ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence

[ThatSinc]

Hi All,

Looking for some guidance on the requirement for independence within clause 5.5.1

Top management shall document the interrelation of all personnel who manage, perform and verify work affecting quality and shall ensure the independence and authority necessary to perform these tasks.

Previously I've worked at large companies that have had dedicated quality control departments, completely independent of production, product goes into QC - gets tested by the QC op - gets signed off by the QC supervisor - goes back out and gets packed - goes back in to QC - gets inspected by the QC op - gets signed off by the supervisor - goes out the door.
The documented interrelation and independence of the personnel in those situations is very clear, they report to individual managers who have distinct roles and each shows the QC supervisor/manager has the authority to perform his/her duty with regards to quality of the product.


I've found myself working with a very small company (fewer than 10) where it's not possible to have separate people performing each of these functions, in some cases it is possible for a single person to take a product from incoming component inspection through to final device packing and release which to me does not seem quite right.

I'm looking for some help in acceptable solutions to this, whether change is required or whether I'm coming from "big company mindset".
I appreciate the requirement isn't asking for absolute independence, as stated by MIREMGR in a previous thread (Quality Staff - Independence (ISO 13485 Clause 5.5.1) ), but I'm not sure what is required minimally where the company is so small.

Is it acceptable to have a single individual performing both assembly and test/inspection so long as within the documented roles and responsibilities within the business , quality and release are to a different member of management than the production management?
Once release testing has been performed does it need secondary approval from another individual reviewing documentation?

Thanks in advance.

 

[John Broomfield]

TS,

By investing in planning, design, training and other preventive processes and controls you’d expect companies not to waste too much time and money on independent verification of processes, services and products.

Instead we tend to invest in impartial and objective auditing of the organization as the system responsible for the quality of its services and products.

That tends to be where we focus our assurance efforts once we have mature quality management.

Where is your organization on this grid:



Knowing this should help your leaders to understand where to invest their system improvement dollars.

John

 

[ThatSinc]

Hi John,

Definitely down in the 1/2 range for most things, a 3 for a couple - there is clear improvement needed, and I'm trying to help drive that forwards but am looking to take this in small steps so as not to overload them and get complete resistance.

Everybody reports directly into the company owner and there is no titled and physically independent "quality" department - you have people wearing multiple hats, so from an independence and authority standpoint I'm unclear as to how to implement it.

Would it be suitable, from a compliance point of view, for issues relating to quality to be dotted line reported to the technical leader?
In practise this is how the business functions.

As I say, I've always worked for larger companies that have had dedicated resource to quality and nothing else, so have not faced this before, but know that saying you need to have separate people making the product and verifying the performance is not going to fly.

thanks,

TS.

 

[John Broomfield]

TS,

You reporting direct to the CEO is a strength. Complete grid vertically and be ready to discuss it with the CEO.

Advise him to engage his leaders in fulfilling their responsibilities for Quality First in order to improve profitability and sales. An independent inspector sorting bad product from good is not the way to do it, obviously.

Be ready to make your three top priority recommendations. (You've probably guessed that dotted lines on an org chart will not cut it).

A. Do the managers have the utmost respect for the management system?
B. Do they know how thinking Quality First will help them to fulfill business objectives?

If not you may need to engage the CEO understanding Quality First before running a workshop for the top managers so they understand they are responsible for quality and are able to explain the means of achieving it to everyone else.

If they lack respect for the management system then, with the CEO, find out why and stress that you are not responsible for quality they are! Pre-brief the CEO so she or he knows enough to remind the managers of their responsibilities for Quality First. Your responsibility may be confined to audit, listening to customers, the integrity of the system and advising the CEO.

You may then need to assist them in developing their organization so it works well as a process-based (not personality-based) system delivering quality services and products.

As you can see this is contrary to separating quality from production. That separation was never a good idea and one day the regulators will catch up. Provided you can show the auditor evidence that short-term internal costs never trump quality, you'll be fine.

John

Audit added to responsibilities.

 

[ThatSinc]

Hi John,

Thank you for the general guidance regarding how to effect change in the business, it is truly appreciated, but unfortunately it doesn't bring any clarity to the requirement of 5.5.1 regarding ensuring and documenting independence for those responsible for the various aspects of quality.

As you say, everyone is responsible for quality; from the person inspecting parts as they are used in production, to the person assembling in line with documented instructions, to any in-process or final verification of product.

The guys in production are able to reject parts that are not suitable, and when any testing does not meet criteria are able to fail things.
So production have the authority regarding performing quality, but where is the independence?

A similar thread discusses this here; Interpreting Responsibility and Authority Clause 5.5.1 ISO 13485 where you provide some guidance on delegation etc, though again the independence question when dealing with very small businesses is unclear to me.

 

[John Broomfield]

The independence is in auditing the effectiveness of the system.

Sorry, I missed it from post #4.

 

[ThatSinc]

Does that not fall under 8.2.4 for internal audits verifying the effectiveness of the system - "Auditors shall not audit their own work"?

The finding I have is that a single person (that reports directly to the MD) manufactured, inspected, packaged, and authorised devices for release.

Perhaps my understanding of clause 5.5.1 is not sufficient.

 

[John Broomfield]

Then you could conduct the occasional product audit, rather like IATF’s dock audit.

 

[ThatSinc]

Thanks for the help, I'm still not understanding how that would document the interrelation between those responsible and ensure the independence.

I guess I'll have to spend another few thousand dollars to go on another 13485 course to try and get it into my head.

 

[John Broomfield]

Your internal audit schedule is probably documented.

So, your manual could refer to its product audits scheduled according to the status of the products and the processes directly responsible for the products and their labeling.