificates reviewed | [ROLE] | +| | | | | + +Outsourcing does not relieve [COMPANY NAME] of responsibility for conformity to customer and regulatory requirements. Control of outsourced processes is documented in [REFERENCE PROCEDURE]. + +#### 4.1.4 Risk Management + +[COMPANY NAME] has established documented requirements for risk management throughout product realization in accordance with ISO 14971. Risk management is integrated into: + +- Design and development (when applicable) +- Production and process control +- Purchasing and supplier management +- Post-market surveillance and feedback +- Corrective and preventive action + +Risk management files are maintained as part of the Medical Device File for each device type. Risk management activities, methods, and records are defined in SOP-[NUMBER] Risk Management. + +#### 4.1.5 Software Validation + +Computer software applications used in the QMS are validated prior to initial use and after changes that could affect their intended use. Software requiring validation includes: + +- [QMS/ERP software] +- [Electronic document management systems] +- [Production control software] +- [Automated test equipment software] +- [Other software affecting product quality or QMS effectiveness] + +Validation is based on risk assessment and includes: +- Documented validation approach +- Risk-appropriate validation activities +- Defined acceptance criteria +- User responsibilities +- Validation records maintained + +Software validation procedures and records are documented in SOP-[NUMBER] Software Validation. + +### 4.2 Documentation Requirements + +#### 4.2.1 General + +The QMS documentation includes: + +**Tier 1:** Quality Policy and Quality Manual (this document) + +**Tier 2:** Documented Procedures (SOPs) +- The [31+] documented procedures required by ISO 13485:2016 +- Additional procedures established by the organization +- Referenced in Appendix A + +**Tier 3:** Work Instructions (WIs) +- Detailed step-by-step instructions for specific tasks +- Department or process-specific documents + +**Tier 4:** Records and Forms +- Evidence of conformity to requirements +- Evidence of effective QMS operation +- Maintained per retention requirements + +**Additional Documentation:** +- Medical Device Files +- Risk management files +- Design and development files (when applicable) +- Validation and verification documents +- External documents (standards, regulations, customer specifications) + +#### 4.2.2 Quality Manual + +This Quality Manual is established and maintained to describe the scope of the QMS, document or reference QMS procedures, describe process interactions, and outline the documentation structure. + +This manual is controlled per SOP-[NUMBER] Control of Documents and is reviewed annually for continuing suitability. + +#### 4.2.3 Medical Device File + +A Medical Device File (MDF) is established and maintained for each medical device type or device family. The MDF contains all documentation required by ISO 13485:2016 Clause 4.2.3, including: + +- General description of device and intended use/purpose +- Label and instructions for use specifications +- Product specifications +- Manufacturing specifications +- Procedures for purchasing, manufacturing, and servicing +- Procedures for measuring and monitoring +- Installation requirements (when applicable) +- Risk management file(s) +- Verification and validation information +- Design and development file(s) (when applicable) + +MDF structure, content, and control are defined in SOP-[NUMBER] Medical Device File. + +**Current Medical Device Files:** +- [LIST MDFs MAINTAINED] + +#### 4.2.4 Control of Documents + +All QMS documents are controlled to ensure: +- Approval before issue +- Review and update as necessary +- Current revision status identified +- Relevant versions available at point of use +- Documents remain legible and identifiable +- External documents controlled +- Obsolete documents prevented from unintended use +- Obsolete documents identified if retained for reference + +Document control responsibilities, requirements, and procedures are defined in SOP-[NUMBER] Control of Documents. + +The Document Control Coordinator is responsible for document control system operation. + +#### 4.2.5 Control of Records + +QMS records provide evidence of conformity to requirements and effective QMS operation. Records are controlled to ensure: +- Legibility, identification, and retrievability +- Proper storage, security, and integrity +- Appropriate retention time (minimum: device lifetime) +- Proper disposition +- Changes remain identifiable + +Record control responsibilities, requirements, and procedures are defined in SOP-[NUMBER] Control of Records. + +Records are retained for at least [X years or device lifetime, whichever is longer], in accordance with applicable regulatory requirements. + +--- + +## 5. MANAGEMENT RESPONSIBILITY + +[CONTINUE WITH SECTIONS 5-8 FOLLOWING THE SAME PATTERN: State requirement, describe implementation, reference procedure, identify responsibility] + +[Note: For brevity, I'm providing the format. The user can expand each section following this pattern] + +--- + +## 9. APPENDICES + +### APPENDIX A: LIST OF DOCUMENTED PROCEDURES + +[CREATE TABLE OF ALL 31+ PROCEDURES] + +### APPENDIX B: ORGANIZATION CHART + +[INSERT ORGANIZATION CHART] + +### APPENDIX C: PROCESS MAP + +[INSERT PROCESS INTERACTION DIAGRAM] + +### APPENDIX D: DEFINITIONS AND ABBREVIATIONS + +[EXPAND FROM SECTION 1.4] + +### APPENDIX E: APPLICABLE REGULATORY REQUIREMENTS + +[DETAILED LIST OF ALL APPLICABLE REGULATIONS] + +--- + +**END OF QUALITY MANUAL** + +--- + +**Document Number:** QM-001 +**Revision:** 00 +**Page:** [X] of [X] diff --git a/scientific-skills/iso-13485-certification/references/gap-analysis-checklist.md b/scientific-skills/iso-13485-certification/references/gap-analysis-checklist.md new file mode 100644 index 0000000..43b83ac --- /dev/null +++ b/scientific-skills/iso-13485-certification/references/gap-analysis-checklist.md @@ -0,0 +1,568 @@ +# ISO 13485:2016 Gap Analysis Checklist + +This comprehensive checklist helps identify gaps between your current Quality Management System and ISO 13485:2016 requirements. + +## How to Use This Checklist + +**Status Indicators:** +- ✅ **Compliant:** Requirement fully implemented and documented +- ⚠️ **Partial:** Requirement partially implemented, needs improvement +- ❌ **Non-compliant:** Requirement not implemented or documented +- N/A **Not Applicable:** Requirement doesn't apply (must be justified) + +**For Each Item:** +1. Assess current status +2. Identify existing documentation +3. Note gaps or deficiencies +4. Prioritize actions needed +5. Assign responsibility and target dates + +--- + +## Clause 4: Quality Management System + +### 4.1 General Requirements + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 4.1.1 | QMS established, documented, implemented, and maintained | | | | | +| 4.1.2 | QMS processes identified with sequence and interaction | | | | | +| 4.1.3 | Outsourced processes controlled and documented | | | | | +| 4.1.4 | QMS requirements and applicable regulatory requirements met | | | | | +| 4.1.5 | Risk management requirements documented and maintained | | | | | +| 4.1.6 | Computer software applications validated before use | | | | | + +### 4.2 Documentation Requirements + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 4.2.1 | QMS documentation includes policy, manual, procedures, records | | | | | +| 4.2.2 | Quality Manual established with required content | | | | | +| 4.2.2.a | Scope of QMS with justified exclusions | | | | | +| 4.2.2.b | Documented procedures or references | | | | | +| 4.2.2.c | Description of process interactions | | | | | +| 4.2.2.d | Structure of documentation described | | | | | +| 4.2.3 | Medical Device File established for each device type/family | | | | | +| 4.2.3.a | General description and intended use documented | | | | | +| 4.2.3.b | Label and IFU specifications | | | | | +| 4.2.3.c | Product specifications | | | | | +| 4.2.3.d | Manufacturing specifications | | | | | +| 4.2.3.e | Purchasing, manufacturing, servicing procedures | | | | | +| 4.2.3.f | Measurement and monitoring procedures | | | | | +| 4.2.3.g | Installation requirements (if applicable) | | | | | +| 4.2.3.h | Risk management file(s) | | | | | +| 4.2.3.i | Verification and validation information | | | | | +| 4.2.3.j | Design and development file(s) when applicable | | | | | +| 4.2.4 | Control of Documents procedure established | | | | | +| 4.2.4.a | Documents approved before issue | | | | | +| 4.2.4.b | Documents reviewed, updated, and re-approved | | | | | +| 4.2.4.c | Changes and current revision status identified | | | | | +| 4.2.4.d | Relevant versions available at point of use | | | | | +| 4.2.4.e | Documents remain legible and identifiable | | | | | +| 4.2.4.f | External documents controlled | | | | | +| 4.2.4.g | Obsolete documents prevented from unintended use | | | | | +| 4.2.4.h | Obsolete documents identified if retained | | | | | +| 4.2.5 | Control of Records procedure established | | | | | +| 4.2.5.a | Records remain legible, identifiable, and retrievable | | | | | +| 4.2.5.b | Changes to records remain identifiable | | | | | +| 4.2.5.c | Retention time at least device lifetime | | | | | +| 4.2.5.d | Storage, security, integrity, retrieval, disposition defined | | | | | + +--- + +## Clause 5: Management Responsibility + +### 5.1 Management Commitment + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.1.a | Importance of meeting requirements communicated | | | | | +| 5.1.b | Quality policy established | | | | | +| 5.1.c | Quality objectives established | | | | | +| 5.1.d | Management reviews conducted | | | | | +| 5.1.e | Resource availability ensured | | | | | + +### 5.2 Customer Focus + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.2 | Customer and regulatory requirements determined and met | | | | | + +### 5.3 Quality Policy + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.3.a | Policy appropriate to organization | | | | | +| 5.3.b | Includes commitment to meet requirements and maintain effectiveness | | | | | +| 5.3.c | Provides framework for quality objectives | | | | | +| 5.3.d | Communicated and understood within organization | | | | | +| 5.3.e | Reviewed for continuing suitability | | | | | + +### 5.4 Planning + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.4.1 | Quality objectives established at relevant functions/levels | | | | | +| 5.4.1 | Objectives measurable and consistent with policy | | | | | +| 5.4.2 | QMS planning meets general requirements and objectives | | | | | +| 5.4.2 | QMS integrity maintained when changes occur | | | | | + +### 5.5 Responsibility, Authority and Communication + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.5.1 | Responsibilities and authorities defined and communicated | | | | | +| 5.5.1 | Roles for QMS management, performance, verification documented | | | | | +| 5.5.1 | Interrelation of personnel identified | | | | | +| 5.5.2 | Management representative appointed | | | | | +| 5.5.2.a | Representative ensures QMS processes established and maintained | | | | | +| 5.5.2.b | Representative reports to top management on performance | | | | | +| 5.5.2.c | Representative ensures awareness of requirements | | | | | +| 5.5.3 | Internal communication processes established | | | | | + +### 5.6 Management Review + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 5.6.1 | QMS reviewed at planned intervals (at least annually) | | | | | +| 5.6.1 | Review ensures suitability, adequacy, effectiveness | | | | | +| 5.6.1 | Review includes improvement opportunities | | | | | +| 5.6.1 | Records of reviews maintained | | | | | +| 5.6.2 | Review includes audit results | | | | | +| 5.6.2 | Review includes customer feedback | | | | | +| 5.6.2 | Review includes process performance and product conformity | | | | | +| 5.6.2 | Review includes status of corrective and preventive actions | | | | | +| 5.6.2 | Review includes follow-up from previous reviews | | | | | +| 5.6.2 | Review includes changes affecting QMS | | | | | +| 5.6.2 | Review includes recommendations for improvement | | | | | +| 5.6.2 | Review includes new/revised regulatory requirements | | | | | +| 5.6.3 | Review output includes QMS improvements | | | | | +| 5.6.3 | Review output includes product improvements | | | | | +| 5.6.3 | Review output includes resource needs | | | | | +| 5.6.3 | Review output includes changes to maintain effectiveness | | | | | + +--- + +## Clause 6: Resource Management + +### 6.1 Provision of Resources + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 6.1 | Resources determined and provided for QMS | | | | | +| 6.1 | Resources provided to meet regulatory and customer requirements | | | | | + +### 6.2 Human Resources + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 6.2 | Personnel competent based on education, training, skills, experience | | | | | +| 6.2 | Documented evidence of competence maintained | | | | | + +### 6.3 Infrastructure + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 6.3 | Infrastructure determined, provided, and maintained | | | | | +| 6.3.a | Buildings, workspace, and utilities provided | | | | | +| 6.3.b | Process equipment (hardware and software) provided | | | | | +| 6.3.c | Supporting services provided | | | | | +| 6.3 | Maintenance requirements documented (when affecting quality) | | | | | +| 6.3 | Maintenance activity records maintained | | | | | + +### 6.4 Work Environment and Contamination Control + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 6.4.1 | Work environment determined and managed | | | | | +| 6.4.1 | Work environment requirements documented | | | | | +| 6.4.2 | Contamination control requirements documented (if applicable) | | | | | +| 6.4.2 | Special arrangements for contaminated product established | | | | | + +--- + +## Clause 7: Product Realization + +### 7.1 Planning of Product Realization + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.1.a | Quality objectives and requirements determined | | | | | +| 7.1.b | Need for processes, documentation, and resources determined | | | | | +| 7.1.c | Verification, validation, monitoring, measurement activities determined | | | | | +| 7.1.c | Handling, storage, distribution, traceability determined | | | | | +| 7.1.d | Records to provide evidence of conformity determined | | | | | +| 7.1 | Risk management requirements documented | | | | | +| 7.1 | Risk management records maintained | | | | | + +### 7.2 Customer-Related Processes + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.2.1.a | Requirements specified by customer determined | | | | | +| 7.2.1.b | Requirements not stated but necessary determined | | | | | +| 7.2.1.c | Applicable regulatory requirements determined | | | | | +| 7.2.1.d | Additional requirements determined by organization | | | | | +| 7.2.2 | Product requirements reviewed before commitment | | | | | +| 7.2.2 | Requirements defined and documented | | | | | +| 7.2.2 | Differences resolved | | | | | +| 7.2.2 | Ability to meet requirements ensured | | | | | +| 7.2.2 | Records of review and follow-up maintained | | | | | +| 7.2.3 | Arrangements for communication with customers documented | | | | | +| 7.2.3.a | Communication on product information | | | | | +| 7.2.3.b | Communication on inquiry, contract, order handling | | | | | +| 7.2.3.c | Communication on customer feedback including complaints | | | | | +| 7.2.3.d | Communication on advisory notices | | | | | + +### 7.3 Design and Development + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.3.1 | Design and development procedures documented | | | | | +| 7.3.1 | Design and development plan documented for each device | | | | | +| 7.3.1 | Design and development files maintained | | | | | +| 7.3.2 | Design and development stages determined | | | | | +| 7.3.2 | Required review, verification, validation determined | | | | | +| 7.3.2 | Responsibilities and authorities defined | | | | | +| 7.3.2 | Resources and interfaces managed | | | | | +| 7.3.2 | Plans updated as design progresses | | | | | +| 7.3.3 | Design inputs determined and recorded | | | | | +| 7.3.3 | Functional, performance, usability, safety requirements included | | | | | +| 7.3.3 | Regulatory requirements and standards included | | | | | +| 7.3.3 | Risk management outputs included | | | | | +| 7.3.3 | Previous similar design information included | | | | | +| 7.3.3 | Inputs reviewed for adequacy | | | | | +| 7.3.4 | Design outputs meet input requirements | | | | | +| 7.3.4 | Outputs provide information for purchasing, production, service | | | | | +| 7.3.4 | Outputs contain acceptance criteria | | | | | +| 7.3.4 | Outputs specify characteristics for safe and proper use | | | | | +| 7.3.4 | Outputs documented and maintained as records | | | | | +| 7.3.5 | Systematic reviews conducted at suitable stages | | | | | +| 7.3.5 | Review evaluates ability to meet requirements | | | | | +| 7.3.5 | Review identifies problems and proposes actions | | | | | +| 7.3.5 | Representatives of functions concerned included | | | | | +| 7.3.5 | Records of reviews and follow-up maintained | | | | | +| 7.3.6 | Verification performed per planned arrangements | | | | | +| 7.3.6 | Verification ensures outputs meet inputs | | | | | +| 7.3.6 | Records of verification and follow-up maintained | | | | | +| 7.3.7 | Validation performed per planned arrangements | | | | | +| 7.3.7 | Validation ensures product meets specified application | | | | | +| 7.3.7 | Validation conducted before delivery or implementation | | | | | +| 7.3.7 | Validation includes defined operating conditions | | | | | +| 7.3.7 | Records of validation and follow-up maintained | | | | | +| 7.3.8 | Transfer procedures documented | | | | | +| 7.3.8 | Manufacturing output verified against design output | | | | | +| 7.3.8 | Specifications appropriate for manufacturing | | | | | +| 7.3.8 | Transfer records maintained | | | | | +| 7.3.9 | Design changes identified, documented, and controlled | | | | | +| 7.3.9 | Changes reviewed, verified, validated, and approved | | | | | +| 7.3.9 | Effects on constituent parts and delivered product evaluated | | | | | +| 7.3.9 | Records of changes and review maintained | | | | | +| 7.3.10 | Design and development files maintained including all required content | | | | | + +### 7.4 Purchasing + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.4.1 | Purchased product conforms to purchase information | | | | | +| 7.4.1 | Purchasing activities documented | | | | | +| 7.4.1 | Criteria for supplier evaluation and selection established | | | | | +| 7.4.1 | Criteria based on supplier ability to supply per requirements | | | | | +| 7.4.1 | Supplier performance monitored | | | | | +| 7.4.1 | Records of supplier evaluations and follow-up maintained | | | | | +| 7.4.1 | Process for notifying suppliers of changes established | | | | | +| 7.4.2 | Purchasing information includes product approval requirements | | | | | +| 7.4.2 | Purchasing information includes qualification of personnel | | | | | +| 7.4.2 | Purchasing information includes QMS requirements | | | | | +| 7.4.2 | Purchasing information includes notification requirements | | | | | +| 7.4.2 | Purchasing information includes supplier change notification | | | | | +| 7.4.2 | Purchasing information communicated to sub-tier suppliers | | | | | +| 7.4.3 | Verification activities to ensure purchased product conformity | | | | | +| 7.4.3 | Extent of verification documented | | | | | +| 7.4.3 | Verification at supplier's premises documented (if applicable) | | | | | + +### 7.5 Production and Service Provision + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.5.1.a | Documented procedures and work instructions available | | | | | +| 7.5.1.b | Suitable infrastructure and work environment available | | | | | +| 7.5.1.c | Monitoring and measuring equipment available | | | | | +| 7.5.1.d | Monitoring and measuring activities available and used | | | | | +| 7.5.1.e | Product release, delivery, post-delivery activities implemented | | | | | +| 7.5.1.f | Operations for labelling and packaging defined | | | | | +| 7.5.1.g | Procedures for servicing documented (if applicable) | | | | | +| 7.5.1 | Requirements for product cleanliness documented | | | | | +| 7.5.1 | Requirements for installation and verification documented | | | | | +| 7.5.2 | Cleanliness requirements documented (if applicable) | | | | | +| 7.5.2 | Hygiene requirements in manufacturing documented | | | | | +| 7.5.3 | Installation requirements documented (if applicable) | | | | | +| 7.5.3 | Verification of installation conducted | | | | | +| 7.5.3 | Records of installation and verification maintained | | | | | +| 7.5.4 | Servicing procedures documented (if applicable) | | | | | +| 7.5.4 | Servicing records analyzed for feedback | | | | | +| 7.5.4 | Records of servicing maintained | | | | | +| 7.5.5 | Records of sterilization process parameters maintained (if applicable) | | | | | +| 7.5.6 | Processes validated where output cannot be verified | | | | | +| 7.5.6 | Defined criteria for review and approval | | | | | +| 7.5.6 | Equipment approval and personnel qualification | | | | | +| 7.5.6 | Specific methods, procedures, and acceptance criteria used | | | | | +| 7.5.6 | Requirements for records defined | | | | | +| 7.5.6 | Revalidation criteria defined | | | | | +| 7.5.6 | Software validation for production documented | | | | | +| 7.5.6 | Sterilization process validation documented (if applicable) | | | | | +| 7.5.6 | Aseptic processing validation documented (if applicable) | | | | | +| 7.5.6 | Clean room validation documented (if applicable) | | | | | +| 7.5.7 | Sterilization process validation records maintained (if applicable) | | | | | +| 7.5.7 | Sterile barrier system validation records maintained (if applicable) | | | | | +| 7.5.8 | Product identification procedures documented | | | | | +| 7.5.8 | Product identified by suitable means throughout realization | | | | | +| 7.5.8 | Records of identification maintained where traceability required | | | | | +| 7.5.9.1 | Traceability extent defined and documented | | | | | +| 7.5.9.1 | Distribution and location documented | | | | | +| 7.5.9.2 | Consignee name and address recorded | | | | | +| 7.5.9.2 | Quantity shipped recorded | | | | | +| 7.5.9.2 | Regulatory traceability requirements included | | | | | +| 7.5.9.2 | Traceability records maintained for defined period | | | | | +| 7.5.10 | Customer property identified, verified, protected (if applicable) | | | | | +| 7.5.10 | Loss, damage, unsuitability reported to customer | | | | | +| 7.5.10 | Records of customer property maintained | | | | | +| 7.5.11 | Product preservation during processing and delivery | | | | | +| 7.5.11 | Identification, handling, packaging, storage, protection included | | | | | +| 7.5.11 | Preservation applies to constituent parts | | | | | +| 7.5.11 | Special handling requirements documented (if applicable) | | | | | + +### 7.6 Control of Monitoring and Measuring Equipment + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 7.6 | Monitoring and measurement to be undertaken determined | | | | | +| 7.6 | Monitoring and measuring equipment needed determined | | | | | +| 7.6.a | Calibration or verification at specified intervals | | | | | +| 7.6.b | Adjustment or re-adjustment as necessary | | | | | +| 7.6.c | Identification to determine calibration status | | | | | +| 7.6.d | Safeguarding from adjustments invalidating calibration | | | | | +| 7.6.e | Protection from damage and deterioration | | | | | +| 7.6 | Validity of previous results assessed when non-conforming | | | | | +| 7.6 | Records of calibration and verification maintained | | | | | +| 7.6 | Computer software confirmed for intended application | | | | | +| 7.6 | Software confirmation before initial use and reconfirmation | | | | | + +--- + +## Clause 8: Measurement, Analysis and Improvement + +### 8.1 General + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 8.1 | Monitoring, measurement, analysis, improvement processes planned | | | | | +| 8.1 | Product conformity demonstrated | | | | | +| 8.1 | QMS conformity ensured | | | | | +| 8.1 | QMS effectiveness maintained | | | | | +| 8.1 | Applicable methods including statistical techniques determined | | | | | + +### 8.2 Monitoring and Measurement + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 8.2.1 | Feedback procedure established | | | | | +| 8.2.1 | Early warning system for quality issues established | | | | | +| 8.2.1 | Post-production information collected | | | | | +| 8.2.1 | Requirements for regulatory reporting included | | | | | +| 8.2.1 | Feedback used as input to risk management | | | | | +| 8.2.1 | Feedback used as input to corrective/preventive action | | | | | +| 8.2.2 | Complaint handling procedure established | | | | | +| 8.2.2 | Requirements for receiving, recording, evaluating complaints | | | | | +| 8.2.2 | Requirements for handling, investigating complaints | | | | | +| 8.2.2 | Requirements for reporting to regulatory authorities | | | | | +| 8.2.2 | Requirements for informing customer of actions | | | | | +| 8.2.2 | Complaint information transferred to organization | | | | | +| 8.2.2 | Records of complaints and investigations maintained | | | | | +| 8.2.3 | Regulatory reporting procedure established | | | | | +| 8.2.3 | Notification to regulatory authorities per requirements | | | | | +| 8.2.3 | Advisory notices per applicable requirements | | | | | +| 8.2.3 | Records of reporting maintained | | | | | +| 8.2.4 | Internal audits conducted at planned intervals | | | | | +| 8.2.4 | QMS conformity to ISO 13485 and requirements determined | | | | | +| 8.2.4 | QMS effective implementation and maintenance determined | | | | | +| 8.2.4 | Audit program considers importance, changes, previous results | | | | | +| 8.2.4 | Audit criteria, scope, frequency, methods defined | | | | | +| 8.2.4 | Audit procedure includes responsibilities and reporting | | | | | +| 8.2.4 | Objective and impartial auditors selected | | | | | +| 8.2.4 | Records of audits and results maintained | | | | | +| 8.2.4 | Need for corrections or corrective actions identified | | | | | +| 8.2.4 | Follow-up activities conducted | | | | | +| 8.2.5 | Suitable methods for process monitoring and measurement | | | | | +| 8.2.5 | Ability to achieve planned results demonstrated | | | | | +| 8.2.5 | Corrections and corrective actions implemented when needed | | | | | +| 8.2.5 | Records maintained | | | | | +| 8.2.6 | Product characteristics monitored and measured | | | | | +| 8.2.6 | Conducted at appropriate stages per planned arrangements | | | | | +| 8.2.6 | Records show conformity to acceptance criteria | | | | | +| 8.2.6 | Authority responsible for release recorded | | | | | +| 8.2.6 | Release and delivery not proceed until arrangements completed | | | | | + +### 8.3 Control of Nonconforming Product + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 8.3.1 | Nonconforming product identified and controlled | | | | | +| 8.3.1 | Procedure for identification, documentation established | | | | | +| 8.3.1 | Procedure for evaluation, segregation, disposition established | | | | | +| 8.3.1 | Procedure for notification to external parties established | | | | | +| 8.3.1 | Review of nonconforming product conducted | | | | | +| 8.3.1 | Records of nonconformities and actions maintained | | | | | +| 8.3.2 | Action taken to eliminate detected nonconformity | | | | | +| 8.3.2 | Use under concession authorized (if applicable) | | | | | +| 8.3.2 | Action taken to preclude original intended use | | | | | +| 8.3.2 | Records of concessions maintained | | | | | +| 8.3.2 | Authority making concession identified | | | | | +| 8.3.3 | Appropriate action for nonconformity after delivery | | | | | +| 8.3.3 | Procedure includes regulatory notification requirements | | | | | +| 8.3.3 | Records maintained | | | | | +| 8.3.4 | Rework procedures documented | | | | | +| 8.3.4 | Potential effects on medical device evaluated | | | | | +| 8.3.4 | Approval before rework implementation | | | | | +| 8.3.4 | Records of results and actions maintained | | | | | +| 8.3.4 | Re-verification after rework | | | | | +| 8.3.4 | Rework procedure documented before beginning | | | | | + +### 8.4 Analysis of Data + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 8.4 | Appropriate data determined, collected, and analyzed | | | | | +| 8.4 | Continual improvement opportunities evaluated | | | | | +| 8.4 | Procedures for data analysis established | | | | | +| 8.4.a | Analysis provides information on customer satisfaction | | | | | +| 8.4.b | Analysis of conformity to product requirements | | | | | +| 8.4.c | Analysis of process and product characteristics and trends | | | | | +| 8.4.d | Analysis of suppliers | | | | | +| 8.4.e | Analysis of feedback and risk management outputs | | | | | +| 8.4 | Statistical techniques used if necessary | | | | | +| 8.4 | Records of analysis results maintained | | | | | + +### 8.5 Improvement + +| # | Requirement | Status | Evidence | Gaps | Action Required | +|---|------------|--------|----------|------|-----------------| +| 8.5.1 | Changes identified and implemented to ensure effectiveness | | | | | +| 8.5.1 | Quality policy, objectives, audits, data, CAPA, reviews used | | | | | +| 8.5.2 | Corrective action procedure established | | | | | +| 8.5.2.a | Nonconformities including complaints reviewed | | | | | +| 8.5.2.b | Causes of nonconformities determined | | | | | +| 8.5.2.c | Need for actions to prevent recurrence evaluated | | | | | +| 8.5.2.d | Actions needed planned, documented, and implemented | | | | | +| 8.5.2.e | Results of actions documented | | | | | +| 8.5.2.f | Effectiveness of corrective actions reviewed | | | | | +| 8.5.2 | Records of investigation and follow-up maintained | | | | | +| 8.5.3 | Preventive action procedure established | | | | | +| 8.5.3.a | Potential nonconformities and causes determined | | | | | +| 8.5.3.b | Need for action to prevent occurrence evaluated | | | | | +| 8.5.3.c | Actions needed planned, documented, and implemented | | | | | +| 8.5.3.d | Results of actions documented | | | | | +| 8.5.3.e | Effectiveness of preventive actions reviewed | | | | | +| 8.5.3 | Appropriate information sources used | | | | | +| 8.5.3 | Records of investigation and follow-up maintained | | | | | + +--- + +## Summary and Prioritization + +### Gap Summary by Clause + +| Clause | Total Items | Compliant | Partial | Non-Compliant | N/A | Compliance % | +|--------|-------------|-----------|---------|---------------|-----|--------------| +| 4. QMS | | | | | | | +| 5. Management | | | | | | | +| 6. Resources | | | | | | | +| 7. Product Realization | | | | | | | +| 8. Measurement & Improvement | | | | | | | +| **TOTAL** | | | | | | | + +### Priority Actions + +**Critical (Immediate Action Required):** +1. +2. +3. + +**High Priority (Within 30 days):** +1. +2. +3. + +**Medium Priority (Within 90 days):** +1. +2. +3. + +**Low Priority (Within 180 days):** +1. +2. +3. + +### Resource Requirements + +**Personnel:** +- +- + +**Training:** +- +- + +**Tools/Systems:** +- +- + +**External Support:** +- +- + +### Timeline and Milestones + +| Milestone | Target Date | Responsible | Status | +|-----------|-------------|-------------|--------| +| Gap analysis completion | | | | +| Priority 1 items complete | | | | +| Priority 2 items complete | | | | +| Priority 3 items complete | | | | +| Internal audit readiness | | | | +| Certification audit | | | | + +--- + +## Notes and Additional Considerations + +### Regulatory Requirements +Document any additional requirements beyond ISO 13485: +- FDA QMSR requirements +- EU MDR/IVDR requirements +- Health Canada requirements +- Other regional requirements + +### Exclusions +Document and justify any clause exclusions: + +| Clause | Exclusion | Justification | +|--------|-----------|---------------| +| | | | + +### Additional Documentation Needed +List any additional documents identified during gap analysis: +- +- + +### Lessons Learned and Best Practices +- +- + +--- + +## Revision History + +| Version | Date | Author | Changes | +|---------|------|--------|---------| +| 1.0 | | | Initial gap analysis | diff --git a/scientific-skills/iso-13485-certification/references/iso-13485-requirements.md b/scientific-skills/iso-13485-certification/references/iso-13485-requirements.md new file mode 100644 index 0000000..8e45a19 --- /dev/null +++ b/scientific-skills/iso-13485-certification/references/iso-13485-requirements.md @@ -0,0 +1,610 @@ +# ISO 13485:2016 Requirements Breakdown + +This document provides a comprehensive breakdown of ISO 13485:2016 requirements for medical device Quality Management Systems (QMS). + +## Table of Contents + +1. [Clause 4: Quality Management System](#clause-4-quality-management-system) +2. [Clause 5: Management Responsibility](#clause-5-management-responsibility) +3. [Clause 6: Resource Management](#clause-6-resource-management) +4. [Clause 7: Product Realization](#clause-7-product-realization) +5. [Clause 8: Measurement, Analysis and Improvement](#clause-8-measurement-analysis-and-improvement) + +## Clause 4: Quality Management System + +### 4.1 General Requirements + +#### 4.1.1 QMS Requirements +- Establish, document, implement, and maintain a QMS +- Maintain its effectiveness in accordance with ISO 13485 +- Document the QMS processes and their interactions + +#### 4.1.2 Process Approach +- Identify processes needed for the QMS +- Determine sequence and interaction of these processes +- Determine criteria and methods for effective operation and control +- Ensure availability of resources and information +- Monitor, measure, and analyze processes +- Implement actions to achieve planned results and maintain effectiveness + +#### 4.1.3 Outsourced Processes +- Control any QMS process that is outsourced +- Ensure control is documented in the QMS +- Outsourcing does not relieve the organization of responsibility + +#### 4.1.4 General QMS Requirements +- Establish, document, implement, and maintain QMS requirements per ISO 13485 +- Include requirements for medical devices and applicable regulatory requirements +- Establish documented procedures for QMS activities + +#### 4.1.5 Risk Management +- Establish documented requirements for risk management in product realization +- Maintain risk management records +- Ensure risk management is conducted according to documented requirements + +#### 4.1.6 Software Validation +- Validate computer software applications used in QMS +- Validation must be conducted prior to initial use and after changes +- Establish documented approach including: + - Risk associated with the software application + - Validation activities + - Acceptance criteria + - User responsibilities + - Validation records + +### 4.2 Documentation Requirements + +#### 4.2.1 General Documentation +QMS documentation must include: +- Quality policy and quality objectives +- Quality manual +- Documented procedures and records required by ISO 13485 +- Documents required by organization for effective processes +- Records required by ISO 13485 +- Medical device files as required by applicable regulatory requirements + +#### 4.2.2 Quality Manual +Establish and maintain a quality manual that includes: +- Scope of the QMS with details and justification for exclusions +- Documented procedures or reference to them +- Description of interaction between QMS processes +- Structure of documentation used in the QMS + +#### 4.2.3 Medical Device File +Establish and maintain a medical device file for each type or family that includes: +- General description, intended use/purpose +- Label and instructions for use specifications +- Specifications for product and/or manufacturing +- Specifications for procedures for purchasing, manufacturing, servicing +- Procedures for measuring and monitoring +- Installation requirements (if applicable) +- Risk management file(s) +- Verification and validation information +- Design and development file(s) when applicable + +#### 4.2.4 Control of Documents +Establish documented procedure to: +- Approve documents before issue +- Review, update, and re-approve documents +- Ensure changes and current revision status are identified +- Ensure relevant versions are available at points of use +- Ensure documents remain legible and readily identifiable +- Control distribution of documents +- Prevent unintended use of obsolete documents +- Apply suitable identification if retained for any purpose + +Document changes must: +- Be reviewed and approved by original function unless otherwise designated +- Have access to pertinent background information +- Be identified in the document or appropriate attachments + +#### 4.2.5 Control of Records +Establish documented procedure for: +- Identification, storage, security, integrity, retrieval, retention time, and disposition +- Records must remain legible, readily identifiable, and retrievable +- Changes to records must remain identifiable +- Retention time must be at least the lifetime of the medical device +- Records may be stored on any media but must remain retrievable + +## Clause 5: Management Responsibility + +### 5.1 Management Commitment +Top management must provide evidence of commitment by: +- Communicating importance of meeting regulatory and customer requirements +- Establishing quality policy +- Establishing quality objectives +- Conducting management reviews +- Ensuring availability of resources + +### 5.2 Customer Focus +- Determine customer requirements and regulatory requirements +- Ensure customer requirements are met to enhance satisfaction +- Maintain documented requirements related to the medical device + +### 5.3 Quality Policy +- Appropriate to the organization +- Includes commitment to meet requirements and maintain QMS effectiveness +- Provides framework for quality objectives +- Communicated and understood within organization +- Reviewed for continuing suitability + +### 5.4 Planning + +#### 5.4.1 Quality Objectives +- Establish quality objectives at relevant functions and levels +- Must be measurable and consistent with quality policy +- Objectives must support conformity to product requirements + +#### 5.4.2 QMS Planning +- Plan to meet general requirements and quality objectives +- Maintain QMS integrity when changes are planned and implemented +- Document planning + +### 5.5 Responsibility, Authority and Communication + +#### 5.5.1 Responsibility and Authority +- Define and communicate responsibilities and authorities +- Document roles that manage, perform, verify QMS work +- Identify interrelation of all personnel + +#### 5.5.2 Management Representative +Appoint a member of management who: +- Ensures QMS processes are established, implemented, and maintained +- Reports to top management on QMS performance and improvement needs +- Ensures promotion of awareness of regulatory and customer requirements + +#### 5.5.3 Internal Communication +- Ensure communication processes are established +- Ensure communication occurs regarding QMS effectiveness + +### 5.6 Management Review + +#### 5.6.1 General +- Review QMS at planned intervals (at least annually) +- Review to ensure continuing suitability, adequacy, and effectiveness +- Include assessment of opportunities for improvement +- Maintain records of management reviews + +#### 5.6.2 Review Input +Include: +- Results of audits +- Customer feedback +- Process performance and product conformity +- Status of preventive and corrective actions +- Follow-up actions from previous reviews +- Changes affecting QMS +- Recommendations for improvement +- Applicable new or revised regulatory requirements + +#### 5.6.3 Review Output +Include decisions and actions related to: +- Improvements to QMS effectiveness and processes +- Product improvements related to customer requirements +- Resource needs +- Changes necessary to maintain QMS effectiveness + +## Clause 6: Resource Management + +### 6.1 Provision of Resources +Determine and provide resources needed to: +- Implement and maintain QMS and its effectiveness +- Meet regulatory and customer requirements + +### 6.2 Human Resources + +#### 6.2 General +Personnel performing work affecting product quality must be competent based on: +- Education, training, skills, and experience +- Documented evidence of competence + +#### 6.3 Infrastructure +Determine, provide, and maintain infrastructure including: +- Buildings, workspace, and associated utilities +- Process equipment (hardware and software) +- Supporting services + +Infrastructure maintenance requirements: +- Document requirements including maintenance activities +- Document requirements when maintenance can affect product quality +- Maintain records of maintenance activities + +### 6.4 Work Environment and Contamination Control + +#### 6.4.1 Work Environment +- Determine and manage work environment needed for product conformity +- Document requirements for work environment +- Document requirements if work environment can adversely affect product quality + +#### 6.4.2 Contamination Control +- When applicable to medical device, document requirements for control of contaminated or potentially contaminated product +- Establish special arrangements for control of contaminated product + +## Clause 7: Product Realization + +### 7.1 Planning of Product Realization +Plan and develop processes needed for product realization including: +- Quality objectives and requirements for the product +- Need to establish processes, documentation, and resources +- Required verification, validation, monitoring, measurement, inspection, handling, storage, distribution, and traceability +- Records to provide evidence of conformity + +Risk management requirements: +- Establish documented requirements for risk management throughout product realization +- Maintain risk management records + +### 7.2 Customer-Related Processes + +#### 7.2.1 Determination of Requirements +Determine: +- Requirements specified by customer including delivery and post-delivery +- Requirements not stated but necessary for specified or intended use +- Applicable regulatory requirements +- Any additional requirements determined by organization + +#### 7.2.2 Review of Requirements +- Review product requirements before commitment +- Ensure requirements are defined and documented +- Ensure differences are resolved +- Ensure ability to meet requirements +- Maintain records of review results and follow-up actions + +#### 7.2.3 Communication +Establish and document effective arrangements for communication with customers concerning: +- Product information +- Inquiry, contract or order handling, amendments +- Customer feedback including complaints +- Advisory notices + +### 7.3 Design and Development + +#### 7.3.1 General +- Establish, document, and maintain design and development procedures +- Document design and development plan for each medical device +- Maintain design and development files + +#### 7.3.2 Design and Development Planning +Plan and control design and development including: +- Stages of design and development +- Required review, verification, and validation activities +- Responsibilities and authorities +- Resources and interfaces +- Update plans as design progresses +- Document plans + +#### 7.3.3 Design and Development Inputs +- Determine inputs relating to product requirements +- Include functional, performance, usability, and safety requirements +- Include applicable regulatory requirements and standards +- Include applicable outputs of risk management +- Include appropriate information from previous similar designs +- Review inputs for adequacy and completeness +- Resolve incomplete, ambiguous, or conflicting requirements +- Maintain records + +#### 7.3.4 Design and Development Outputs +Provide outputs that: +- Meet design input requirements +- Provide appropriate information for purchasing, production, and service +- Contain or reference product acceptance criteria +- Specify characteristics essential for safe and proper use +- Document outputs and maintain as records + +#### 7.3.5 Design and Development Review +- Conduct systematic reviews at suitable stages +- Evaluate ability to meet requirements +- Identify problems and propose actions +- Include representatives of functions concerned +- Maintain records including results and follow-up actions + +#### 7.3.6 Design and Development Verification +- Perform verification per planned arrangements +- Ensure outputs meet input requirements +- Maintain records of verification results and follow-up actions + +#### 7.3.7 Design and Development Validation +- Perform validation per planned arrangements +- Ensure product meets specified application or intended use +- Conduct validation before delivery or implementation +- Include validation under defined operating conditions +- Maintain records of validation results and follow-up actions + +#### 7.3.8 Design and Development Transfer +- Document procedures for transfer to manufacturing +- Verify manufacturing output meets design output +- Ensure specification for materials, production, QC, servicing are appropriate +- Maintain records + +#### 7.3.9 Control of Design and Development Changes +- Identify, document, and control changes +- Review, verify, validate, and approve changes before implementation +- Evaluate effects on constituent parts, in-process product, and delivered product +- Maintain records of changes, review results, and follow-up actions + +#### 7.3.10 Design and Development Files +Establish and maintain design and development files