What is a Quality Management System (QMS)
According to ASQ (American Society of Quality): quality management system (QMS) is defined as a formalized system that documents processes, procedures, and responsibilities for achieving quality policies and objectives. A QMS helps coordinate and direct an organization’s activities to meet customer and regulatory requirements and improve its effectiveness and efficiency on a continuous basis.
See the picture below to view a basic design breakdown of QMS as a general structure.
Electronic Quality Management System (EQMS)
Organizations today are bound to their responsibility to ensure quality, compliance and many other industry specific regulations are met with respect to their production and service delivery processes. In order to ensure these regulations meet industry standards, enterprises will adopt an eQMS quality management system solution.
These eQMS solutions have progressively changed over time, having begun as basic spreadsheets originally. Company’s would leverage these spreadsheets in the monitoring and management of their quality processes. With the evolution of computing resources, eQMS systems emerged as reliable software solutions running processes, identifying responsibilities and detailing procedures for the achievement of goals and policies compliance. Think of it as a QMS platform that is integrated with an IT infrastructure and data model facilitating cross-functional collaboration and communication.
While there are variable custom capabilities integrated depending on industry, delivery platforms, organization size etc., there are a few typical capabilities that are commonly invested in. These would include:
- Web-based platform
- Taking a BPM approach to functionality involves applications that are built on a platform with integration to other applications.
- Interoperability with other Enterprise Resources Planning (ERP) applications.
- The GUI is role-based and focuses on execution of the workflow process.
Documents & Records Management
It is nothing short of a challenge, if not near impossible, to maintain a paper-based ISO compliant document system today. Cumbersome, error prone and time-consuming would be the systems feature-set. Your productivity would increase significantly by automating all repetitive tasks associated with QMS document management. EPC’s eQMS adds clear visibility into the document lifecycle and will proactively monitor your organizations workflow status while equally improving the quality system efficiency.
Teams dispersed geographically, are now able to connect, collaborate, co-author, proof-read, revise, comment and sign documents – all done electronically and securely within the system. Auto email notifications and read receipts support the systems expediting distribution process throughout the organization. Automatic document retention, printing, periodic reviews, and archiving are all in full compliance and controlled using USFDA 21 CFR part 11 encryption, making audits and quality inspections worry free.
- Adding new Documents
- Unique IDs and tags by document
- Version control by document
- Archive, move and delete existing documents
- Structure document in a hierarchy, folders
- Creates templates for Records and ability to reuse the workflow template
- Audit log / trail on changes to metadata
- Workflow for approvals, reviews
- Electronic signature on approvals
- Delegation on reviews, approvals
- Notifications, emails for workflows
- System check for publications and approvals
- Collaborate and raise change requests
- Multi-lingual support – UI, Metadata translation suggestions & Documents
Powerful Document Search by:
- Document Name
- Document ID
- Organizational Unit
- Full Text
- Meta data (Type, Categories, Attributes)
- Filterable columns
- Last modified data
- Last modified by
- Any user-defined attributes (UDAs)
Interfacing’s audit management support for your organization includes compliance with the standards of a wide variety of internal and external audits. Standards from the FDA, ISO, quality and clinical audits are a few of the governing agencies establishing compliance specifications that must be met. Our DBP will automate tasks normally done manually in excel, offering the reusability of audit definitions and further testing, evidence and sampling requirements; meaning that you will only need to define audit and test requirements once, and use them across multiple audits. This includes the ability to perform both internal and external audits (supplier, customer, regulatory requirements etc.).
When using our Digital Business Platform, not only will you be able to follow the audit step by step, you can also escalate the audit with major / minor findings all the way to CAPA in Action Items Management. One of our tools is used in Gantt chats regarding audit planning, capacity management, ISO requirements management and more.
- Capture all audit & test instances within one repository
- Search & sort audit fields by ID, name, frequency, sample size, etc.
