When digging deeper into a part where ISO 13485:2016 defines roles, we can get a headache of how to define QMS management. It might be tricky to come to define Is it a job or is it a role in an organization?
A QMS manager is a one-person Job with a very critical role, so we recommend you to keep it separate! Sure, you’re a start-up, but as a medical device company, bite the bullet and hire a person for this Job. Don't make the Management Representative or a Unit Manager, the QMS Manager. This role is essential for keeping the focus on regulatory and standards compliance and quality assurance, blending other roles into it only dilutes the integrity of the position. You will be hard-pressed to claim that quality objective was met. It would only pander lip service to quality. More importantly, you would more than likely fail a QMS audit as a result.
Our recommendation is " Don't do it! " it's not worth the hassle.
Choosing a QMS Manager
QMS Manager is responsible for developing the Quality strategies, policies, processes, standards and systems for the Company and they have a role to play and it’s not the same as the QMS Manager. The QMS Manager is not the HR Manager, not the Purchase Manager, not any other position or role. They are the final arbiter of oversight. Note: I did not say quality but of “oversight”. They determine if the proper process was properly followed. They cannot tell if the quality is there. They cannot validate that regulatory and standard compliance was achieved.
Rather, the quality should be there if the process was done correctly. i.e. the QMS Manager double checks.
In a more pragmatic way, a QMS manager has surveillance over the whole organization, the QMS processes, and tasks inside an organization and checks that everything is working and done correctly – and compliance is being respected.
Risk and QMS management: 2-in-1 or not?
The new ISO 13485:2016 states that anything you do that affects the quality system needs to be viewed from a risk perspective (risk-based approach). As such, many companies believe that the QMS Manager role can be combined with the Risk Manager role.
Although convenient at first glance, it's not practical in any way and it will represent a huge problem for smaller companies.
Choosing a Risk Manager
Essentially a Risk Manager needs to understand, analyze and address the various risk issues to help their organizations detect potential sources of hazards or harm. They have to know and understand what risks are inherent in the medical device under development. They also have to know how to mitigate any risks and reduce the potential for harm.
A QMS manager doesn't understand the product or its associated risk. It’s not their job to do that. As such they are ill-suited for this task and would inherently be in a conflict of interest.
In this author's opinion, the Unit Manager or Project manager should make the best Risk Manager for that project. A product manager could also step-in. The point is to assign this critical role or Risk Manager to someone who truly understands the medical device, product or service because they would have better insight into the nature of the risks associated with the use of that device than would a QMS manager.
Separate roles would mean that the Risk Manager can then interact with the QMS system and allow the QMS Manager to do their job correctly, ensuring QMS ‘Oversight’ of the Risk processes for that medical device/project.
In the Start-up or Small company, warm bodies are at a premium. We understand that. But the role of QMS manager is not simply quality, it is compliance and in a regulated industry, compliance is critical to market success. Fail in compliance, forget getting your product into the marketplace.
"Separate roles would mean that the Risk Manager can then interact with the QMS system and allow the QMS Manager to do their job correctly..."
So bite the bullet, a QMS manager is for quality and compliance whereas the Risk Manager needs intimate product knowledge to address the potential for harm and harm mitigation.
We strongly recommend that you keep the QMS Manager and Risk Manager roles separate.