for each type or family including: +- Design and development plan +- Design inputs +- Design outputs +- Design review, verification, validation records +- Design change records +- Risk management file + +### 7.4 Purchasing + +#### 7.4.1 Purchasing Process +- Ensure purchased product conforms to purchase information +- Establish documented processes for purchasing activities +- Establish criteria for evaluation and selection of suppliers +- Base criteria on ability to supply per organization's requirements +- Monitor supplier performance +- Maintain records of evaluations and follow-up actions +- Establish process for notifying suppliers of changed product requirements + +#### 7.4.2 Purchasing Information +Purchasing information must include: +- Requirements for approval of product, procedures, processes, equipment +- Requirements for qualification of personnel +- Quality management system requirements +- Requirements for notification to organization of nonconforming product +- Agreement that suppliers provide notification of changes to purchased product +- Agreement that purchase information be communicated to sub-tier suppliers + +#### 7.4.3 Verification of Purchased Product +- Establish and implement inspection or other activities to ensure conformity +- Document extent of verification +- Verify at supplier's premises when customer intends to perform verification at supplier +- Document verification arrangements and method of product release + +### 7.5 Production and Service Provision + +#### 7.5.1 Control of Production and Service Provision +Plan and carry out production under controlled conditions including: +- Availability of documented procedures and work instructions +- Availability of suitable infrastructure and work environment +- Availability of monitoring and measuring equipment +- Availability and use of suitable monitoring and measuring activities +- Implementation of product release, delivery, and post-delivery activities +- Implementation of defined operations for labelling and packaging +- Procedures for servicing if applicable + +Document requirements for: +- Control of product cleanliness if applicable +- Control during installation and verification if applicable + +#### 7.5.2 Cleanliness of Product +Document requirements if: +- Product is cleaned per specified requirements before sterilization and/or use +- Product cannot be cleaned before sterilization +- Product is supplied non-sterile to be cleaned and then sterilized + +Establish requirements for product hygiene in manufacturing, handling, and storage. + +#### 7.5.3 Installation Activities +If applicable: +- Document requirements for installation and verification +- Maintain records of installation and verification + +#### 7.5.4 Servicing Activities +If servicing is specified requirement: +- Establish documented procedures, reference materials, and measurements for servicing +- Analyze records of servicing for feedback into post-production phase +- Maintain records of servicing activities + +#### 7.5.5 Particular Requirements for Sterile Medical Devices +Maintain records of process parameters for sterilization of each batch. + +#### 7.5.6 Validation of Processes +Validate processes where resulting output cannot be verified by subsequent monitoring or measurement, including: +- Defined criteria for review and approval +- Approval of equipment and qualification of personnel +- Use of specific methods, procedures, and acceptance criteria +- Requirements for records +- Revalidation including criteria for revalidation +- Approval of changes to process + +Document requirements for validation of: +- Computer software used in production and service provision +- Sterilization processes +- Aseptic processing +- Clean room requirements if applicable + +#### 7.5.7 Particular Requirements for Validation of Processes for Sterilization and Sterile Barrier Systems +Maintain records of validation of: +- Sterilization processes for each batch +- Sterile barrier systems + +#### 7.5.8 Identification +- Establish documented procedures for product identification throughout realization +- Identify product by suitable means +- Maintain records of identification where traceability is a requirement + +#### 7.5.9 Traceability + +##### 7.5.9.1 General +Establish documented procedures defining extent of traceability including: +- Distribution and location of medical device + +##### 7.5.9.2 Particular Requirements +Document procedures to maintain records of: +- Name and address of shipping package consignee +- Identification of quantity shipped +- Include requirements of applicable regulatory requirements +- Maintain traceability records for defined period + +#### 7.5.10 Customer Property +- Exercise care with customer property while under organization's control +- Identify, verify, protect, and safeguard customer property +- Record and report to customer if lost, damaged, or unsuitable +- Maintain records + +#### 7.5.11 Preservation of Product +- Preserve product during internal processing and delivery +- Include identification, handling, packaging, storage, and protection +- Apply to constituent parts of product +- Document requirements for special handling if applicable + +### 7.6 Control of Monitoring and Measuring Equipment +- Determine monitoring and measurement to be undertaken +- Determine monitoring and measuring equipment needed +- Establish documented procedures for: + - Calibration or verification at specified intervals before use + - Adjustment or re-adjustment as necessary + - Identification to enable determination of calibration status + - Safeguarding from adjustments that would invalidate calibration + - Protection from damage and deterioration +- Assess and record validity of previous results when found not to conform +- Maintain records of calibration and verification +- Confirm ability of computer software to satisfy intended application when used +- Undertake confirmation before initial use and reconfirm as necessary + +## Clause 8: Measurement, Analysis and Improvement + +### 8.1 General +- Plan and implement monitoring, measurement, analysis, and improvement processes +- Demonstrate product conformity +- Ensure QMS conformity +- Maintain QMS effectiveness +- Include determination of applicable methods including statistical techniques + +### 8.2 Monitoring and Measurement + +#### 8.2.1 Feedback +Establish documented procedure for feedback including early warning system for: +- Post-production information including complaints +- Requirements for reporting to regulatory authorities +- Use as potential input to risk management for monitoring and maintaining product requirements +- Use as potential input for corrective and preventive action + +#### 8.2.2 Complaint Handling +Establish documented procedures for timely complaint handling including: +- Requirements and responsibilities for receiving, recording, and evaluating complaints +- Requirements and responsibilities for handling, investigating, and evaluating complaints +- Requirements and responsibilities for reporting complaint information to regulatory authorities +- Requirements for informing customer of organization's actions +- Requirements to ensure complaint information not handled by organization is transferred to organization +- Maintain records of complaints and investigations + +#### 8.2.3 Reporting to Regulatory Authorities +Establish documented procedures to: +- Provide notification to regulatory authorities per applicable requirements +- Provide advisory notices per applicable requirements +- Maintain records of reporting + +#### 8.2.4 Internal Audit +- Conduct internal audits at planned intervals +- Determine if QMS conforms to ISO 13485 and organization's requirements +- Determine if QMS is effectively implemented and maintained +- Plan audit program considering importance of processes, changes, and previous results +- Define audit criteria, scope, frequency, and methods +- Establish documented procedure for audits including responsibilities, requirements, and reporting +- Select objective and impartial auditors +- Maintain records of audits and results +- Identify need for corrections or corrective actions +- Conduct follow-up activities to verify implementation and effectiveness + +#### 8.2.5 Monitoring and Measurement of Processes +- Apply suitable methods for monitoring and measurement of QMS processes +- Demonstrate ability to achieve planned results +- Implement corrections and corrective actions when planned results not achieved +- Maintain records + +#### 8.2.6 Monitoring and Measurement of Product +- Monitor and measure product characteristics to verify conformity +- Conduct at appropriate stages per planned arrangements +- Maintain records showing conformity to acceptance criteria +- Record authority responsible for release +- Ensure product release and delivery not proceed until planned arrangements completed +- Allow release by relevant authority and customer when applicable + +### 8.3 Control of Nonconforming Product + +#### 8.3.1 General +- Ensure nonconforming product is identified and controlled +- Establish documented procedures for: + - Identification, documentation, evaluation, segregation, and disposition + - Notification to external parties + - Review of nonconforming product +- Maintain records of nonconformities and subsequent actions including concessions + +#### 8.3.2 Actions in Response to Nonconforming Product Detected Before Delivery +Deal with nonconforming product by: +- Taking action to eliminate detected nonconformity +- Authorizing use, release, or acceptance under concession per applicable regulatory requirements +- Taking action to preclude original intended use or application +- Taking action appropriate to effects of nonconformity when detected after delivery or use + +Maintain records of concessions and identify authority making concession. + +#### 8.3.3 Actions in Response to Nonconforming Product Detected After Delivery +When nonconforming product detected after delivery or use: +- Take action appropriate to effects of nonconformity +- Establish documented procedure including notification requirements to regulatory authorities +- Maintain records + +#### 8.3.4 Rework +Establish documented procedures for rework including: +- Requirements to evaluate potential effects on medical device +- Approval before implementation +- Records of results and actions including nonconformities and rework +- Re-verification after rework +- Documentation of rework procedure before rework begins + +### 8.4 Analysis of Data +- Determine, collect, and analyze appropriate data from monitoring and measurement +- Evaluate where continual improvement of QMS effectiveness can be made +- Establish documented procedures for: + - Analysis of data to provide information on customer satisfaction + - Analysis of conformity to product requirements + - Analysis of characteristics and trends of processes and products including preventive action opportunities + - Analysis of suppliers + - Analysis of other relevant data including feedback and output from risk management +- Include use of statistical techniques if necessary +- Maintain records of analysis results + +### 8.5 Improvement + +#### 8.5.1 General +- Identify and implement changes to ensure and maintain QMS effectiveness +- Include use of quality policy, objectives, audit results, data analysis, corrective and preventive actions, and management review + +#### 8.5.2 Corrective Action +- Establish documented procedures to: + - Review nonconformities including complaints + - Determine causes of nonconformities + - Evaluate need for actions to ensure nonconformities do not recur + - Plan and document actions needed and implement + - Document results of actions taken + - Review effectiveness of corrective actions taken +- Maintain records including investigation results and follow-up + +#### 8.5.3 Preventive Action +- Establish documented procedures to: + - Determine potential nonconformities and their causes + - Evaluate need for action to prevent occurrence + - Plan and document actions needed and implement + - Document results of actions taken + - Review effectiveness of preventive actions taken +- Use appropriate sources of information including: + - Work processes and operations affecting product quality + - Concessions + - Analysis of data and risk management outputs + - Medical device performance data + - Records of nonconformities +- Maintain records including investigation results and follow-up + +## Key Regulatory Updates + +### FDA QMSR Harmonization (Effective February 2, 2026) +- FDA 21 CFR Part 820 has been harmonized with ISO 13485:2016 +- Renamed to QMSR (Quality Management System Regulation) +- Medical Device File (MDF) replaces separate DHF, DMR, and DHR +- Organizations should prepare for transition to unified documentation approach + +## References and Resources + +This requirements breakdown is based on ISO 13485:2016, which was last reviewed and confirmed in 2025. + +For additional guidance, refer to: +- ISO 13485:2016 standard document +- FDA Quality Management System Regulation (QMSR) +- Applicable regional regulatory requirements (EU MDR, Health Canada, etc.) diff --git a/scientific-skills/iso-13485-certification/references/mandatory-documents.md b/scientific-skills/iso-13485-certification/references/mandatory-documents.md new file mode 100644 index 0000000..1efa5ea --- /dev/null +++ b/scientific-skills/iso-13485-certification/references/mandatory-documents.md @@ -0,0 +1,606 @@ +# ISO 13485:2016 Mandatory Documents and Records + +This document provides a complete list of all mandatory documents and records required by ISO 13485:2016 for medical device Quality Management Systems. + +## Overview + +ISO 13485:2016 requires organizations to establish and maintain **31 documented procedures** along with a **Quality Manual** and **Medical Device Files**. Additionally, numerous **records** must be maintained to provide evidence of conformity. + +**Important Notes:** +- The 31 documented procedures do not need to be 31 separate documents +- Multiple procedures can be combined into one document +- One procedure can be split across multiple documents +- Not all procedures may be applicable to every organization (exclusions must be justified) +- Additional documentation may be required by applicable regulatory requirements + +## 1. Quality Manual (Required by 4.2.2) + +**Description:** Foundational QMS document + +**Must Include:** +- Scope of QMS with justified exclusions +- Documented procedures or references to them +- Description of interaction between QMS processes +- Structure of documentation used in QMS + +**Applicable To:** All organizations + +--- + +## 2. Medical Device File (Required by 4.2.3) + +**Description:** File for each medical device type or family + +**Must Include:** +- General description and intended use +- Label and instructions for use specifications +- Product and/or manufacturing specifications +- Procedures for purchasing, manufacturing, servicing +- Measuring and monitoring procedures +- Installation requirements (if applicable) +- Risk management file(s) +- Verification and validation information +- Design and development