- Triggered-to-start ad hoc audit & pre-scheduled audit
- Set key audit attributes such as auditor and auditee, deadline, trigger to start, prerequisite, etc.
- View, edit and add sample results for different audit purposes
- Determine sample effectiveness and accuracy through automation buttons
- Complete audit trials & reports
Triggers, Escalation and Validation
- Trigger CAPA via failed audits, incidents, or ad hoc requests
- Add multiple action items (AI) that define specific criteria (e.g. AI name, owner, action type, priority, etc.)
- Assign AIs to specific resources with clear deadlines & level of priority
- Automatic escalation CAPA request to its AI owner or a different role of equal responsibility in case of absence of its AI owner
- Allow AI owner to request extension on his assigned AI
- Collect & store AI evidence to validate completion
Corrective and Preventive Actions (CAPA)
We think of CAPA much like the immune system of an organization. If a deviation or systemic breakdown occurs in an organizations processes or manufacturing steps, CAPA is the rigorous process in place that will identify why the defect or failure occurred. Corrective Action Preventive Action (CAPA) is the process used to investigate and solve organizations problems, and will identify and take corrective action to prevent the reoccurrence of root causes. Interfacing’s DBP assists CAPA to prevent recurrence of any root cause of a failure or defect.
Our DBP will raise either on an ad-hoc basis or as an output of an Incident or Audit investigation findings. It will raise actions that can be traced to a source and implemented as part of a Action Items Management plan.
- Date raised
- Deadline date
- Issue description
- Root cause
- CAPA action items
- Test Info tab – displays all completed tests inherited from previous form
- Failed audit or incident information inherited on form
- View/edit/add multiple CAPA action items
- Responsible roles and status of action items available in real-time
Quality Events including Non-Conformity, Complaint etc.
Non-conformance management is a requirement to meet ISO 9001 standards. Interfacing’s Digital Business Platform (DBP) eQMS software solution combines document and process management to significantly improve the management of any non-conformances and their associated action plans. With our DBP, you can identify and raise non-conformity issues discovered in an audit to create an Action Items Management plan. The benefits are impactful. In another example, in a production process, anomalies can be identified in the design stage, saving significant expense than those resolved further along the process in manufacturing or even out to distribution or making its way into consumer sales.
Implementing and monitoring non-conformances and the effectiveness of each to avoid adverse business operations are made possible through eQMS. With an eQMS, each incident will be recorded with all associated action items tracked.
- Identification of root cause, main reason for the NC or what went wrong
- Why the work doesn’t meet specs
- What can be done to prevent the problem from happening again
- Explanation of corrective action taken or to be taken
- Key people involved in the NC and specs affected under the NC
Enterprise Process Center® (EPC) facilitates organizations to be proactive vs. reactive when it comes to risk control and process risk management strategies. Not only is risk management important to protect against disaster striking, but by integrating controls into daily operations you can ensure that quality standards are met and customer satisfaction is maintained. Additionally, there is nothing greater than the cost of “non-compliance”, hence, comprehensive risk and process transparency is a necessity to comply with laws and regulatory requirements such as Sarbanes Oxley, Basel III, IMF, HIPAA, FDA, ISO 15000, among others.
- Detailed risk library including identifier, description, type, category, responsible resources (via RASCI-VS)
- Customizable risk matrices including risk likelihood, impact, score, percentage, color and priority
- Import/export risk details via Excel
- End-to end process visibility associated with risks
- Filter, search, & report risks by attributes
- Reusable risks & controls
- Trigger CAPA based on process & task risk analysis
View the cause & effect of risks to track critical risk information; risk managers analyze and prioritize risk mitigation
Extended risk editing (gross risk per process, net risk per control on process, specific controls per process, override roll-up calculation per process)
Detect a risk’s occurrence; automated risk roll-up algorithm for risk scoring
Residual risk provides realistic view of potential impact
Risk matrix visualizes 5 different levels of risks residing in processes
Today’s challenge in training is actually managing the amount and frequency of training that occurs across the organization’s enterprise operations. This challenge impacts the singular tracking of a specific employee most. Interfacing’s Digital Business Platform supports your business’s training management with its ability to effortlessly link to all Learning Management Systems (LMSs) within the organization.
