Definition of IMS

An integrated management system (IMS) combines all related components of a business into one system for easier management and operations. Quality, Environmental, and Safety management systems are often combined and managed as an IMS. These systems are not separate systems that are later joined together, rather they are integrated with linkages so that similar processes are seamlessly managed and executed without duplication.

As a part of gaining ISO certification, it is important to have a good quality management system that not only meets the standards, but it will also improve business processes.

Download this document for more information on Expanding a Quality System into an Integrated Management System

Do you have an IMS or are you considering integrating your Quality, Environment, and Safety Systems? By integrating your systems you can reduce the audit duration. Why not ask for a Quote?

ISO 13485:2016

The ISO 13485 standard represents a Quality Management System base for many regulatory schemes.

With the recent publication of the new Medical Device and In Vitro Diagnostic Regulations, the regulatory framework surrounding Medical Devices evolves and re-enforces the control of external parties (Suppliers, Subcontractors).

The newest revision of the ISO 13485 standard published in March 2016 aims in the very same direction.


What is a Supplier?


There is no specific definition of "Supplier” in the ISO 13485 QMS standard.


The standard however refers back to the definitions given in ISO 9000:2015.

According to ISO 9000:2015, a Supplier is "an organization that provides a product or a service”.

ISO 13485:2016 specifies that a product is the "result of a process” and that it includes "services, software, hardware and processed material”.


If we translate it to the Medical Device industry, Suppliers include, for example:

  • Raw material suppliers
  • Sub-assembly suppliers
  • Design/Manufacturing Subcontractors
  • Consultants
  • Any other service providers

What are the responsibilities of the Organization/Manufacturer?

In the Quality Management System section of the ISO 13485 standard (4.1), the following was and is still stated:

"When the organization chooses to outsource any process that affects product conformity to requirements, it shall monitor and ensure control over such processes”.

Control of outsourced process is not a new requirement; precisions were however added in the 2016 revision of the ISO 13485 standard. These precisions are that: "the organization shall retain responsibility of conformity to this International Standard and to customer and applicable regulatory requirements for outsourced processes. The controls shall be proportionate to the risk involved and the ability of the external party to meet the requirements in accordance with 7.4. The controls shall include written quality agreements”.

It clarifies the fact that the organization that subcontracts the activity remains responsible for it. It also formalizes the approach under which controls shall be implemented using a Risk-based approach.

Section 7.4 of ISO 13485:2016 is then giving more directions for organizations on the Purchasing process, including Suppliers’ control.

ISO 10006:2017

Project Management Using the Guidelines in ISO 10006

Use of the ISO 10006 Guidelines to Quality in Project Management can help you complete projects on time, under budget, within specifications, and to the satisfaction of the customer.

The section on Concept Development states customer needs for products and processes should be translated into documented requirements and agreed upon by the customer. In other words, define the project charter.

Stakeholder Identification emphasizes the importance of identifying very early the various players beyond the direct project participants (for example, customers, suppliers, and regulatory agencies) and their needs.

Work Breakdown Structure explains how to divide the project into smaller, more manageable activities to improve the accuracy of the project cost, schedule, and resource assignments.

Schedule Development uses these defined activities, plus dependencies and time estimates, to develop an initial project schedule.

Resource Planning is used to assign resources for labor, materials, and equipment.

Budget Development estimates the costs for each of the assigned resources and couples this information with activity durations and schedules to develop the project budget.

Communications Planning covers the type of communication, when it will occur, how it will be transmitted, and the individuals involved in the project.

Risk Analysis includes identifying risks, their likelihood, their timing, their impact, and developing responses as contingency plans.

Communications Management ensures the project manager knows what activities have completed, the activities that need to be completed, how much time has been spent, what new risks have been identified, and if the schedule is still on target.

Team Development discusses the use of project teams for more effective decision making, higher project performance, and more effective project control.

Project Control involves comparing the project plan against the actual activities and evaluating any differences. When variations are found, corrective actions can be initiated. ISO 10006 addresses project control through clauses on scope control, activity control, schedule control, cost control, resource control, communication control, risk control, and contract control.

Project Closure evaluates the lessons learned from the project and documents the information for the benefit of the next similar project.

The ISO 10006 Guidelines to Quality in Project Management document can be used to plan, execute, and control a project. Take a look at it before you begin your next project.