How to Take Control of Training Management and Stay Compliant with ISO 13485:2016 and Part 820.25

March 27, 2024

How to Take Control of Training Management and Stay Compliant with ISO 134852016 and Part 820.25

In Greenlight Guru’s 2024 State of the MedTech Industry Report, respondents cited a number of common challenges related to training management, including:

  • Ensuring the completion of training
  • Personalizing training to individuals
  • Verifying that re-training on revised documents has occurred

These are fundamental requirements for training within a MedTech company, yet they’re often some of the toughest to fulfill. Making sure everyone is trained on the most up-to-date SOPs at any time can be difficult even for companies with a strong culture of quality.

Let’s dig into the requirements for training management in MedTech, why companies tend to struggle with them, and what you can do to keep your training program audit-ready at all times.

BONUS RESOURCE: Click here to download our free training matrix template designed specifically for MedTech professionals. 

What do ISO 13485:2016 and FDA’s Part 820.25 say about training management?

The requirements for training management exist to ensure that everyone working at a medical device manufacturer can perform their job in a way that will produce safe and effective devices.

There are many low risk jobs out there; building medical devices is not one of them. That’s why both ISO 13485:2016 and FDA have specific requirements for how and when employees should be trained. 

The FDA’s training requirements, found in 21 CFR Part 820.25, are short and sweet:

(a) General. Each manufacturer shall have sufficient personnel with the necessary education, background, training, and experience to assure that all activities required by this part are correctly performed.

(b) Training. Each manufacturer shall establish procedures for identifying training needs and ensure that all personnel are trained to adequately perform their assigned responsibilities. Training shall be documented.

(1) As part of their training, personnel shall be made aware of device defects which may occur from the improper performance of their specific jobs.

(2) Personnel who perform verification and validation activities shall be made aware of defects and errors that may be encountered as part of their job functions.

You can find the training requirements for ISO 13485:2016 in Section 6.2 - Human resources

Personnel performing work affecting product quality shall be competent on the basis of appropriate  education, training, skills and experience. 

The organization shall document the process(es) for establishing competence, providing needed  training, and ensuring awareness of personnel. 

The organization shall:

a) determine the necessary competence for personnel performing work affecting product quality; 

b) provide training or take other actions to achieve or maintain the necessary competence; 

c) evaluate the effectiveness of the actions taken; 

d) ensure that its personnel are aware of the relevance and importance of their activities and how  they contribute to the achievement of the quality objectives; 

e) maintain appropriate records of education, training, skills and experience (see 4.2.5).

NOTE The methodology used to check effectiveness is proportionate to the risk associated with the work for which the training or other action is being provided. 

Are there differences between Part 820.25 and Section 6.2 of ISO 13485:2016?

For the most part, by following the training requirements of ISO 13485:2016, you will be fulfilling the requirements of FDA’s Part 820.25. That will definitely be the case once the Quality Management System Regulation (QMSR) goes into effect in two years. 

For now, there’s one difference that you should pay attention to. FDA twice uses language that requires companies to make employees aware of “defects” and/or errors they may encounter or that may occur should they do their jobs improperly. In a nutshell, employees should know and understand what could go wrong. 

This same understanding is mostly covered by 6.2(d) in ISO 13485:2016, but the language is less specific and more centered around the company’s Quality Objectives. And if you’re undergoing an FDA inspection, you’ll want to be sure that you’re meeting their specific requirements for awareness of device defects. 

All of this really comes down to what I said earlier—manufacturing medical devices is not a low-risk job. These aren’t spatulas or TV remotes. Everyone needs to understand the magnitude of what they’re working on and the potential consequences for doing it wrong. 

Why do MedTech companies struggle with training compliance?

The training requirements in both Part 820.25 and ISO 13485 probably seem fairly straightforward. If you’ve just taken on responsibility for managing training within your company (good luck, my friend), you may be wondering why training seems like such a struggle for MedTech companies.

Remember, the two biggest problems you’ll encounter with training management are:

  • People not being trained on the job they’re doing
  • People not being trained on the current version of the job they’re doing

Tracking training gets complicated quickly

At a smaller company, it may be fairly easy to keep track of who has been trained on which SOPs and who still needs to complete their training. But at a certain size you may have hundreds of employees, all of whom need to be trained on at least some SOPs—and the effectiveness of that training also needs to be evaluated, per both Part 820.25 and ISO 13485:2016. 

Usually, MedTech companies handle this by using a training matrix. While there is no one-size-fits-all training matrix (yours should be customized for your needs) a typical one may look something like this:


By grouping people into departments, it becomes much easier to simply say, “Everyone in Product Development needs to be trained on these 25 SOPs.” Of course, you also need a system for assigning them those SOPs, following each individual’s progress, sending reminders, and performing effectiveness checks (often a quiz). 