Measure training efficacy through controlled questionnaires or quiz’s after a completed training session to ensure your training management program meets regulatory requirements and successfully achieves the high threshold of your organization’s institutional knowledge.
This gives training administrators visibility across all training platforms related to regulatory requirements, processes, documents and training itself. Think of it as a central repository to monitor and track all training.
- Define customized questionnaires for pre / post training to measure efficacy
- Leverage standard questionnaires to quickly build new training templates
- Provide direct link to training materials
- Reuse documented compliance requirements from the IMS repository (Regulatory, Documents, Processes)
- Assign training dynamically
- Provide users with a calendar / Gantt view of their trainings
- Provide instructors with a view for their courses
- De-activate training after use
- Request extension for training
- Managers to sign-off on training post-completion
Control Management: Risk Indicator Audit, Analysis & Reporting,
EPC offers within a single collaborative platform an area where analysts can identify, assess and prioritize risk mitigation plans, and auditors can schedule then execute control audits and implement corrective action plans based on test results. Furthermore, by identifying key risk and control indicators and quantifying threshold limits; management can monitor measures to ensure policies are enforced and standards are maintained.
- Monitor controls through audits
- Recurrent audit scheduling
- Implement CAPAs based on test results
- COSO Cube ERM framework
- General analysis, critical path analysis & high-risk path analysis generated in a dynamic manner
- General controls and risks report & custom report
- Reusable key risk & control indicators (KRIs, KCIs) for more than one source
- Target threshold setting for continuous improvement
The procedures and actions taken to respond and resolve incidents that occur is known as Incident Management. Interfacing’s DBP will support these actions by tracking and escalating remediation from start to finish. DBP will perform root cause analysis (RCA) and Incident analysis.
A Digital Business Platform solution ensures that all incidents are quickly addressed and high quality standards are maintained. Teams also benefit from improvements in operations, preventing recurrence of future incidents.
- Reuse information from previous stages of an incident process
- Perform root cause analysis & risk analysis
- Set multiple review cycles & approval cycles
- Trigger an escalation to CAPA if needed
- Track incident with tracking code at any stage of the process
- Incident reports with detailed drilldowns to view subsets of relative information
- Incident investigation with E-signature confirmation of completion
Inspection / FMEA
FMEA identifies failure modes and their effects in processes. It will identify design inputs or special characteristics down to the end user. Interfacing’s eQMS software automation platform allows rapid notification of the severity ranking or danger of the effects of the failure. The next steps immediately following the notification include identification of the causes and the mechanisms involved in the failure mode.
EPC offers within a single collaborative digital platform the ability for users to implement corrective action plans based on Inspection / FMEA.
- Date raised
- Inspection Type
- Deadline date
- Reason for Inspection
- Supplier targeted
- Plan inspections and capacity
- Time-based inspection planning
- Assign inspectors ahead of time
- Inspection by type (such as Supplier, Internal, External, etc.)
- Triggered start of the inspection
- Search & sort inspection fields by ID, name, frequency, location, etc.
Supplier & Product Management / SCAR
- Conduct Root Cause Analysis (RCA)
- Leverage best practice Root Cause Methodologies (5 Ws, Comparative Analysis, 3×5 Why)
- Root cause is embedded in the workflow
- Directly send tasks to users as part of SCAR workflow
- Raise action items on suppliers (SCAR)
- Reuse centrally managed Supplier information
- Notify the supplier directly
- View/edit/add multiple SCAR action items
- Responsible roles and status of action items available in real-time
EQMS and Compliance
We understand that the requirements placed on organizations in terms of compliance are very high and that ISO9000, ISO13845, ISO17025, ISO27001, SOC 2, FDA QSR and GxP is an essential part of that program. By using our solutions, your company gains the accountability and consistency that will give you a cutting edge over your competition. Our tools ensure full visibility from end-to-end, all the way from the creation and amendment of a regulation to the approval and revision of the content through to the update and retraining of employees for standard operating procedures (SOPs). We see the full lifecycle management as moving parts of a complete ecosystem and that’s why are unique approach that combines regulatory requirements, documents, processes, work instructions, and governance.
