SOP Human Resources and Training
Summary
This Standard Operating Procedure (SOP) defines the comprehensive framework for human resources management and training within medical device organizations. It establishes processes for employee qualification, training documentation, competency verification, and ongoing performance management to ensure that all personnel are adequately qualified to maintain product quality and meet regulatory compliance requirements.
Why is SOP Human Resources and Training important?
Personnel competency is fundamental to medical device safety and effectiveness. Regulatory authorities recognize that human error is a significant risk factor in medical device development, manufacturing, and post-market activities. This SOP exists to ensure that your organization maintains a qualified workforce capable of consistently producing safe and effective medical devices.
The regulation requires that employees understand their impact on product quality and patient safety. Every person in your organization—from software developers to quality assurance personnel—must be competent in their specific roles and understand how their work contributes to the overall quality management system. Without proper training and competency verification, your organization faces increased risks of product defects, regulatory non-compliance, and potential patient harm.
Regulatory Context
Under 21 CFR Part 820 (Quality System Regulation):
- Section 820.25 mandates that personnel performing work affecting product quality must be qualified based on appropriate education, training, skills, and experience
- Must designate a Management Representative with established authority over quality system requirements (820.20(b)(3))
- Training effectiveness must be documented and verified
- Personnel must understand the relevance of their activities to achieving quality objectives
Special attention required for:
- Management Representative qualification and authority
- Documentation of training effectiveness verification
- Competency requirements for personnel performing design control activities
- Training records retention as quality records under 820.180
Under 21 CFR Part 820 (Quality System Regulation):
- Section 820.25 mandates that personnel performing work affecting product quality must be qualified based on appropriate education, training, skills, and experience
- Must designate a Management Representative with established authority over quality system requirements (820.20(b)(3))
- Training effectiveness must be documented and verified
- Personnel must understand the relevance of their activities to achieving quality objectives
Special attention required for:
- Management Representative qualification and authority
- Documentation of training effectiveness verification
- Competency requirements for personnel performing design control activities
- Training records retention as quality records under 820.180
Under EU MDR 2017/745:
- Article 10(8) requires manufacturers to have adequately qualified personnel for quality management activities
- Article 15 mandates a Person Responsible for Regulatory Compliance (PRRC) with specific qualification requirements
- Must demonstrate competency through appropriate education, training, skills, and experience
- Germany’s MPDG §83 requires special training for medical device consultants
Special attention required for:
- PRRC must have university degree + 1 year experience OR 4 years professional experience
- Medical device consultants in Germany require specialized training
- Training documentation must support technical file requirements
- Personnel competency impacts notified body assessment
Guide
Understanding Employee Roles and Qualification Requirements
Your organization must clearly define every role that affects product quality. This includes obvious positions like quality managers and design engineers, but also support roles such as IT administrators managing your quality management system or procurement personnel selecting suppliers.
For each role, you need to establish minimum qualification criteria based on education, training, skills, and experience. Document these requirements in job descriptions that specify both the technical competencies needed (such as knowledge of ISO 13485 or software development practices) and any regulatory-specific qualifications required for specialized roles.
The Quality Team should maintain oversight of all training and qualification requirements. They determine when additional training is needed and verify that personnel meet the established criteria before assuming new responsibilities.
Implementing Comprehensive Training Programs
Initial training for new employees must cover both role-specific competencies and quality management system awareness. Every employee needs to understand how their work impacts product quality and patient safety, even if they don’t directly touch the product.
Your training program should include:
- Document review and comprehension of relevant SOPs and procedures
- Hands-on training for role-specific tasks and responsibilities
- Quality system overview showing how individual roles contribute to overall objectives
- Regulatory awareness appropriate to each person’s responsibilities
Use multiple training methods to ensure effective learning: structured sessions, document review with verification, webinars, professional courses, or self-study materials. The key is ensuring each person can demonstrate competency in their assigned tasks.
Documenting and Verifying Training Effectiveness
Documentation is critical for regulatory compliance. Maintain records showing what training each person received, when it occurred, and how competency was verified. You can use individual training records or group training documentation for sessions involving multiple employees.
Verification of training effectiveness goes beyond simply completing training modules. Supervisors must observe job performance and confirm that employees can properly apply their training. This might include:
- Performance reviews evaluating how well training translated to actual work
- Competency testing for critical skills or knowledge areas
- Supervisor observations during routine work activities
- Ongoing monitoring of work quality and compliance
If performance reviews reveal training gaps, immediately address them through additional training or process improvements.
Managing Specialized Regulatory Roles
Person Responsible for Regulatory Compliance (PRRC) requires specific qualifications under EU MDR. This person must have either a university degree in a relevant field plus one year of regulatory or QMS experience, or four years of professional experience in regulatory affairs or quality management systems. Document their qualifications thoroughly as this will be reviewed during notified body assessments.
Management Representative under FDA regulations must have established authority over quality system requirements and report directly to executive management. Ensure this person understands both the technical aspects of your quality system and has sufficient organizational authority to implement necessary changes.
Establishing Ongoing Training and Performance Management
Continuous training is required throughout employment, not just during onboarding. Trigger additional training when:
- SOPs or procedures are updated
- Job roles change or expand
- Nonconformities reveal training gaps through root cause analysis
- New regulatory requirements emerge
- Performance reviews identify development needs
Conduct annual performance reviews at minimum to identify training needs and verify ongoing competency. Use these reviews to discuss career development, regulatory updates, and any quality system changes affecting the employee’s role.
Maintaining Employee Records and Documentation
Keep comprehensive employee records including contracts, qualifications, job descriptions, training records, and performance evaluations. Ensure these records are maintained according to your document control procedures and privacy requirements in your operating jurisdiction.
Training records should clearly show the training provided, date completed, competency verification method, and results. These records serve as objective evidence during audits and support your overall quality management system documentation.
Example
Scenario
You’re hiring a new software engineer for your medical device software team. The position requires developing software components that directly affect device safety and effectiveness. Here’s how you would implement the training requirements:
Initial Assessment: Review the candidate’s resume showing a computer science degree and three years of software development experience. The job description requires knowledge of IEC 62304 software lifecycle processes and experience with medical device development.
Onboarding Training: Provide initial training covering your quality management system, design control procedures, software development lifecycle SOP, and risk management processes. Include training on regulatory requirements specific to medical device software.
Competency Verification: Have the employee complete a supervised project demonstrating ability to follow your software development procedures, properly document design decisions, and identify safety-related requirements.
Ongoing Training: Provide annual training on updated software standards, participate in design control training when procedures change, and receive additional training if post-market surveillance reveals software-related issues.
Example Training Documentation
Employee: John Smith, Software Engineer
Training Completed: SOP Software Development Lifecycle
Date: March 15, 2024
Method: Document review + hands-on project
Verification: Successfully completed supervised development task following all SOP requirements
Verified by: Sarah Johnson, Software Team Lead
Next Review: March 15, 2025 (annual performance review)
Training Record:
- 03/15/2024 - SOP Software Development Lifecycle (Initial training)
- 03/20/2024 - Risk Management Process Training
- 03/25/2024 - Design Control Procedures
- 04/01/2024 - Competency verification completed - PASSED
- 04/01/2024 - Authorized for independent software development work