file(s) when applicable + +**Applicable To:** All organizations for each device type/family + +--- + +## 3. The 31 Documented Procedures + +### Clause 4: Quality Management System + +#### 1. Risk Management Procedures (4.1.5) +**Description:** Requirements for risk management throughout product realization +**Must Address:** +- Risk management methodology +- Risk analysis and evaluation +- Risk control measures +- Risk acceptability criteria +- Risk management review +**Referenced Standard:** ISO 14971 + +#### 2. Software Validation Procedure (4.1.6) +**Description:** Validation of computer software applications used in QMS +**Must Address:** +- Risk assessment of software +- Validation approach and activities +- Acceptance criteria +- User responsibilities +- Validation before initial use and after changes +- Revalidation criteria + +#### 3. Control of Documents Procedure (4.2.4) +**Description:** Control of all QMS documents +**Must Address:** +- Document approval before issue +- Document review and update +- Identification of changes and revision status +- Availability of relevant document versions +- Document legibility and identification +- Control of external documents +- Prevention of obsolete document use +- Identification of retained obsolete documents + +#### 4. Control of Records Procedure (4.2.5) +**Description:** Control of all QMS records +**Must Address:** +- Record identification +- Storage and security +- Integrity protection +- Retrieval procedures +- Retention time determination +- Record disposition +- Legibility requirements +- Change identification + +### Clause 5: Management Responsibility + +#### 5. Management Review Procedure (5.6.1) +**Description:** Systematic review of QMS by top management +**Must Address:** +- Review frequency (at least annually) +- Review agenda and inputs +- Review outputs and actions +- Attendee requirements +- Record-keeping requirements + +#### 6. Internal Communication Procedure (5.5.3) +**Description:** Communication regarding QMS effectiveness +**Must Address:** +- Communication channels +- Communication frequency +- Responsible parties +- Topics to be communicated +- Documentation of communications + +### Clause 6: Resource Management + +#### 7. Human Resources/Competence Procedure (6.2) +**Description:** Ensuring personnel competence +**Must Address:** +- Competence requirements determination +- Training needs identification +- Training provision and evaluation +- Education, training, skills, and experience requirements +- Competence records maintenance +- Awareness of personnel contributions + +#### 8. Infrastructure Maintenance Procedure (6.3) +**Description:** Maintenance of facilities and equipment (when affecting quality) +**Must Address:** +- Maintenance activities definition +- Maintenance scheduling +- Maintenance records +- Impact on product quality +- Verification after maintenance + +#### 9. Contamination Control Procedure (6.4.2) +**Description:** Control of contaminated or potentially contaminated product (when applicable) +**Must Address:** +- Contamination identification +- Contaminated product handling +- Segregation requirements +- Decontamination procedures +- Special arrangements for control + +### Clause 7: Product Realization + +#### 10. Customer Communication Procedure (7.2.3) +**Description:** Communication with customers +**Must Address:** +- Product information provision +- Inquiry, contract, order handling +- Customer feedback including complaints +- Advisory notices +- Communication channels and responsibilities + +#### 11. Design and Development Procedures (7.3.1 - 7.3.10) +**Description:** Control of design and development process +**Must Address:** +- Design and development planning +- Input determination and review +- Output provision and approval +- Design reviews at suitable stages +- Verification against inputs +- Validation for intended use +- Transfer to manufacturing +- Change control +- Design file maintenance + +#### 12. Purchasing Procedures (7.4.1) +**Description:** Control of purchasing process +**Must Address:** +- Supplier evaluation and selection criteria +- Supplier monitoring and re-evaluation +- Supplier performance tracking +- Purchasing controls +- Supplier notification of changes +- Communication to sub-tier suppliers + +#### 13. Verification of Purchased Product Procedure (7.4.3) +**Description:** Verification that purchased product meets requirements +**Must Address:** +- Verification activities +- Extent of verification +- Method of product release +- Verification at supplier's premises (if applicable) +- Customer verification arrangements (if applicable) + +#### 14. Production and Service Provision Control Procedures (7.5.1) +**Description:** Control of production and service activities +**Must Address:** +- Work instructions and documented procedures +- Use of suitable equipment +- Monitoring and measuring activities +- Release, delivery, and post-delivery activities +- Labelling and packaging operations +- Servicing procedures (if applicable) + +#### 15. Product Cleanliness Procedures (7.5.2) +**Description:** Control of product cleanliness (when applicable) +**Must Address:** +- Cleaning requirements and specifications +- Cleaning before sterilization +- Uncleanable product handling +- Hygiene requirements in manufacturing +- Cleaning verification + +#### 16. Installation and Verification Procedures (7.5.3) +**Description:** Installation activities (when applicable) +**Must Address:** +- Installation requirements +- Installation instructions +- Verification of installation +- Installation records +- Responsible parties + +#### 17. Servicing Procedures (7.5.4) +**Description:** Servicing activities (when applicable) +**Must Address:** +- Servicing requirements +- Reference materials and measurements +- Feedback analysis from servicing +- Servicing records +- Servicing notification to regulatory authorities + +#### 18. Process Validation Procedure (7.5.6) +**Description:** Validation of processes where output cannot be verified +**Must Address:** +- Process validation for manufacturing +- Computer software validation for production +- Sterilization process validation +- Aseptic processing validation +- Clean room validation (if applicable) +- Criteria for review and approval +- Equipment approval and personnel qualification +- Revalidation criteria and triggers + +#### 19. Sterilization and Sterile Barrier System Validation (7.5.7) +**Description:** Validation of sterilization processes (when applicable) +**Must Address:** +- Sterilization method validation +- Sterile barrier system validation +- Process parameters for each batch +- Validation of changes to sterilization +- Maintenance of validation records + +#### 20. Product Identification and Traceability Procedures (7.5.8, 7.5.9) +**Description:** Identification and traceability throughout realization +**Must Address:** +- Identification methods throughout realization +- Traceability extent definition +- Distribution and location tracking +- Consignee identification +- Quantity shipped identification +- Retention period requirements +- Applicable regulatory traceability requirements + +#### 21. Customer Property Procedure (7.5.10) +**Description:** Control of customer-provided property +**Must Address:** +- Customer property identification +- Verification of customer property +- Protection and safeguarding +- Loss, damage, or unsuitability reporting +- Records of customer property + +#### 22. Preservation of Product Procedure (7.5.11) +**Description:** Product preservation during processing and delivery +**Must Address:** +- Identification requirements +- Handling requirements +- Packaging requirements +- Storage requirements +- Protection requirements +- Special handling (if applicable) +- Application to constituent parts + +#### 23. Control of Monitoring and Measuring Equipment Procedure (7.6) +**Description:** Calibration and control of measuring equipment +**Must Address:** +- Equipment identification +- Calibration or verification intervals +- Calibration methods and standards +- Adjustment procedures +- Identification of calibration status +- Protection from invalid adjustments +- Protection from damage +- Assessment when found non-conforming +- Computer software confirmation + +### Clause 8: Measurement, Analysis and Improvement + +#### 24. Feedback Procedure (8.2.1) +**Description:** Post-production information system +**Must Address:** +- Early warning system for quality issues +- Post-production information collection +- Complaint handling linkage +- Reporting to regulatory authorities +- Input to risk management +- Input to corrective and preventive action +- Feedback sources and channels + +#### 25. Complaint Handling Procedure (8.2.2) +**Description:** Timely handling of complaints +**Must Address:** +- Complaint receipt and recording +- Complaint evaluation and investigation +- Determination of need for reporting to authorities +- Determination of need for advisory notices +- Information to customer about actions taken +- Transfer of complaint information not directly handled +- Complaint trending and analysis + +#### 26. Reporting to Regulatory Authorities Procedure (8.2.3) +**Description:** Notification to regulatory authorities +**Must Address:** +- Determination of reportable events +- Notification timeframes +- Notification content requirements +- Advisory notice requirements +- Applicable regulatory requirements by region +- Responsible parties for reporting + +#### 27. Internal Audit Procedure (8.2.4) +**Description:** Conduct of internal audits +**Must Address:** +- Audit program planning +- Audit criteria, scope, frequency, methods +- Auditor selection and impartiality +- Audit responsibilities and requirements +- Audit reporting +- Records of audits +- Follow-up activities + +#### 28. Process Monitoring and Measurement Procedures (8.2.5) +**Description:** Monitoring and measurement of QMS processes +**Must Address:** +- Process monitoring methods +- Process measurement methods +- Demonstration of achieving planned results +- Implementation of corrections when needed +- Corrective actions when processes fail + +#### 29. Product Monitoring and Measurement Procedures (8.2.6) +**Description:** Monitoring and measurement of product +**Must Address:** +- Product acceptance criteria +- Measurement at appropriate stages +- Release authority identification +- Release procedures +- Records of conformity to criteria +- Traceability to measuring authority + +#### 30. Control of Nonconforming Product Procedure (8.3) +**Description:** Identification and control of nonconforming product +**Must Address:** +- Identification of nonconformity +- Documentation requirements +- Evaluation of nonconformity +- Segregation of nonconforming product +- Disposition of nonconforming product +- Notification to external parties +- Concession process (if applicable) +- Rework procedures +- Actions for nonconformity detected before delivery +- Actions for nonconformity detected after delivery +- Reporting requirements + +#### 31A. Corrective Action Procedure (8.5.2) +**Description:** Elimination of causes of nonconformities +**Must Address:** +- Review of nonconformities including complaints +- Cause determination methodology +- Evaluation of need for action +- Planning and documentation of actions +- Implementation of actions +- Effectiveness review of actions +- Records of investigation and follow-up + +#### 31B. Preventive Action Procedure (8.5.3) +**Description:** Elimination of causes of potential nonconformities +**Must Address:** +- Determination of potential nonconformities +- Evaluation of need for action +- Planning and documentation of actions +- Implementation of actions +- Effectiveness review of actions +- Sources of information for preventive action +- Records of investigation and follow-up + +--- + +## Additional Required Documentation + +### Analysis of Data Procedure (8.4) +While not explicitly called out as requiring a "documented procedure," organizations must establish processes for: +- Data determination, collection, and analysis +- Evaluation of continual improvement opportunities +- Statistical techniques (if applicable) +- Analysis of: + - Customer satisfaction + - Conformity to product requirements + - Process and product characteristics and trends + - Suppliers + - Other relevant data including feedback and risk management outputs + +--- + +## Required Records by Clause + +### Clause 4 Records +- Software validation records (4.1.6) +- Risk management records (4.1.5) +- All records specified in documented procedures and work instructions +- All records required by applicable regulatory requirements + +### Clause 5 Records +- Management review records (5.6.1) +- Evidence of personnel competence (6.2) + +### Clause 6 Records +- Infrastructure maintenance records (6.3) +- Personnel training and competence records (6.2) + +### Clause 7 Records +- Product requirements review and follow-up actions (7.2.2) +- Design and development files (7.3.10) including: + - Design and development plans + - Design inputs + - Design outputs + - Design review records + - Design verification records + - Design validation records + - Design change records + - Risk management file +- Design and development transfer records (7.3.8) +- Supplier evaluation, selection, and monitoring (7.4.1) +- Verification of purchased product (7.4.3) +- Cleanliness of product records (7.5.2) +- Installation and verification records (7.5.3) +- Servicing activity records (7.5.4) +- Sterilization process parameter records for each batch (7.5.5, 7.5.7) +- Process validation records (7.5.6) +- Product identification and traceability records (7.5.8, 7.5.9) + - Including distribution records with consignee name/address and quantity (7.5.9.2) +- Customer property records (7.5.10) +- Calibration and verification records (7.6) + +### Clause 8 Records +- Post-production feedback and complaints (8.2.1, 8.2.2) +- Complaint investigations (8.2.2) +- Regulatory authority reporting (8.2.3) +- Internal audit records (8.2.4) +- Process monitoring and measurement results (8.2.5) +- Product monitoring and measurement records (8.2.6) +- Product release authority (8.2.6) +- Nonconforming product records (8.3.1) +- Concession records and authority (8.3.2) +- Nonconforming product actions after delivery (8.3.3) +- Rework procedures and results (8.3.4) +- Data analysis results (8.4) +- Corrective action records including investigation and follow-up (8.5.2) +- Preventive action records including investigation and follow-up (8.5.3) + +--- + +## Documentation Matrix + +| Clause | Document Type | Document Name | Mandatory? | Records Required? | +|--------|--------------|---------------|------------|-------------------| +| 4.2.2 | Manual | Quality Manual | Yes | No | +| 4.2.3 | File | Medical Device File | Yes (per device) | Yes | +| 4.1.5 | Procedure | Risk Management | Yes | Yes | +| 4.1.6 | Procedure | Software Validation | Yes | Yes | +| 4.2.4 | Procedure | Control of Documents | Yes | No | +| 4.2.5 | Procedure | Control of Records | Yes | No | +| 5.5.3 | Procedure | Internal Communication | Yes | No | +| 5.6.1 | Procedure | Management Review | Yes | Yes | +| 6.2 | Procedure | Competence/Training | Yes | Yes | +| 6.3 | Procedure | Infrastructure Maintenance | When applicable | Yes | +| 6.4.2 | Procedure | Contamination Control | When applicable | Yes | +| 7.2.3 | Procedure | Customer Communication | Yes | Yes | +| 7.3.1-10 | Procedures | Design and Development | When applicable | Yes | +| 7.4.1 | Procedure | Purchasing | Yes | Yes | +| 7.4.3 | Procedure | Verification of Purchased Product | Yes | Yes | +| 7.5.1 | Procedures | Production Control | Yes | Yes | +| 7.5.2 | Procedure | Product Cleanliness | When applicable | Yes | +| 7.5.3 | Procedure | Installation | When applicable | Yes | +| 7.5.4 | Procedure | Servicing | When applicable | Yes | +| 7.5.6 | Procedure | Process Validation | When applicable | Yes | +| 7.5.7 | Procedure | Sterilization Validation | When applicable | Yes | +| 7.5.8 | Procedure | Product Identification | Yes | Yes | +| 7.5.9 | Procedure | Traceability | Yes | Yes | +| 7.5.10 | Procedure | Customer Property | When applicable | Yes | +| 7.5.11 | Procedure | Preservation of Product | Yes | Yes | +| 7.6 | Procedure | Control of M&M Equipment | Yes | Yes | +| 8.2.1 | Procedure | Feedback | Yes | Yes | +| 8.2.2 | Procedure | Complaint Handling | Yes | Yes | +| 8.2.3 | Procedure | Regulatory Reporting | Yes | Yes | +| 8.2.4 | Procedure | Internal Audit | Yes | Yes | +| 8.2.5 | Procedure | Process Monitoring | Yes | Yes | +| 8.2.6 | Procedure | Product Monitoring | Yes | Yes | +| 8.3 | Procedure | Control of Nonconforming Product | Yes | Yes | +| 8.4 | Process | Analysis of Data | Yes | Yes | +| 8.5.2 | Procedure | Corrective Action | Yes | Yes | +| 8.5.3 | Procedure | Preventive Action | Yes | Yes | + +--- + +## Common Additional Documents (Not Required by ISO 13485 but Often Needed) + +While not explicitly required by ISO 13485, the following documents are commonly needed for effective QMS operation and regulatory compliance: + +### Work Instructions +- Manufacturing work instructions +- Testing work instructions +- Inspection work instructions +- Cleaning instructions +- Equipment operation instructions + +### Forms and Templates +- Training records forms +- Calibration forms +- Audit checklists +- Complaint forms +- CAPA forms +- Change request forms +- Document review forms +- Supplier evaluation forms + +### Additional Plans +- Quality plan +- Product realization plan +- Validation plans +- Clinical evaluation plans +- Post-market surveillance plans + +### Technical Documentation +- Product specifications +- Material specifications +- Test methods and protocols +- Packaging specifications +- Labeling artwork +- Instructions for use + +### Regulatory Documentation +- Technical files (EU MDR/IVDR) +- 510(k) submissions (FDA) +- Clinical evaluation reports +- Post-market surveillance reports +- Periodic safety update reports + +--- + +## Tips for Document Management + +### Combining Procedures +Multiple procedures can be combined into single documents, such as: +- "Corrective and Preventive Action (CAPA) Procedure" (combines 8.5.2 and 8.5.3) +- "Document and Record Control Procedure" (combines 4.2.4 and 4.2.5) +- "Monitoring and Measurement Procedure" (combines 8.2.5 and 8.2.6) +- "Product Identification and Traceability Procedure" (combines 7.5.8 and 7.5.9) + +### Determining Applicability +Not all procedures apply to all organizations. Common exclusions include: +- Design and development (when only manufacturing per customer specifications) +- Installation (when product doesn't require installation) +- Servicing (when not offered) +- Sterilization (when product is non-sterile) +- Contamination control (when not applicable to product type) + +All exclusions must be justified in the Quality Manual. + +### Regulatory Requirements +Remember that applicable regulatory requirements may mandate additional documentation beyond ISO 13485, including: +- FDA regulations (21 CFR Part 820 / QMSR) +- EU MDR/IVDR requirements +- Health Canada requirements +- Other regional regulatory requirements + +--- + +## Record Retention + +Per ISO 13485:2016 (4.2.5), records must be retained for: +- **Minimum:** The lifetime of the medical device as defined by the organization +- **Additional:** Not less than the retention period of any resulting record +- **Regulatory:** As specified by applicable regulatory requirements + +Organizations must define the "lifetime" of their medical devices and establish retention times that meet or exceed: +- ISO 13485 minimum requirements +- Applicable regulatory requirements (often 5-10 years minimum) +- Any customer contractual requirements + +--- + +## Transition to Medical Device File (MDF) + +With FDA QMSR harmonization (effective February 2, 2026), organizations should prepare for transitioning from separate files to a unified Medical Device File (MDF) that replaces: +- **DHF** (Design History File) +- **DMR** (Device Master Record) +- **DHR** (Device History Record) + +The MDF approach aligns with ISO 13485:2016 requirements and provides a more unified documentation structure. diff --git a/scientific-skills/iso-13485-certification/references/quality-manual-guide.md b/scientific-skills/iso-13485-certification/references/quality-manual-guide.md new file mode 100644 index 0000000..16452e0 --- /dev/null +++ b/scientific-skills/iso-13485-certification/references/quality-manual-guide.md @@ -0,0 +1,688 @@ +# Quality Manual Development Guide + +This guide provides comprehensive instructions for creating an ISO 13485:2016 compliant Quality Manual. + +## Purpose of the Quality Manual + +The Quality Manual is the foundational policy-level document of your Quality Management System (QMS). It: + +1. **Defines the scope** of your QMS +2. **Documents or references** all QMS procedures +3. **Describes the interaction** between QMS processes +4. **Outlines the structure** of QMS documentation +5. **Demonstrates management commitment** to quality and regulatory compliance +6. **Serves as a guide** for employees and auditors + +The Quality Manual is typically 20-50 pages and remains relatively stable over time, while procedures and work instructions may change more frequently. + +--- + +## Required Content per ISO 13485:2016 (Clause 4.2.2) + +The Quality Manual must include: + +### a) Scope of the QMS +- Define which parts of the organization are covered +- Identify exclusions with justification +- Specify product types covered +- Define applicable regulatory requirements + +### b) Documented Procedures or References +- List all 31 documented procedures (or reference where they can be found) +- Provide document numbers/titles for easy reference + +### c) Description of Process Interactions +- Show how QMS processes interact and sequence +- May include process maps or flowcharts +- Explain dependencies between processes + +### d) Structure of Documentation +- Describe the documentation hierarchy +- Explain document numbering and control systems +- Define document types (procedures, work instructions, forms, records) + +--- + +## Quality Manual Structure + +### Recommended Table of Contents + +#### Section 0: Document Control +- Document identification +- Revision history +- Approval signatures +- Distribution list + +#### Section 1: Introduction +- 1.1 Company Overview +- 1.2 Purpose of the Quality Manual +- 1.3 Document Control and Revisions +- 1.4 Definitions and Abbreviations + +#### Section 2: Scope and Exclusions (ISO 13485 Clause 4.2.2.a) +- 2.1 Scope of QMS +- 2.2 Products Covered +- 2.3 Applicable Regulatory Requirements +- 2.4 Exclusions and Justifications + +#### Section 3: Quality Policy and Objectives (ISO 13485 Clauses 5.3, 5.4) +- 3.1 Quality Policy Statement +- 3.2 Quality Objectives +- 3.3 Communication of Policy and Objectives + +#### Section 4: Quality Management System (ISO 13485 Clause 4) +- 4.1 General Requirements + - 4.1.1 Processes and Their Application + - 4.1.2 Process Interactions (with process map) + - 4.1.3 Outsourced Processes + - 4.1.4 Risk Management + - 4.1.5 Software Validation +- 4.2 Documentation Requirements + - 4.2.1 General + - 4.2.2 Quality Manual (this document) + - 4.2.3 Medical Device File + - 4.2.4 Control of Documents + - 4.2.5 Control of Records +- 4.3 Documentation Structure (ISO 13485 Clause 4.2.2.d) + +#### Section 5: Management Responsibility (ISO 13485 Clause 5) +- 5.1 Management Commitment +- 5.2 Customer Focus +- 5.3 Quality Policy (reference to Section 3) +- 5.4 Planning +- 5.5 Responsibility, Authority and Communication + - 5.5.1 Organization Structure and Responsibilities + - 5.5.2 Management Representative + - 5.5.3 Internal Communication +- 5.6 Management Review + +#### Section 6: Resource Management (ISO 13485 Clause 6) +- 6.1 Provision of Resources +- 6.2 Human Resources +- 6.3 Infrastructure +- 6.4 Work Environment and Contamination Control + +#### Section 7: Product Realization (ISO 13485 Clause 7) +- 7.1 Planning of Product Realization +- 7.2 Customer-Related Processes +- 7.3 Design and Development +- 7.4 Purchasing +- 7.5 Production and Service Provision +- 7.6 Control of Monitoring and Measuring Equipment + +#### Section 8: Measurement, Analysis and Improvement (ISO 13485 Clause 8) +- 8.1 General +- 8.2 Monitoring and Measurement + - 8.2.1 Feedback + - 8.2.2 Complaint Handling + - 8.2.3 Reporting to Regulatory Authorities + - 8.2.4 Internal Audit + - 8.2.5 Monitoring and Measurement of Processes + - 8.2.6 Monitoring and Measurement of Product +- 8.3 Control of Nonconforming Product +- 8.4 Analysis of Data +- 8.5 Improvement + - 8.5.1 General + - 8.5.2 Corrective Action + - 8.5.3 Preventive Action + +#### Section 9: Appendices +- Appendix A: List of Documented Procedures (ISO 13485 Clause 4.2.2.b) +- Appendix B: Organization Chart +- Appendix C: Process Map/Interactions (ISO 13485 Clause 4.2.2.c) +- Appendix D: Definitions and Abbreviations +- Appendix E: Applicable Regulatory Requirements + +--- + +## Writing Guidelines + +### Level of Detail + +The Quality Manual should be at a **policy level**, not operational level: + +**DO:** +- State WHAT the organization does +- State WHY policies exist +- Reference WHO is responsible +- Reference WHERE to find detailed procedures + +**DON'T:** +- Provide step-by-step HOW-TO instructions (that's for procedures) +- Include forms or templates (that's for procedures and work instructions) +- Provide excessive technical detail + +### Example - Correct Level of Detail: + +**Good (Policy Level):** +> "The organization has established a documented procedure for the control of nonconforming product. This procedure ensures that nonconforming product is identified, segregated, and dispositioned appropriately. The Quality Manager is responsible for reviewing all nonconformances and determining appropriate corrective actions. Refer to SOP-8.3-01 Control of Nonconforming Product." + +**Too Detailed (Operational Level - Don't do this):** +> "When a nonconforming product is identified, the inspector fills out Form NCR-001 and places a red tag on the product. The product is moved to the quarantine area in Building B, Row 5. The Quality Manager reviews the NCR within 24 hours and checks one of three boxes: Rework, Scrap, or Use As-Is. If rework is selected, the inspector..." + +### Language and Style + +- Use present tense and active voice +- Be clear and concise +- Avoid jargon where possible +- Define technical terms in the definitions section +- Use consistent terminology throughout +- Number all sections and subsections + +### Cross-Referencing + +- Reference specific procedures by number and title +- Reference specific clause numbers from ISO 13485 +- Use consistent format: "Refer to SOP-XXX [Title]" +- Ensure all referenced documents exist + +--- + +## Section-by-Section Guidance + +### Section 0: Document Control + +**Purpose:** Control and identification of the manual itself + +**Content:** +- Document number and title +- Revision number and date +- Page numbers (Page X of Y) +- Approval signatures (typically top management) +- Distribution list (who has controlled copies) +- Revision history table + +**Example Revision History Table:** + +| Revision | Date | Description of Changes | Approved By | +|----------|------|------------------------|-------------| +| 00 | YYYY-MM-DD | Initial release | [Name] | +| 01 | YYYY-MM-DD | Updated Section 7.3 for new design process | [Name] | + +### Section 1: Introduction + +#### 1.1 Company Overview +- Company name and legal entity +- Business address(es) +- Type of business (manufacturer, contract manufacturer, etc.) +- History and background (brief) +- Mission statement (optional) + +#### 1.2 Purpose of the Quality Manual +Explain that this manual: +- Describes the QMS established per ISO 13485:2016 +- Demonstrates compliance with applicable regulatory requirements +- Serves as primary reference for QMS + +#### 1.3 Document Control and Revisions +- How the manual is controlled +- Who approves changes +- How often it's reviewed +- Reference to document control procedure + +#### 1.4 Definitions and Abbreviations +List key terms used in the manual: +- QMS: Quality Management System +- CAPA: Corrective and Preventive Action +- DHF: Design History File +- MDF: Medical Device File +- SOP: Standard Operating Procedure +- WI: Work Instruction +- etc. + +### Section 2: Scope and Exclusions + +#### 2.1 Scope of QMS + +**Must Include:** +- Organizational units covered +- Physical locations covered +- Activities covered (design, manufacturing, distribution, servicing, etc.) +- Product types covered + +**Example:** +> "This Quality Management System applies to [Company Name] and covers all activities related to the design, development, production, installation, and servicing of [product type] medical devices at our facility located at [address]. The QMS applies to all employees, contractors, and temporary staff performing work that affects product quality and regulatory compliance." + +#### 2.2 Products Covered + +List product categories or families covered: +- Class I, II, or III medical devices +- Product names or families +- Intended use categories + +**Example:** +> "This QMS covers the following medical device product families: +> - Surgical instruments (Class I) +> - Patient monitoring systems (Class II) +> - Implantable cardiac devices (Class III)" + +#### 2.3 Applicable Regulatory Requirements + +List all applicable regulations: +- ISO 13485:2016 +- FDA 21 CFR Part 820 (QMSR) +- EU MDR 2017/745 +- Health Canada Medical Devices Regulations +- [Other applicable requirements] + +#### 2.4 Exclusions and Justifications + +**Common Exclusions:** + +**Design and Development (Clause 7.3):** +If you only manufacture per customer specifications without your own design: +> "Clause 7.3 Design and Development is excluded from the scope of this QMS. [Company Name] operates as a contract manufacturer and produces medical devices according to complete design specifications provided by customers. All design activities are performed by the customer and [Company Name] has no responsibility for design inputs, outputs, verification, validation, or design changes." + +**Installation (Clause 7.5.3):** +If product requires no installation: +> "Clause 7.5.3 Installation Activities is