This article explores the various definitions and contexts of "scope" in a Quality Management System (QMS), specifically as they relate to ISO 13485. The term "scope" appears in multiple contexts, including the scope of the standard itself, your management system, certification, and audits. This can sometimes create confusion, but understanding these distinctions is crucial for compliance and effective implementation.
Scope of the ISO 13485 Standard
ISO 13485, "Quality Management System - Requirements for Regulatory Purposes," begins with Clause 1, titled "Scope." This clause outlines the situations where the standard's requirements apply to an organization. In general, the full scope of ISO 13485 applies to your QMS unless specific activities are not performed by your organization. For example, exemptions may include:
- Clause 7.3 (Design and Development) if your organization does not engage in product design.
- Calibration of measuring equipment if your organization does not use such equipment.
- Clauses relating to sterilization activities or implantable devices if these are not relevant.
Example for IVD and Medical Devices:
For an in-vitro diagnostic (IVD) company that only manufactures test kits and does not design products, Clause 7.3 could be excluded. Similarly, a medical device manufacturer focusing on non-sterile devices may not need to comply with clauses related to sterilization.
Scope of the Management System
Defining the scope of your management system involves identifying the parts of your business included within the QMS. This must be documented, often in a concise paragraph. The scope should clearly outline the boundaries and responsibilities, ensuring no critical areas are arbitrarily excluded. If an area outside the QMS impacts quality, it must still be controlled, similar to an external provider.
While determining the scope of your QMS, it is essential to include conformity related to processes, organizational activities, services, and products offered by the organization. This ensures the QMS comprehensively covers all aspects affecting quality. Avoid overly broad statements, such as "manufacturing Class I and II devices," as these lack specificity. Instead, detail the activities and categories of devices covered within the QMS.
Examples of QMS Scope:
- Specific Scope: "Design, manufacture, and distribution of diagnostic imaging devices and accessories for healthcare applications."
- Focused Scope: "Production and testing of IVD reagents for clinical laboratories."
- Precise Scope: "Manufacture and packaging of orthopedic surgical instruments for global distribution."
Key Considerations:
- Customer expectations: For example, excluding R&D might be acceptable if your customers are not concerned about design capabilities. However, excluding critical production steps would likely raise concerns.
- Strategic decisions: Determining the scope is a strategic task for top management, often influenced by customer and regulatory needs.
Scope of the Certification
The scope of certification is usually aligned with the management system's scope but can sometimes be narrower. This scope is displayed on the ISO 13485 certificate and must provide a clear description of the covered products, services, and activities.
It is important to note that the product certification scope pertains specifically to the conformity of products in terms of their quality and efficacy. While a QMS scope addresses broader organizational aspects, a product certification scope focuses solely on verifying product performance against specified standards.
Examples of Certification Scope Statements:
- "Design and manufacture of diagnostic imaging devices for healthcare applications."
- "Production and distribution of IVD test kits for clinical use."
- "Repair and maintenance of active non-implantable medical devices."
Any changes to the scope of certification typically require an external audit. Many organizations prefer to adjust their scope during scheduled surveillance or recertification audits.
Audit Scope
The audit scope defines the locations and activities an auditor will review. For external audits, this scope matches the certification scope. For internal audits, the organization has flexibility. Internal audits can focus on specific requirements, locations, or processes at different times.
Tips for Internal Audits:
- Use a risk-based approach to prioritize high-impact areas.
- Ensure coverage over time to maintain compliance across all QMS elements.
Practical Application: Determining Your Organization's Scope
In most cases, the QMS scope covers the entire organization. However, exceptions occur, such as:
- When the QMS applies to only one location within a multi-location company.
- When manufacturing or service operations are distinctly split between industries.
Examples:
- Medical Device Manufacturer: "Design and assembly of diagnostic imaging devices and related accessories for healthcare applications."
- IVD Distributor: "Distribution and warehousing of clinical laboratory diagnostic kits."
- Surgical Instrument Manufacturer: "Manufacture and sterilization of Class II orthopedic surgical instruments."
Crafting a Clear Scope Statement
Your scope statement should:
- Be concise yet detailed enough to clarify what is covered.
- Include the activities, relevant products or services, and applicable categories of devices.
- Clearly indicate any exclusions.
Example Statements:
- "XYZ Diagnostics designs and manufactures IVD test kits for clinical laboratories and healthcare providers."
- "XYZ Healthcare provides servicing and calibration of diagnostic imaging devices for hospitals and clinics."
- "XYZ Instruments specializes in the production of orthopedic surgical instruments and accessories."
Periodic Review of Your QMS Scope
Regularly revisiting your QMS scope ensures alignment with evolving organizational objectives and regulatory landscapes. Organizations should leverage internal audits and stakeholder feedback to maintain an effective and compliant QMS.
A well-defined scope prevents ambiguity and aligns your QMS with organizational goals, customer needs, and regulatory requirements. It also simplifies audits and certifications, ensuring a smooth path to compliance with ISO 13485.