ISO 13485 section 5.3 Quality Policy - No framework for establishing and reviewing quality objectives


Starting to get Involved
Hi All,

I just had a customer audit and lead auditor made a finding against section 5.3: While the quality objectives themselves were present in the policy, there was no framework for establishing and reviewing them.
I just want to ask what would I need in order to be complainant?

thanks in advance!


Trusted Information Resource
Section 5.3 assigns the "ensure" responsibility on Top Management. Your question reads like the specific finding was against 5.3(c).

Most companies that adhere to 13485 will identify Management With Executive Responsibility (MWER) who are required to regularly meet ("Management Review") for the purpose of establishing and then reviewing specified quality objectives. If 5.3(e) was not cited, it is possible that you are having such a meeting, but that the meeting does not formally have set agenda items to cover 5.3(c). If you have been using an ad hoc approach to establishing (or reviewing, or both) quality objectives, that could be what led to the finding.

If that is the case, MWER should establish (typically within the Quality Manual) the timing and necessary attendees for a Management Review. This review should require the presence of MWER (or their representative), and MWER should approve the minutes of the Review. The QM should include at least skeleton of meeting format or could be more rigid. You may want some flexibility but since I don't know your specific company circumstances, the history/nature of the company, or the particular auditor's PoV I hestitate to provide more specific advice.

After this, start having the meetings regularly, wherein MWER performs/reaffirms the activities in section 5.3.


Super Moderator
Given that the finding was apparently against 5.3(c), I'm not sure that the Management Review activities would necessarily satisfy the concern.

I generally take key words/phrases from the policy as the framework (and can show that linkage to auditors). So for example, I include a commitment to maintain effectiveness of the QMS in the Policy and then that spins out the objective related to QMS updates. How do your objectives link to your policy? To provide more feedback would require that you share your policy and objectives, I think.

[Soap box alert] I wish the framers of these standards would drop this kind of stuff. I've never seen better product due to a 'good' policy. Objectives are good and I understand the utility but these kinds of requirements tend to lead to low value-added actions. One local, very large company has a quality policy of something to the effect of "We improve people's lives." Seriously. Where's the framework, where's the commitment to comply with requirements? Yet they somehow make good product (and somehow pass audits). [off the soap box]
Top Bottom