Establish Quality Management System
SOP Human Resources and Training
Organize comprehensive HR frameworks for personnel qualification, training documentation, and competency verification.
Summary
This Standard Operating Procedure (SOP) defines the comprehensive framework for human resources management and training within medical device organizations. It establishes processes for employee qualification, training documentation, competency verification, and ongoing performance management to ensure that all personnel are adequately qualified to maintain product quality and meet regulatory compliance requirements.Why is SOP Human Resources and Training important?
Personnel competency is fundamental to medical device safety and effectiveness. Regulatory authorities recognize that human error is a significant risk factor in medical device development, manufacturing, and post-market activities. This SOP exists to ensure that your organization maintains a qualified workforce capable of consistently producing safe and effective medical devices. The regulation requires that employees understand their impact on product quality and patient safety. Every person in your organization—from software developers to quality assurance personnel—must be competent in their specific roles and understand how their work contributes to the overall quality management system. Without proper training and competency verification, your organization faces increased risks of product defects, regulatory non-compliance, and potential patient harm.Regulatory Context
Under 21 CFR Part 820 (Quality System Regulation):
- Section 820.25 mandates that personnel performing work affecting product quality must be qualified based on appropriate education, training, skills, and experience
- Must designate a Management Representative with established authority over quality system requirements (820.20(b)(3))
- Training effectiveness must be documented and verified
- Personnel must understand the relevance of their activities to achieving quality objectives
Special attention required for:
- Management Representative qualification and authority
- Documentation of training effectiveness verification
- Competency requirements for personnel performing design control activities
- Training records retention as quality records under 820.180
Guide
Understanding Employee Roles and Qualification Requirements
Your organization must clearly define every role that affects product quality. This includes obvious positions like quality managers and design engineers, but also support roles such as IT administrators managing your quality management system or procurement personnel selecting suppliers. For each role, you need to establish minimum qualification criteria based on education, training, skills, and experience. Document these requirements in job descriptions that specify both the technical competencies needed (such as knowledge of ISO 13485 or software development practices) and any regulatory-specific qualifications required for specialized roles. The Quality Team should maintain oversight of all training and qualification requirements. They determine when additional training is needed and verify that personnel meet the established criteria before assuming new responsibilities.Implementing Comprehensive Training Programs
Initial training for new employees must cover both role-specific competencies and quality management system awareness. Every employee needs to understand how their work impacts product quality and patient safety, even if they don’t directly touch the product. Your training program should include:- Document review and comprehension of relevant SOPs and procedures
- Hands-on training for role-specific tasks and responsibilities
- Quality system overview showing how individual roles contribute to overall objectives
- Regulatory awareness appropriate to each person’s responsibilities
Documenting and Verifying Training Effectiveness
Documentation is critical for regulatory compliance. Maintain records showing what training each person received, when it occurred, and how competency was verified. You can use individual training records or group training documentation for sessions involving multiple employees. Verification of training effectiveness goes beyond simply completing training modules. Supervisors must observe job performance and confirm that employees can properly apply their training. This might include:- Performance reviews evaluating how well training translated to actual work
- Competency testing for critical skills or knowledge areas
- Supervisor observations during routine work activities
- Ongoing monitoring of work quality and compliance
Managing Specialized Regulatory Roles
Person Responsible for Regulatory Compliance (PRRC) requires specific qualifications under EU MDR. This person must have either a university degree in a relevant field plus one year of regulatory or QMS experience, or four years of professional experience in regulatory affairs or quality management systems. Document their qualifications thoroughly as this will be reviewed during notified body assessments. Management Representative under FDA regulations must have established authority over quality system requirements and report directly to executive management. Ensure this person understands both the technical aspects of your quality system and has sufficient organizational authority to implement necessary changes.Establishing Ongoing Training and Performance Management
Continuous training is required throughout employment, not just during onboarding. Trigger additional training when:- SOPs or procedures are updated
- Job roles change or expand
- Nonconformities reveal training gaps through root cause analysis
- New regulatory requirements emerge
- Performance reviews identify development needs
Maintaining Employee Records and Documentation
Keep comprehensive employee records including contracts, qualifications, job descriptions, training records, and performance evaluations. Ensure these records are maintained according to your document control procedures and privacy requirements in your operating jurisdiction. Training records should clearly show the training provided, date completed, competency verification method, and results. These records serve as objective evidence during audits and support your overall quality management system documentation.Example