And if you’re using a paper system, that becomes a full-time job, fast. Not an easy job, either. Companies struggle with ensuring everyone is trained because it’s a process with a lot of moving pieces that depends on practically everyone in the company to perform a task.

Retraining increases the complexity

The unfortunate thing about training is that it isn’t “set it and forget it.” You may have just moved heaven and earth to ensure that everyone is trained on the procedures they need to be trained on, and then what happens? Someone changes the procedure. 

And depending on that change and how the company has defined the training process, the people with an X next to their department in the training matrix will need to be retrained on that procedure. Change is inevitable, and people inevitably don’t love the feeling that they are re-doing something they’ve already done. That’s why keeping everyone trained on the current version of the job they’re doing is also a problem that MedTech companies run into regularly.

How can MedTech Companies overcome these training challenges?

With all the potential for error that training activities present, it’s little wonder that training management is a pain point for most MedTech companies. But there are some steps you can take to ensure that your training program is not only compliant, but working well for your team when they need to do training or retraining. 

Bring your training management processes into your QMS solution 

Training management is included in FDA’s regulations and the international standard for medical device quality management systems for a reason—it’s an important part of your QMS. Yet 40% of respondents in the 2024 State of MedTech report said they were still using general-purpose tools for training management. 

Managing your training in a disconnected system like a general-purpose tool (or paper-based QMS) increases your audit risk tremendously. You will be audited on your training processes and documentation, and I can tell you from experience, training is an area where auditors can almost always find something to ding you on.

One big piece of advice is to use QMS software that has training management workflows built-in for you, and makes it easy to pull all your records during an audit. 

Automate your training processes

Having training live in your QMS solution is a great start, but if your training workspaces are mostly just a repository for documentation and quiz results, you’ll still be doing a lot of manual labor yourself to keep everyone’s training up-to-date.

In a system like Greenlight Guru Quality, however, you’ll have built-in automations that do a number of things to ease the training burden on you and your team. First, you’ll be able to assign documents to specific groups of employees, which can be custom-built based on department, role, location, and more. 

As updates are made, you can assess whether retraining is required on those documents and you can automate that process to send out required completion to the people who need to be trained on the revised documents (you can also automate reminders for those who tend to take their time). And as people join your organization, they can be added to the appropriate groups and automatically be sent the documents they need to be trained on, as well.

These kinds of automations will save training managers an enormous amount of time and energy, as well as cut down on errors stemming from manual processes to keep you audit-ready at all times. 

Always consider the risk of changes

Beyond compliance, if there’s one piece of advice I can give to MedTech companies on training, it’s to carefully consider the risk of any given change to a document. When I refer to the risk of a change, I don’t just mean whether the work being carried out has a high degree of risk attached to it. 

I also mean the risk of the change that is being made. You can have a relatively low-risk activity, and make a change to the work instructions that could have big consequences if someone didn’t know the change was made or understand how it affected their work. 

Take the time to understand the change that’s being made, how it will affect employees, and whether they need to be retrained on this change so that you can determine the most effective way to deliver the training to them. That’s what will ensure your company is building the safest, most effective devices on the market for the patients whose lives will be affected by their use.

BONUS RESOURCE: Click here to download our free training matrix template designed specifically for MedTech professionals. 

Greenlight Guru Quality keeps training organized and automated for maximum compliance

In Greenlight Guru Quality, the only QMS software built specifically for MedTech, our dedicated Training Management workspace that lets you assign training to individuals, set due dates, and keep track of tasks to ensure completion. 

Better yet, because our training workspace is connected to the rest of the QMS, you have a fully integrated workflow that allows you to close the loop between your change management and retraining activities. 

When you bring your training management into Greenlight Guru Quality, you’ll be able to efficiently create, duplicate, assign, and track individual or role-based training activities. Of course, our QMS solution also provides 21 CFR Part 11-compliant electronic signatures for all users.

Ready to see how an integrated, automated training management workspace can keep you compliant and audit-ready at all times? Get your free demo of Greenlight Guru Quality today ➔

Sara Adams is a Medical Device Guru at Greenlight Guru and a Certified ISO 13485 Lead Auditor who began her career in the medical device industry in the post-manufacturing world. As an experienced Quality Engineer, she has been responsible for leading Corrective and Preventive Action (CAPA) investigations and...

Training Matrix Template
Download Now
Training Matrix Template - slide-in cover
Search Results for:
    Load More Results