International standard that specifies requirements for a QMS. It is the most popular standard in the ISO 9000 series and the only standard in the series to which organizations can certify.
First published in 1987 by the International Organization for Standardization (ISO). The current version of ISO 9001 was released in September 2015.
In short, ISO 13485 is an internationally recognized standard that the following countries have adopted: Europe, Canada, Australia and other markets. Excluding Canada, the application of ISO 13485 is not a requirement but is the de facto standard in use today as a measurement of full QMS compliance set forth on medical device regulations.
ISO/IEC 17025 defines the general requirements for competence in testing and calibration for all laboratories. For testing and calibration laboratories, this is the definitive ISO standard. On many occasions, regulatory authorities and suppliers will not accept test or calibration results from a lab that runs independent of any accreditation oversight. This is where ISO/IEC 17025 (originally known as ISO/ISO/IEC 17025 Guide 25) comes into play.
ISO 27000 is a series of standards that were designed to safeguard organizations’ information assets. ISO 27000 also gives an overview of an Information Security Management System (ISMS), defining and describing the logically organized set of processes that guide organizations to align their business goals and objectives with their information security.
Lesser known as the longer version, “Systems and Organizations Controls 2”, SOC 2 (or SOC II) is a framework used to assist companies demonstrate security controls that are in place to protect customer data in the cloud. These controls became known as the Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality, and lastly Privacy.
Other countries will have their own criteria to meet nuanced QMS requirements. For example while both Brazil and Japan have their own requirements, they are both based on existing US FDA QSR and ISO 13485 standards. On a positive note, these standards achieve harmonized quality management requirements to meet US, Canadian, European and all other QMS standards in effect.
US FDA QSR
The US FDA QSR (also known as 21 CFR Part 820) was introduced prior to ISO 13485. All medical device companies in the US are required to meet this standard for national distribution but must comply with both regulations in order to distribute devices internationally. US FDA QSR must also be met by international companies wanting to do business with US customers.
Conduct Impact Analysis
Approval and Governance Workflow
ISO 27001 Cloud-solution
As part of our ongoing commitment to compliance and ensuring that our clients meet their regulatory requirements, we are always on the lookout for ways to help our clients attain and maintain full compliance. Interfacing is ISO 27001 certified and we are partnering with Amazon Web Services (AWS) for cloud-hosting since their commitment to compliance is proven, with global data centers compliance to SOC 1 Type II and ISO 27001. For more information on AWS compliance for ISO 18345, FDA QSR and GxP, please refer to their compliance program.
Eliminate the compliance burden and improve product quality by automating critical quality processes like document, quality event, training, value chain and audit management in a single end-to-end Enterprise Process Center EQMS solution.
Discover how your organization benefits from an Interfacing EQMS focused solution.
A key differentiator of Interfacing to other digital and business transformation consulting firms is that Interfacing offers its own innovative technology solution in support of transformation programs. Interfacing’s EQMS supported solutions deliver the transparency required to reduce complexity, improve execution and facilitates agility and change.
Interfacing’s EQMS integrated management system solution is a one-stop-shop for managing transformation programs. We know it’s a very competitive environment out there. It is for that reason our strength is in our commitment to maintain flexibility throughout the project lifecycle whether it is in our innovative products or in our team of experts.
Try It Now For Free!
Document, improve, standardize, and monitor your business processes, risks and performance with Interfacing’s Business Process Management Software (BPM Software) the Enterprise Process Center®!