excluded. The medical devices manufactured by [Company Name] are supplied ready for use and do not require installation activities at the customer site." + +**Servicing (Clause 7.5.4):** +If servicing is not offered: +> "Clause 7.5.4 Servicing Activities is excluded. [Company Name] does not provide servicing of medical devices after delivery to the customer. Products are intended for single use [or] servicing is performed by authorized service partners under separate contractual arrangements." + +**Important:** All exclusions must be justified based on the nature of the organization and products. Exclusions must not affect the organization's ability or responsibility to provide safe and effective medical devices that meet regulatory requirements. + +### Section 3: Quality Policy and Objectives + +#### 3.1 Quality Policy Statement + +**Requirements:** +- Appropriate to the organization +- Includes commitment to meeting requirements +- Includes commitment to maintaining QMS effectiveness +- Provides framework for quality objectives +- Signed by top management + +**Example:** +> **QUALITY POLICY** +> +> [Company Name] is committed to providing safe, effective, and high-quality medical devices that meet or exceed customer expectations and comply with all applicable regulatory requirements. +> +> We achieve this through: +> - Maintaining an effective Quality Management System compliant with ISO 13485 and applicable regulatory requirements +> - Establishing, monitoring, and achieving measurable quality objectives +> - Continually improving our processes, products, and QMS effectiveness +> - Ensuring all personnel understand their responsibilities and are properly trained +> - Managing risks throughout the product lifecycle +> - Promptly addressing customer feedback and complaints +> +> This policy is communicated to all employees and reviewed annually to ensure continuing suitability. +> +> [Signature] +> [Name], Chief Executive Officer +> [Date] + +#### 3.2 Quality Objectives + +List measurable objectives that support the policy: +- Customer satisfaction targets +- Product quality metrics +- Process performance goals +- Delivery performance +- Training completion rates +- CAPA closure rates + +**Example:** +> The organization has established the following measurable quality objectives: +> 1. Customer satisfaction rating ≥ 4.5 out of 5.0 +> 2. Product defect rate < 0.5% of units shipped +> 3. On-time delivery ≥ 95% +> 4. CAPA closed within 60 days ≥ 90% +> 5. Employee training completion rate ≥ 100% on schedule +> 6. Internal audit findings addressed within 30 days ≥ 95% +> +> Quality objectives are reviewed quarterly and revised as necessary to drive continual improvement. + +#### 3.3 Communication + +Explain how policy and objectives are communicated: +- Employee orientation and training +- Posted in facility +- Included in employee handbook +- Management review meetings +- Quality meetings + +### Section 4: Quality Management System + +This section describes how you've implemented ISO 13485 Clause 4 requirements. + +#### 4.1.1 Processes and Their Application + +List QMS processes: +- Management processes (planning, review, communication) +- Product realization processes (design, purchasing, production, etc.) +- Support processes (HR, maintenance, document control, etc.) +- Monitoring and measurement processes (audits, inspections, CAPA, etc.) + +Reference the process map in Appendix C. + +#### 4.1.2 Process Interactions + +Describe how processes interact: +> "The QMS processes are interconnected and sequential. Management review provides direction for all processes. Product realization processes transform customer requirements into delivered products. Support processes enable product realization. Monitoring processes provide feedback for continual improvement. A detailed process map showing interactions is provided in Appendix C." + +#### 4.1.3 Outsourced Processes + +If applicable, list outsourced processes and how they're controlled: +- Sterilization (controlled through supplier qualification and ongoing monitoring) +- Calibration services (controlled through qualified service providers) +- Software development (controlled through development agreements and audits) + +#### 4.1.4 Risk Management + +Describe risk management approach: +> "The organization has established documented requirements for risk management throughout product realization in accordance with ISO 14971. Risk management activities are integrated into design and development, production, and post-market surveillance. Risk management records are maintained as part of the Medical Device File. Refer to SOP-4.1.5 Risk Management." + +#### 4.1.5 Software Validation + +Describe approach to software validation: +> "Computer software applications used in the QMS, including [list key software systems], are validated prior to initial use and after changes. Validation activities are based on risk assessment and include installation qualification, operational qualification, and performance qualification as appropriate. Refer to SOP-4.1.6 Software Validation." + +#### 4.2 Documentation Requirements + +Describe the documentation structure (fulfill 4.2.2.d requirement): + +**Four-Tier Documentation Structure:** + +**Tier 1: Quality Manual** (This Document) +- Policy-level document +- Defines QMS scope and structure +- References all procedures + +**Tier 2: Procedures (SOPs)** +- Define WHAT must be done, WHO does it, WHEN +- Cover multi-functional activities +- Include the 31 required documented procedures + +**Tier 3: Work Instructions (WIs)** +- Define HOW to perform specific tasks +- Step-by-step instructions +- Department or process-specific + +**Tier 4: Records and Forms** +- Provide evidence of conformity +- Demonstrate effective QMS operation +- Maintained per retention requirements + +Include a visual diagram of the documentation hierarchy. + +#### 4.2.3 Medical Device File + +Describe MDF structure: +> "A Medical Device File (MDF) is established and maintained for each medical device type or family. The MDF contains all documentation specified in ISO 13485:2016 Clause 4.2.3, including general description, intended use, specifications, procedures, risk management file, and design and development files when applicable. MDF contents and control are defined in SOP-4.2.3 Medical Device File." + +#### 4.2.4 Control of Documents + +Summarize document control process: +> "All QMS documents are controlled per SOP-4.2.4 Control of Documents. This ensures documents are approved before use, reviewed and updated as necessary, properly identified with revision status, available at points of use, legible and identifiable, and protected from unintended use of obsolete versions." + +#### 4.2.5 Control of Records + +Summarize record control process: +> "QMS records provide evidence of conformity and effective operation. Records are controlled per SOP-4.2.5 Control of Records to ensure they remain legible, readily identifiable, retrievable, and protected. Records are retained for at least the lifetime of the medical device as defined by the organization, and in accordance with applicable regulatory requirements." + +### Sections 5-8: Management, Resources, Realization, Measurement + +For these sections, follow this pattern for each clause: + +1. **State the requirement** (what ISO 13485 requires) +2. **Describe how you meet it** (policy-level summary) +3. **Reference the detailed procedure(s)** +4. **Identify responsible parties** + +**Example for Clause 8.2.2 Complaint Handling:** + +> **8.2.2 Complaint Handling** +> +> The organization has established a documented procedure for timely complaint handling. All complaints are promptly received, recorded, evaluated, investigated, and appropriately resolved. Complaints are analyzed for trends and potential product quality or safety issues. Complaints that meet regulatory reporting criteria are reported to applicable regulatory authorities within required timeframes. +> +> The Quality Assurance Manager is responsible for complaint handling and ensuring compliance with regulatory requirements. +> +> Refer to SOP-8.2.2 Complaint Handling for detailed procedures. + +Repeat this pattern for all clauses 5.1 through 8.5.3. + +### Section 9: Appendices + +#### Appendix A: List of Documented Procedures + +Create a table listing all QMS procedures: + +| SOP Number | Title | ISO 13485 Clause | Approval Date | Revision | +|------------|-------|------------------|---------------|----------| +| SOP-4.1.5 | Risk Management | 4.1.5 | YYYY-MM-DD | 02 | +| SOP-4.1.6 | Software Validation | 4.1.6 | YYYY-MM-DD | 01 | +| SOP-4.2.4 | Control of Documents | 4.2.4 | YYYY-MM-DD | 03 | +| ... | ... | ... | ... | ... | + +Include all 31 required procedures plus any additional procedures. + +#### Appendix B: Organization Chart + +Include a current organization chart showing: +- Reporting relationships +- Key quality functions +- Management representative +- Design responsible (if applicable) + +#### Appendix C: Process Map/Interactions + +Include a visual process map showing: +- All QMS processes +- Process interactions and sequence +- Inputs and outputs +- Interfaces between processes + +This can be a flowchart, swim-lane diagram, or process interaction matrix. + +#### Appendix D: Definitions and Abbreviations + +Comprehensive list of terms and abbreviations used in the QMS. + +#### Appendix E: Applicable Regulatory Requirements + +Detailed list of all regulatory requirements applicable to your organization: +- FDA regulations and guidance documents +- EU regulations and harmonized standards +- Other regional requirements +- Recognized consensus standards (e.g., IEC 60601, ISO 14971, etc.) + +--- + +## Development Process + +### Step 1: Preparation +1. Gather reference materials (ISO 13485 standard, regulatory requirements) +2. Review existing quality documentation +3. Identify responsible personnel for each clause +4. Determine applicable exclusions + +### Step 2: Drafting +1. Use the recommended structure above +2. Start with Sections 0-3 (administrative and policy) +3. Draft Sections 4-8 using the pattern (requirement, implementation, reference, responsibility) +4. Complete appendices +5. Keep at policy level - don't get too detailed + +### Step 3: Review and Approval +1. Technical review by Quality Manager +2. Management review by top management +3. Legal review (if needed) +4. Address all comments +5. Final approval by CEO or authorized representative + +### Step 4: Implementation +1. Communicate to all employees +2. Provide training on Quality Manual +3. Make available at all locations +4. Establish controlled distribution + +### Step 5: Maintenance +1. Review annually (minimum) +2. Update when significant changes occur +3. Keep revision history +4. Ensure all distributed copies are current + +--- + +## Common Mistakes to Avoid + +### 1. Too Much Detail +**Problem:** Including step-by-step procedures in the manual +**Solution:** Keep at policy level, reference detailed procedures + +### 2. Copy-Paste from Standard +**Problem:** Copying text directly from ISO 13485 +**Solution:** Write in your own words describing YOUR QMS + +### 3. Inconsistent References +**Problem:** Referencing procedures that don't exist or have wrong numbers +**Solution:** Maintain a master list of procedures and verify all references + +### 4. Unjustified Exclusions +**Problem:** Excluding clauses without proper justification +**Solution:** Carefully justify all exclusions based on business activities + +### 5. No Process Map +**Problem:** Missing visual representation of process interactions +**Solution:** Create clear process map in Appendix C + +### 6. Generic Quality Policy +**Problem:** Quality policy that could apply to any company +**Solution:** Make policy specific to your organization and products + +### 7. Outdated Content +**Problem:** Manual doesn't reflect current operations +**Solution:** Review and update regularly + +### 8. Missing Signatures +**Problem:** No management approval signatures +**Solution:** Ensure top management signs the document control page and quality policy + +### 9. No Revision Control +**Problem:** Multiple versions in circulation +**Solution:** Implement proper document control per Section 4.2.4 + +### 10. Forgetting Appendix A +**Problem:** Not including complete list of documented procedures +**Solution:** Create comprehensive procedure list in Appendix A + +--- + +## Quality Manual Checklist + +Use this checklist to verify your Quality Manual is complete: + +### Required Content (ISO 13485 Clause 4.2.2) +- [ ] Scope of QMS defined +- [ ] Exclusions identified and justified +- [ ] Documented procedures listed or referenced +- [ ] Process interactions described +- [ ] Documentation structure outlined + +### Management Approval +- [ ] Approved by top management +- [ ] Approval signature and date included +- [ ] Document control information complete + +### Completeness +- [ ] All ISO 13485 clauses 4-8 addressed +- [ ] Quality policy included and signed +- [ ] Quality objectives defined and measurable +- [ ] Responsibilities assigned for each clause +- [ ] All procedures referenced by correct number/title + +### Appendices +- [ ] Appendix A: Complete list of procedures +- [ ] Appendix B: Organization chart +- [ ] Appendix C: Process map +- [ ] Appendix D: Definitions +- [ ] Appendix E: Regulatory requirements + +### Format and Style +- [ ] Numbered sections and subsections +- [ ] Consistent terminology +- [ ] Policy-level (not operational detail) +- [ ] Clear and understandable +- [ ] Professional appearance + +### References +- [ ] All referenced procedures exist +- [ ] All procedure numbers/titles correct +- [ ] ISO 13485 clauses correctly cited +- [ ] Regulatory requirements accurately stated + +### Distribution and Access +- [ ] Distribution list established +- [ ] Controlled copy process defined +- [ ] Available to all relevant personnel +- [ ] Training plan for Quality Manual + +--- + +## Example Quality Policy Statements + +Choose a style appropriate for your organization: + +### Example 1: Detailed Commitment +> **QUALITY POLICY** +> +> At [Company Name], quality is our highest priority. We are committed to designing, manufacturing, and delivering medical devices that meet the highest standards of safety, performance, and reliability. +> +> Our commitments include: +> - Compliance with ISO 13485 and all applicable regulatory requirements +> - Understanding and meeting customer and patient needs +> - Establishing and achieving measurable quality objectives +> - Managing risks throughout the product lifecycle +> - Continually improving our processes and products +> - Maintaining competent and motivated personnel +> - Responding promptly and effectively to feedback and complaints +> - Fostering a culture of quality and accountability +> +> This policy applies to all employees, contractors, and suppliers. Every person in our organization is responsible for quality and for supporting our QMS. This policy is reviewed annually and communicated throughout the organization. +> +> [Signature Block] + +### Example 2: Concise Focus +> **QUALITY POLICY** +> +> [Company Name] is committed to providing safe and effective medical devices that meet customer expectations and regulatory requirements. We maintain a quality management system compliant with ISO 13485 and continually improve its effectiveness through measurable objectives and employee engagement. +> +> [Signature Block] + +### Example 3: Patient-Centered +> **QUALITY POLICY** +> +> Our mission is to improve patient outcomes through innovative, high-quality medical devices. We achieve this by: +> - Placing patient safety first in all decisions +> - Complying with ISO 13485 and regulatory requirements +> - Engaging employees in quality and continuous improvement +> - Partnering with customers to exceed expectations +> - Managing risks proactively throughout product lifecycle +> +> This policy is communicated to all personnel and reviewed for effectiveness. +> +> [Signature Block] + +--- + +## Next Steps After Manual Approval + +1. **Conduct training** - Train all employees on the Quality Manual +2. **Develop procedures** - Create or update the 31 documented procedures +3. **Create work instructions** - Develop operational-level instructions +4. **Implement processes** - Put QMS into practice +5. **Conduct internal audits** - Verify effective implementation +6. **Management review** - Review QMS effectiveness +7. **Prepare for certification** - Schedule certification audit when ready + +--- + +## Resources and References + +- ISO 13485:2016 - Medical devices — Quality management systems +- ISO 14971 - Application of risk management to medical devices +- FDA 21 CFR Part 820 - Quality System Regulation (QMSR) +- EU MDR 2017/745 - Medical Devices Regulation +- ISO/TR 14969 - Medical devices quality management systems - Guidance on ISO 13485 diff --git a/scientific-skills/iso-13485-certification/scripts/gap_analyzer.py b/scientific-skills/iso-13485-certification/scripts/gap_analyzer.py new file mode 100644 index 0000000..6913407 --- /dev/null +++ b/scientific-skills/iso-13485-certification/scripts/gap_analyzer.py @@ -0,0 +1,440 @@ +#!