1.1 QMS Scope, Process Map & Mandatory Records

A Quality Management System (QMS) actswithout asdefined theboundaries organization'sbecomes engineereda operatingbureaucracy logic,engine. We define scope not merelyto asatisfy repositoryauditors, of documents. Its primary function isbut to decouplefocus productengineering qualityresources fromon individualfailure human effort, ensuring that reliability is a systemic outputprevention rather than administrative overhead. If a resultprocess ofaffects heroicproduct intervention.safety, Forreliability, electronicsor manufacturingregulatory servicescompliance, (EMS),it is controlled. If it does not impact the QMSphysical mustproduct satisfyor user risk, it remains outside the dualsystem mandatesto ofpreserve commercialagility.

~~efficiency~~

Determining (ISOQMS 9001)Scope

Define the boundary based on risk and ~~patient/user~~product ~~safety~~impact. ~~(ISO~~Do ~~13485),~~not ~~creating a "defense in depth" against defect propagation.~~

The Context & Risk-Based Approach

~~ISO 9001:2015 and ISO 13485:2016 mandate that~~encompass the ~~organization~~entire ~~determine~~organization.

~~its~~

Decision ~~"Context"—the~~Logic: ~~specific~~In-Scope ~~internal~~vs. ~~and external variables that threaten quality.~~Out-Scope

~~Risk-Based Thinking:~~IF ~~Every~~ process ~~map~~alters ~~must~~Form, ~~feature~~Fit, anor integrated risk assessment. In PCBA manufacturing, this requires identifying failure modes such as supply chain volatility (counterfeit component risk), process drift (reflow oven profile changes), and regulatory obsolescence (RoHS exemptions expiring).
~~The Medical Device File (MDF):~~ ~~For ISO 13485 compliance, a specific MDF must be maintained for each device family. This file acts as the "DNA"~~Function of the ~~product, linking the physical assembly to its validated process parameters. If a parameter~~device (e.g., ~~torque~~PCB ~~setting,~~Layout, ~~solder~~Firmware ~~paste~~Commit, ~~type)~~Supplier Selection) -> THEN Process is ~~not~~Controlled ~~explicitly~~(In-Scope).
IF ~~defined~~process ingenerates ~~the~~data ~~MDF, it is unauthorized~~used for ~~production~~product ~~use.~~

validation

Managementor Responsibility & Review

~~Quality is not solely the domain of the Quality Department; it is a leadership deliverable.~~

~~Management Review:~~ ~~Top management must analyze QMS metrics—Yield, Customer Complaints, CAPA aging, and Supplier Performance—at defined intervals~~release (e.g., ~~quarterly)~~QA toTesting, ~~resource~~Metrology) -> THEN Process is Controlled (In-Scope).
IF process is purely administrative (e.g., Payroll, Finance, Office Management) -> THEN Process is Uncontrolled (Out-of-Scope).

Pro-Tip: Never exclude "Outsourced Processes" from scope. If a Contract Manufacturer (CM) builds the PCBA, the "Management of Outsourced Processes" is a critical internal control. You cannot outsource liability.

The Process Map (Interaction of Processes)

The QMS is a system ~~adequately.~~of linked pipes, not a pile of silos. Inputs must equal outputs.

Core Architecture:

Input (Requirements): Market needs convert into System Requirements Specifications (SRS).
~~Resource~~Transformation ~~Provision:~~(Realization):
- Design Control: Converts SRS into Technical Specifications (Gerbers, Schematics, BOM).
- Production: Converts Technical Specifications into Physical Goods.
Output (Delivery): ~~Leadership~~Verified product reaches the customer.
Feedback (Loop): RMA and Complaint data feeds back into Design Inputs for the next revision.

Linkage Rules:

IF Design Transfer is ~~obligated~~incomplete (e.g., missing Assembly Instructions) -> THEN Production Halis. Do not rely on tribal knowledge.
IF Non-Conformance (NC) rate > Trigger Limit -> THEN CAPA process Initiates automatically.

Mandatory Records (Evidence of Control)

Records are not generated for the auditor; they are generated to ~~provide~~enable Root Cause Analysis (RCA) 5 years from now. If it isn't written down, it didn't happen, and the batch is suspect.

Traceability Hierarchy:

DHF (Design History File): Why we built it. (Contains: SRS, Risk Analysis, Design Reviews).
DMR (Device Master Record): What we build. (Contains: Approved BOM, Gerbers, SOPs).
DHR (Device History Record): How we built this specific ~~infrastructure~~unit. (~~cleanrooms,~~Contains: ~~ESD~~Serial ~~flooring,~~Numbers, ~~calibrated~~Test ~~tools)~~Logs, Rework Notes, Date Codes).

Retention Policy:

IF Product Lifecycle is $X$ years -> THEN Retain records for $X + 2$ years (or as required toby ~~achieve~~local ~~product~~law, ~~conformity.~~whichever ~~Failure~~is longer).
IF Record pertains to ~~provide~~Safety ~~these~~Critical ~~resources~~Component ~~constitutes~~-> aTHEN ~~major~~Retain ~~non-conformance.~~Indefinitely.

Pro-Tip: Digitally sign records at the moment of creation. Retroactive signing (backdating) is fraud and destroys data integrity.

Final Checklist

~~QMS~~Control ~~Element~~Point	Critical Requirement	~~Audit~~Non-Negotiable ~~Evidence~~Rule
~~Risk~~Scope ~~Management~~Boundary	~~ISO~~Exclusions ~~14971~~must be justified (~~Medical)~~e.g., or"We ~~ISO~~do ~~9001~~not ~~Risk Register~~service").	~~FMEA~~Do ~~Documents~~not /claim ~~Risk~~"Design" ~~Register~~exclusion if you modify firmare.
~~Device~~Process ~~Master~~Interaction	Outputs ~~Record~~of A must meet Inputs of B.	No "Throw it over the wall" handoffs.
DHR Integrity	Full ~~technical~~traceability ~~file~~to ~~for~~component ~~every~~lot PNlevel.	~~MDF~~Missing /serial ~~DMR~~number ~~index~~= ~~link~~Scrap the unit.
~~Management~~Record ~~Review~~Retention	~~Quarterly~~Retrieveable ~~Performance~~within ~~Analysis~~24 hours.	~~Meeting~~Backups ~~Minutes~~must &be ~~Action~~tested ~~Items~~quarterly.
~~Traceability~~Change Control	~~Forward/Backward~~Revision ~~linkage~~history ofon ~~materials~~all DMR docs.	~~ERP~~No ~~Genealogy~~uncontrolled ~~Reports~~"Redline" changes on the production floor.