Maps to
QMSR / ISO 13485: §820.20
ISO 13485: §5.3
Requirement text
Top management shall ensure the quality policy includes a commitment to comply with requirements and maintain QMS effectiveness.
What changed
Part 820.20 required manufacturers to establish and maintain a quality policy, but the requirements were minimal and embedded within the broader management responsibility section. The regulation required that management with executive responsibility establish a quality policy and ensure it was understood, implemented, and maintained at all levels of the organization. However, Part 820 did not specify detailed requirements for the quality policy's content, alignment with organizational strategy, or formal review cadence.
ISO 13485 clause 5.3 is more explicit about quality policy requirements. The quality policy must: (a) be appropriate to the purpose of the organization, (b) include a commitment to comply with requirements and maintain the effectiveness of the QMS, (c) provide a framework for establishing and reviewing quality objectives, (d) be communicated and understood within the organization, and (e) be reviewed for continuing suitability. Additionally, clause 5.4.1 requires that quality objectives be established at relevant functions and levels, be measurable and consistent with the quality policy, and include those needed to meet applicable regulatory requirements.
The linkage between quality policy and quality objectives is a key structural difference. Part 820 mentioned quality objectives in the context of management responsibility but did not create the formal quality policy to quality objectives to management review feedback loop that ISO 13485 establishes. Under ISO 13485, the quality policy must be reviewed at management review (5.6), quality objectives must be measurable and tracked, and achievement of quality objectives must be reported as a management review input.
The practical impact for most organizations is modest because nearly all medical device companies already have a quality policy. The gap is typically in the formality of the quality policy to quality objectives linkage, the measurability of quality objectives, and the documented review of the policy at management review.
Atomic constraints
- •Quality policy must be documented
- •Policy must include commitment to compliance
- •Quality objectives must be established
- •Policy must be communicated and understood
Common gaps
Quality Objectives Not Measurable
moderateISO 13485 clause 5.4.1 requires that quality objectives be measurable and consistent with the quality policy. Many Part 820-era organizations have quality objectives stated as aspirational goals rather than measurable targets with defined metrics, baselines, and target dates.
Missing 'Effectiveness' commitment
minorThe Quality Policy commits to 'Quality' but misses the explicit 'commitment to maintain the effectiveness of the QMS' required by ISO 13485 §5.3.
Policy not understood at all levels
moderateShop-floor operators are unaware of the quality policy or how their work contributes to it. ISO 13485 §5.3(d) requires it to be 'communicated and understood.'
Quality Policy Not Reviewed at Management Review
minorISO 13485 requires that the quality policy be reviewed for continuing suitability, typically at management review. Many organizations created a quality policy at QMS inception and have not formally reviewed it since, or do not include quality policy review as a standing management review agenda item.
No Formal Communication and Understanding Verification
minorISO 13485 requires that the quality policy be communicated and understood within the organization. Many organizations post the quality policy but do not document how it is communicated to personnel or verify that personnel understand it, for example through training records or competence assessments.
Evidence signals
- •
FILE_EXISTS
(Quality.*Policy|Quality.*Objective|Quality.*Manual)
- •
CONTENT_MATCH
Does this document state a quality policy, quality objectives, or management commitment to compliance?
Audit defense
Our quality policy is documented in [your document ID]. The policy includes an explicit commitment to comply with applicable requirements and maintain QMS effectiveness. Quality objectives are established, communicated to all personnel, and reviewed at management review per ISO 13485 5.3.