/usr/bin/env python3 +""" +ISO 13485 Gap Analysis Tool + +This script analyzes documentation provided by the user and identifies gaps +against ISO 13485:2016 requirements. + +Usage: + python gap_analyzer.py --docs-dir [--output ] +""" + +import os +import sys +import argparse +import json +from pathlib import Path +from typing import Dict, List, Set, Tuple +from datetime import datetime + + +# ISO 13485:2016 Required Documented Procedures +REQUIRED_PROCEDURES = { + "4.1.5": { + "title": "Risk Management", + "keywords": ["risk", "risk management", "iso 14971", "risk analysis", "risk control"], + "clause": "4.1.5" + }, + "4.1.6": { + "title": "Software Validation", + "keywords": ["software validation", "computer software", "software application", "validation"], + "clause": "4.1.6" + }, + "4.2.4": { + "title": "Control of Documents", + "keywords": ["document control", "document approval", "document revision", "obsolete document"], + "clause": "4.2.4" + }, + "4.2.5": { + "title": "Control of Records", + "keywords": ["record control", "retention", "record storage", "record retrieval"], + "clause": "4.2.5" + }, + "5.5.3": { + "title": "Internal Communication", + "keywords": ["internal communication", "communication process", "qms communication"], + "clause": "5.5.3" + }, + "5.6.1": { + "title": "Management Review", + "keywords": ["management review", "review meeting", "management meeting"], + "clause": "5.6.1" + }, + "6.2": { + "title": "Human Resources / Competence", + "keywords": ["competence", "training", "human resources", "personnel qualification"], + "clause": "6.2" + }, + "7.2.3": { + "title": "Customer Communication", + "keywords": ["customer communication", "customer feedback", "advisory notice"], + "clause": "7.2.3" + }, + "7.3": { + "title": "Design and Development", + "keywords": ["design", "development", "design input", "design output", "design verification", "design validation"], + "clause": "7.3" + }, + "7.4.1": { + "title": "Purchasing", + "keywords": ["purchasing", "supplier", "procurement", "vendor"], + "clause": "7.4.1" + }, + "7.4.3": { + "title": "Verification of Purchased Product", + "keywords": ["purchased product", "incoming inspection", "verification of purchased"], + "clause": "7.4.3" + }, + "7.5.1": { + "title": "Production and Service Provision", + "keywords": ["production", "manufacturing", "work instruction", "process control"], + "clause": "7.5.1" + }, + "7.5.6": { + "title": "Process Validation", + "keywords": ["process validation", "validation protocol", "validation report"], + "clause": "7.5.6" + }, + "7.5.8": { + "title": "Product Identification", + "keywords": ["product identification", "identification", "labeling", "marking"], + "clause": "7.5.8" + }, + "7.5.9": { + "title": "Traceability", + "keywords": ["traceability", "lot", "serial number", "batch"], + "clause": "7.5.9" + }, + "7.5.11": { + "title": "Preservation of Product", + "keywords": ["preservation", "storage", "packaging", "handling"], + "clause": "7.5.11" + }, + "7.6": { + "title": "Control of Monitoring and Measuring Equipment", + "keywords": ["calibration", "monitoring equipment", "measuring equipment", "measurement"], + "clause": "7.6" + }, + "8.2.1": { + "title": "Feedback", + "keywords": ["feedback", "post-production", "post-market", "early warning"], + "clause": "8.2.1" + }, + "8.2.2": { + "title": "Complaint Handling", + "keywords": ["complaint", "customer complaint", "complaint handling", "complaint investigation"], + "clause": "8.2.2" + }, + "8.2.3": { + "title": "Reporting to Regulatory Authorities", + "keywords": ["regulatory reporting", "adverse event", "mdr report", "reportable event"], + "clause": "8.2.3" + }, + "8.2.4": { + "title": "Internal Audit", + "keywords": ["internal audit", "audit program", "audit plan", "audit checklist"], + "clause": "8.2.4" + }, + "8.2.5": { + "title": "Monitoring and Measurement of Processes", + "keywords": ["process monitoring", "process measurement", "process metrics"], + "clause": "8.2.5" + }, + "8.2.6": { + "title": "Monitoring and Measurement of Product", + "keywords": ["product inspection", "product testing", "acceptance criteria", "release"], + "clause": "8.2.6" + }, + "8.3": { + "title": "Control of Nonconforming Product", + "keywords": ["nonconforming", "ncr", "nonconformance", "reject"], + "clause": "8.3" + }, + "8.5.2": { + "title": "Corrective Action", + "keywords": ["corrective action", "capa", "root cause"], + "clause": "8.5.2" + }, + "8.5.3": { + "title": "Preventive Action", + "keywords": ["preventive action", "capa", "prevention"], + "clause": "8.5.3" + } +} + +# Additional key documents (not procedures but required) +KEY_DOCUMENTS = { + "Quality Manual": ["quality manual", "qm-", "quality management system"], + "Medical Device File": ["medical device file", "mdf", "device master record", "dmr"], + "Quality Policy": ["quality policy"], + "Quality Objectives": ["quality objective"], +} + + +class GapAnalyzer: + """Analyzes documentation against ISO 13485 requirements.""" + + def __init__(self, docs_dir: str): + """Initialize analyzer with document directory.""" + self.docs_dir = Path(docs_dir) + self.found_procedures: Dict[str, List[str]] = {} + self.found_documents: Dict[str, List[str]] = {} + + def analyze(self) -> Dict: + """Run gap analysis on provided documentation.""" + print(f"Analyzing documents in: {self.docs_dir}") + + if not self.docs_dir.exists(): + print(f"ERROR: Directory not found: {self.docs_dir}") + return {} + + # Scan all documents + documents = self._scan_documents() + print(f"Found {len(documents)} documents to analyze") + + # Search for each required procedure + for clause_id, proc_info in REQUIRED_PROCEDURES.items(): + self._search_for_procedure(documents, clause_id, proc_info) + + # Search for key documents + for doc_name, keywords in KEY_DOCUMENTS.items(): + self._search_for_document(documents, doc_name, keywords) + + # Generate gap analysis report + report = self._generate_report() + + return report + + def _scan_documents(self) -> List[Tuple[Path, str]]: + """Scan directory for documents and read content.""" + documents = [] + + # Supported file extensions + extensions = ['.txt', '.md', '.doc', '.docx', '.pdf', '.odt'] + + for ext in extensions: + for file_path in self.docs_dir.rglob(f'*{ext}'): + try: + # Read file content (simple text reading) + if ext in ['.txt', '.md']: + with open(file_path, 'r', encoding='utf-8', errors='ignore') as f: + content = f.read().lower() + documents.append((file_path, content)) + else: + # For other formats, just note the filename + # (Full text extraction would require additional libraries) + filename = file_path.name.lower() + documents.append((file_path, filename)) + except Exception as e: + print(f"Warning: Could not read {file_path}: {e}") + + return documents + + def _search_for_procedure(self, documents: List[Tuple[Path, str]], + clause_id: str, proc_info: Dict): + """Search documents for a specific procedure.""" + title = proc_info['title'] + keywords = proc_info['keywords'] + + matches = [] + for file_path, content in documents: + # Check if any keyword appears in the document + if any(keyword in content for keyword in keywords): + matches.append(str(file_path.relative_to(self.docs_dir))) + + if matches: + self.found_procedures[clause_id] = matches + + def _search_for_document(self, documents: List[Tuple[Path, str]], + doc_name: str, keywords: List[str]): + """Search for key documents.""" + matches = [] + for file_path, content in documents: + if any(keyword in content for keyword in keywords): + matches.append(str(file_path.relative_to(self.docs_dir))) + + if matches: + self.found_documents[doc_name] = matches + + def _generate_report(self) -> Dict: + """Generate comprehensive gap analysis report.""" + total_procedures = len(REQUIRED_PROCEDURES) + found_count = len(self.found_procedures) + missing_count = total_procedures - found_count + + missing_procedures = [] + for clause_id, proc_info in REQUIRED_PROCEDURES.items(): + if clause_id not in self.found_procedures: + missing_procedures.append({ + "clause": clause_id, + "title": proc_info['title'], + "keywords": proc_info['keywords'] + }) + + missing_documents = [] + for doc_name, keywords in KEY_DOCUMENTS.items(): + if doc_name not in self.found_documents: + missing_documents.append({ + "document": doc_name, + "keywords": keywords + }) + + compliance_percentage = (found_count / total_procedures) * 100 + + report = { + "analysis_date": datetime.now().isoformat(), + "documents_analyzed": str(self.docs_dir), + "summary": { + "total_required_procedures": total_procedures, + "procedures_found": found_count, + "procedures_missing": missing_count, + "compliance_percentage": round(compliance_percentage, 1) + }, + "found_procedures": self.found_procedures, + "missing_procedures": missing_procedures, + "found_documents": self.found_documents, + "missing_documents": missing_documents, + "recommendations": self._generate_recommendations(missing_procedures, missing_documents) + } + + return report + + def _generate_recommendations(self, missing_procedures: List[Dict], + missing_documents: List[Dict]) -> List[str]: + """Generate recommendations based on gaps.""" + recommendations = [] + + if not self.found_documents.get("Quality Manual"): + recommendations.append( + "CRITICAL: Create a Quality Manual - this is the foundational document of your QMS" + ) + + if not self.found_documents.get("Quality Policy"): + recommendations.append( + "HIGH PRIORITY: Develop and document your Quality Policy statement" + ) + + if missing_procedures: + high_priority_clauses = ["8.2.2", "8.5.2", "8.5.3", "7.4.1", "8.2.4"] + high_priority_missing = [p for p in missing_procedures + if p['clause'] in high_priority_clauses] + + if high_priority_missing: + titles = [p['title'] for p in high_priority_missing] + recommendations.append( + f"HIGH PRIORITY: Develop the following critical procedures: {', '.join(titles)}" + ) + + if len(missing_procedures) > 20: + recommendations.append( + "Consider engaging a consultant or using templates to accelerate QMS development" + ) + + if len(missing_procedures) < 5: + recommendations.append( + "You're close to completion! Focus on finalizing remaining procedures and conducting internal audit" + ) + + return recommendations + + +def print_report(report: Dict): + """Print formatted gap analysis report.""" + print("\n" + "="*80) + print(" ISO 13485:2016 GAP ANALYSIS REPORT") + print("="*80) + print(f"\nAnalysis Date: {report['analysis_date']}") + print(f"Documents Location: {report['documents_analyzed']}\n") + + # Summary + summary = report['summary'] + print("-" * 80) + print(" SUMMARY") + print("-" * 80) + print(f"Total Required Procedures: {summary['total_required_procedures']}") + print(f"Procedures Found: {summary['procedures_found']}") + print(f"Procedures Missing: {summary['procedures_missing']}") + print(f"Compliance: {summary['compliance_percentage']}%\n") + + # Found Procedures + if report['found_procedures']: + print("-" * 80) + print(" FOUND PROCEDURES") + print("-" * 80) + for clause_id, files in sorted(report['found_procedures'].items()): + proc_info = REQUIRED_PROCEDURES[clause_id] + print(f"\n[{clause_id}] {proc_info['title']}") + for file in files: + print(f" - {file}") + + # Missing Procedures + if report['missing_procedures']: + print("\n" + "-" * 80) + print(" MISSING PROCEDURES") + print("-" * 80) + for proc in report['missing_procedures']: + print(f"\n[{proc['clause']}] {proc['title']}") + print(f" Keywords to include: {', '.join(proc['keywords'][:3])}") + + # Found Documents + if report['found_documents']: + print("\n" + "-" * 80) + print(" FOUND KEY DOCUMENTS") + print("-" * 80) + for doc_name, files in report['found_documents'].items(): + print(f"\n{doc_name}:") + for file in files: + print(f" - {file}") + + # Missing Documents + if report['missing_documents']: + print("\n" + "-" * 80) + print(" MISSING KEY DOCUMENTS") + print("-" * 80) + for doc in report['missing_documents']: + print(f" - {doc['document']}") + + # Recommendations + if report['recommendations']: + print("\n" + "-" * 80) + print(" RECOMMENDATIONS") + print("-" * 80) + for i, rec in enumerate(report['recommendations'], 1): + print(f"{i}. {rec}") + + print("\n" + "="*80) + print(" END OF REPORT") + print("="*80 + "\n") + + +def save_report(report: Dict, output_path: str): + """Save report to JSON file.""" + with open(output_path, 'w', encoding='utf-8') as f: + json.dump(report, f, indent=2) + print(f"Report saved to: {output_path}") + + +def main(): + """Main entry point.""" + parser = argparse.ArgumentParser( + description='ISO 13485 Gap Analysis Tool', + formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument( + '--docs-dir', + required=True, + help='Directory containing documentation to analyze' + ) + parser.add_argument( + '--output', + help='Output file path for JSON report (optional)' + ) + + args = parser.parse_args() + + # Run analysis + analyzer = GapAnalyzer(args.docs_dir) + report = analyzer.analyze() + + # Print report + print_report(report) + + # Save report if output path specified + if args.output: + save_report(report, args.output) + + return 0 + + +if __name__ == '__main__': + sys.exit(main())