Scenario
You’re hiring a new software engineer for your medical device software team. The position requires developing software components that directly affect device safety and effectiveness. Here’s how you would implement the training requirements: Initial Assessment: Review the candidate’s resume showing a computer science degree and three years of software development experience. The job description requires knowledge of IEC 62304 software lifecycle processes and experience with medical device development. Onboarding Training: Provide initial training covering your quality management system, design control procedures, software development lifecycle SOP, and risk management processes. Include training on regulatory requirements specific to medical device software. Competency Verification: Have the employee complete a supervised project demonstrating ability to follow your software development procedures, properly document design decisions, and identify safety-related requirements. Ongoing Training: Provide annual training on updated software standards, participate in design control training when procedures change, and receive additional training if post-market surveillance reveals software-related issues.Example Training Documentation
Employee: John Smith, Software EngineerTraining Completed: SOP Software Development Lifecycle
Date: March 15, 2024
Method: Document review + hands-on project
Verification: Successfully completed supervised development task following all SOP requirements
Verified by: Sarah Johnson, Software Team Lead
Next Review: March 15, 2025 (annual performance review) Training Record:
- 03/15/2024 - SOP Software Development Lifecycle (Initial training)
- 03/20/2024 - Risk Management Process Training
- 03/25/2024 - Design Control Procedures
- 04/01/2024 - Competency verification completed - PASSED
- 04/01/2024 - Authorized for independent software development work
Q&A
Do I need to provide training to all employees, even those not directly involved in device development?
Do I need to provide training to all employees, even those not directly involved in device development?
Yes, all employees whose work could affect product quality must receive appropriate training. This includes IT personnel managing your quality systems, administrative staff handling regulatory submissions, and support personnel. The training should be proportionate to their role’s impact on product quality and regulatory compliance.
How often do I need to retrain employees on existing procedures?
How often do I need to retrain employees on existing procedures?
Retraining is required when SOPs are updated, job roles change, or performance issues indicate training gaps. At minimum, conduct annual performance reviews to assess ongoing competency. Some organizations provide annual refresher training on critical procedures, but this isn’t always required if competency is maintained.
What qualifications are required for the Person Responsible for Regulatory Compliance (PRRC)?
What qualifications are required for the Person Responsible for Regulatory Compliance (PRRC)?
Under EU MDR Article 15, the PRRC must have either (a) a university degree in law, medicine, pharmacy, engineering, or relevant scientific discipline plus one year regulatory/QMS experience, or (b) four years professional experience in regulatory affairs or quality management systems relating to medical devices.
Can I use external training providers or do I need internal training programs?
Can I use external training providers or do I need internal training programs?
Both internal and external training are acceptable. External training through professional courses, webinars, or industry seminars can be very effective. However, you must still verify that the training meets your specific needs and document competency verification. Internal training allows more customization to your specific procedures and quality system.
How do I document training effectiveness verification?
How do I document training effectiveness verification?
Document training effectiveness through supervisor observations, performance reviews, competency testing, or work quality assessments. The verification should demonstrate that the employee can properly apply the training to their actual work. Simple completion certificates are not sufficient - you need evidence of practical competency.
What happens if an employee fails to demonstrate competency after training?
What happens if an employee fails to demonstrate competency after training?
If initial training is ineffective, provide additional training using different methods or more detailed instruction. If the employee still cannot demonstrate competency, consider whether they’re suited for the role or if the training program needs improvement. Document all training attempts and decisions as part of your quality records.
Do I need special training documentation for software development teams?
Do I need special training documentation for software development teams?
Yes, software development personnel should receive training on IEC 62304 software lifecycle processes, cybersecurity requirements, and your specific software development procedures. Document their competency in areas like requirement analysis, software architecture, verification and validation, and risk management as these directly impact device safety.
How do I handle training for consultants or temporary personnel?
How do I handle training for consultants or temporary personnel?
Consultants and temporary personnel performing work affecting product quality must receive appropriate training for their specific tasks. This may be abbreviated compared to full-time employees but must still cover relevant quality system requirements and regulatory compliance. Document their qualifications and any training provided.
What is the process for establishing a Person Responsible for Regulatory Compliance (PRRC)?
What is the process for establishing a Person Responsible for Regulatory Compliance (PRRC)?
To establish a PRRC, you need someone with a higher education degree and at least one year of experience in medical device quality or regulatory. A PRRC signature contract is required, and the person must register in the EUDAMED system to obtain a Single Registration Number (SRN). Document their qualifications thoroughly as this will be reviewed during notified body assessments.