1.1 QMS Scope, Process Map & Mandatory Records

A Quality Management System (QMS) without defined boundaries becomes a bureaucracy engine. We define scope not to satisfy auditors, but to focus engineering resources on failure prevention rather than administrative overhead. If a process affects product safety, reliability, or regulatory compliance, it is controlled. If it does not impact the physical product or user risk, it remains outside the system to preserve agility.

Determining QMS Scope

Define the boundary based on risk and product impact. Do not encompass the entire organization.

Decision Logic: In-Scope vs. Out-Scope

IF process alters Form, Fit, or Function of the device (e.g., PCB Layout, Firmware Commit, Supplier Selection) -> THEN Process is Controlled (In-Scope).
IF process generates data used for product validation or release (e.g., QA Testing, Metrology) -> THEN Process is Controlled (In-Scope).
IF process is purely administrative (e.g., Payroll, Finance, Office Management) -> THEN Process is Uncontrolled (Out-of-Scope).

Pro-Tip: Never exclude "Outsourced Processes" from scope. If a Contract Manufacturer (CM) builds the PCBA, the "Management of Outsourced Processes" is a critical internal control. You cannot outsource liability.

The Process Map (Interaction of Processes)

The QMS is a system of linked pipes, not a pile of silos. Inputs must equal outputs.

Core Architecture:

Input (Requirements): Market needs convert into System Requirements Specifications (SRS).
Transformation (Realization):
- Design Control: Converts SRS into Technical Specifications (Gerbers, Schematics, BOM).
- Production: Converts Technical Specifications into Physical Goods.
Output (Delivery): Verified product reaches the customer.
Feedback (Loop): RMA and Complaint data feeds back into Design Inputs for the next revision.

Linkage Rules:

IF Design Transfer is incomplete (e.g., missing Assembly Instructions) -> THEN Production Halis. Do not rely on tribal knowledge.
IF Non-Conformance (NC) rate > Trigger Limit -> THEN CAPA process Initiates automatically.

Mandatory Records (Evidence of Control)

Records are not generated for the auditor; they are generated to enable Root Cause Analysis (RCA) 5 years from now. If it isn't written down, it didn't happen, and the batch is suspect.

Traceability Hierarchy:

DHF (Design History File): Why we built it. (Contains: SRS, Risk Analysis, Design Reviews).
DMR (Device Master Record): What we build. (Contains: Approved BOM, Gerbers, SOPs).
DHR (Device History Record): How we built this specific unit. (Contains: Serial Numbers, Test Logs, Rework Notes, Date Codes).

Retention Policy:

IF Product Lifecycle is X years -> THEN Retain records for X + 2 years (or as required by local law, whichever is longer).
IF Record pertains to Safety Critical Component -> THEN Retain Indefinitely.

Pro-Tip: Digitally sign records at the moment of creation. Retroactive signing (backdating) is fraud and destroys data integrity.

Final Checklist

Control Point	Critical Requirement	Non-Negotiable Rule
Scope Boundary	Exclusions must be justified (e.g., "We do not service").	Do not claim "Design" exclusion if you modify firmare.
Process Interaction	Outputs of A must meet Inputs of B.	No "Throw it over the wall" handoffs.
DHR Integrity	Full traceability to component lot level.	Missing serial number = Scrap the unit.
Record Retention	Retrieveable within 24 hours.	Backups must be tested quarterly.
Change Control	Revision history on all DMR docs.	No uncontrolled "Redline" changes on the production floor.

1.1 QMS Scope, Process Map & Mandatory Records

1.2 Documentation Control & Data Integrity

1.3 Change Control & Configuration Management (ECR/ECO/Deviation control)

1.4 Competence & Training Management (Skills Matrix)

1.5 Templates Pack: NCR, CAPA, Audit, Calibration, Incoming Report

2.1 ESD Control Program (ANSI/ESD S20.20)

2.2 MSD Handling & Storage (J-STD-033)

2.3 Shelf Life & Expiry Control: Chemical Integrity

3.1 APQP & PPAP

3.2 Material Compliance: RoHS, REACH, & Conflict Minerals

3.3 Failure Mode and Effects Analysis (FMEA)

3.4 Control Plan + Reaction Plan (Stop/Contain/Release Rules)

3.5 First Article Inspection (AS9102)

3.6 Regulatory Compliance: The EMS Interface

4.1 Governance and Operating Model

4.2 Audits and Capability Verification

4.3 The Incoming Inspection Plan (IQC)

4.4 Supplier Nonconformance (SCAR) Management

4.5 Supplier Corrective Action (SCAR/8D) + Effectiveness Check

4.6 Change Control and Deviations

5.1 Bare Board Inspection (IPC-A-600)

5.2 IPC-A-610 Classifications & Criteria

5.3 Cable & Harness Assembly (IPC/WHMA-A-620)

5.4 Box Build & Mechanical Assembly (IPC-A-630)

5.5 Cosmetic Inspection Standards (Visual Quality)

5.6 Rework & Repair (IPC-7711/7721)

5.7 Defect Taxonomy & Disposition Rules (Linked to MRB)

6.1 Measurement System Analysis (MSA / Gauge R&R)

6.2 Calibration Management

6.3 Equipment Validation (IQ/OQ/PQ)

6.4 Inspection Method Validation (AOI/X-Ray/ICT/FCT Correlation)

7.1 Statistical Process Control (SPC): Cp & Cpk

7.2 Operational Metrics: FPY, RTY, CoQ & Review Cadence

7.3 Test Process Quality (ICT/FCT & Retest Limits)

7.4 Layered Process Audits (LPA)

8.1 NCR Workflow: Detect, Quarantine, Disposition, Close

8.2 Internal MRB & Quarantine Discipline

8.3 Root Cause Analysis (RCA) & CAPA

8.4 Containment Playbook: Suspect Lots, Line Stop Triggers & Escape Handling

8.5 RMA Processing & Field Failure Analysis

9.1 Internal Systems Audits (ISO 19011)

9.2 Hosting the Customer Audit

9.3 Audit Program: Annual Plan, Checklist Library & Evidence Index

9.4 The Quarterly Business Review (QBR) & Quality Strategy

1.1 QMS Scope, Process Map & Mandatory Records

Determining QMS Scope

The Process Map (Interaction of Processes)

Core Architecture:

Linkage Rules:

Mandatory Records (Evidence of Control)

Traceability Hierarchy:

Retention Policy:

Final Checklist