Established quality policy with management commitment and communication to all personnel — 820.20 policy obligation preserved under ISO 13485 5.3.
Policy must include explicit commitment to maintain QMS effectiveness; measurable quality objectives must be established and reviewed at management review.
Measurable quality objectives and evidence of policy comprehension at all levels — vague policies without linked objectives are a common management-responsibility finding.
Maps to
QMSR / ISO 13485: §820.20 Management responsibility.
ISO 13485: §5.3 Quality policy
Requirement text
Top management shall ensure the quality policy includes a commitment to comply with requirements and maintain QMS effectiveness.
Why this clause exists
The quality policy is the top management declaration that establishes the strategic intent of the quality management system and the organization's commitment to regulatory compliance and continual improvement. It is not a compliance checkbox: the policy is the reference against which quality objectives are derived, and quality objectives are the measurable targets that give operational meaning to policy commitments. A quality policy that is not communicated and not understood at the organizational level is nominally in place but functionally absent — personnel making daily decisions that affect product quality cannot align their work with commitments they do not know exist. The requirement that the policy be appropriate to the organization's purpose reflects the expectation that the content be substantive and specific, not generic boilerplate: a quality policy that could apply to any industry in any regulatory context provides no meaningful commitment to the actual regulatory requirements the manufacturer must satisfy. Top management involvement in the quality policy is structural — it is the mechanism by which leadership's quality commitment is made visible, binding, and reviewable against actual performance at management review.
What changed
§820.20 — Part 820 (legacy)
"Management with executive responsibility shall establish its policy and objectives for, and commitment to, quality. Management with executive responsibility shall ensure that the quality policy is understood, implemented, and maintained at all levels of the organization. Each manufacturer shall establish and maintain an adequate organizational structure to ensure that devices are designed and produced in accordance with the requirements of this part. (1) Responsibility and authority. Each manufacturer shall establish the appropriate responsibility, authority, and interrelation of all personnel who manage, perform, and assess work affecting quality, and provide the independence and authority necessary to perform these tasks. (2) Resources. Each manufacturer shall provide adequate resources, including the assignment of trained personnel, for management, performance of work, and assessment activities, including internal quality audits, to meet the requirements of this part. (3) Management representative. Management with executive responsibility shall appoint, and document such appointment of, a member of management who, irrespective of other responsibilities, shall have established authority over and responsibility for: (i) Ensuring that quality system requirements are effectively established and effectively maintained in accordance with this part; and (ii) Reporting on the performance of the quality system to management with executive responsibility for review. Management with executive responsibility shall review the suitability and effectiveness of the quality system at defined intervals and with sufficient frequency according to established procedures to ensure that the quality system satisfies the requirements of this part and the manufacturer's established quality policy and objectives. The dates and results of quality system reviews shall be documented. Each manufacturer shall establish a quality plan which defines the quality practices, resources, and activities relevant to devices that are designed and manufactured. The manufacturer shall establish how the requirements for quality will be met. Each manufacturer shall establish quality system procedures and instructions. An outline of the structure of the documentation used in the quality system shall be established where appropriate."
§5.3 — ISO 13485:2016 (current)
"Top management shall ensure that the quality policy: a) is applicable to the purpose of the organization; b) includes a commitment to comply with requirements and to maintain the effectiveness of the quality management system; c) provides a framework for establishing and reviewing quality objectives; d) is communicated and understood within the organization; e) is reviewed for continuing suitability."
Δ Quality policy must now explicitly provide a framework for reviewing quality objectives and be reviewed for continuing suitability — specific criteria absent from Part 820's general commitment requirement.
Common gaps (what we see in audits)
- Quality Objectives Not Measurable — ISO 13485 clause 5.4.1 requires that quality objectives be measurable and consistent with the quality policy. Many Part 820-era organizations have quality objectives stated as aspirational goals rather than measurable targets with defined metrics, baselines, and target dates.
- Missing 'Effectiveness' commitment — The Quality Policy commits to 'Quality' but misses the explicit 'commitment to maintain the effectiveness of the QMS' required by ISO 13485 §5.3.
- Policy not understood at all levels — Shop-floor operators are unaware of the quality policy or how their work contributes to it. ISO 13485 §5.3(d) requires it to be 'communicated and understood.'
- Quality Policy Not Reviewed at Management Review — ISO 13485 requires that the quality policy be reviewed for continuing suitability, typically at management review. Many organizations created a quality policy at QMS inception and have not formally reviewed it since, or do not include quality policy review as a standing management review agenda item.
- No Formal Communication and Understanding Verification — ISO 13485 requires that the quality policy be communicated and understood within the organization. Many organizations post the quality policy but do not document how it is communicated to personnel or verify that personnel understand it, for example through training records or competence assessments.