Quality Assurance: Key Definitions and Terminology

Quality assurance operates within a precise technical vocabulary that governs how organizations design, implement, and audit their quality systems. Inconsistent use of foundational terms creates gaps between regulatory intent and operational practice, particularly in sectors governed by ISO 9001, FDA 21 CFR Part 820, and AS9100 standards. This page catalogs the authoritative definitions and classification distinctions that structure professional QA practice across US-regulated industries.

Definition and Scope

Quality assurance is defined by the American Society for Quality (ASQ) as "the planned and systematic activities implemented in a quality system so that quality requirements for a product or service will be fulfilled." This definition distinguishes QA from its close variant, quality control (QC): QA is process-oriented and preventive, while QC is product-oriented and detective.

The ISO 9000:2015 standard (Vocabulary for Quality Management Systems) provides the normative terminology base referenced across regulated industries. Key scope terms under ISO 9000:2015 include:

• Quality: "Degree to which a set of inherent characteristics of an object fulfils requirements"
• Quality management system (QMS): The set of interrelated elements an organization uses to direct and control how quality policy is applied
• Nonconformity: Nonfulfillment of a requirement — distinct from a defect, which implies a failure to meet an intended or specified use requirement
• Corrective action: Action taken to eliminate the cause of a detected nonconformity, as distinct from correction, which addresses only the nonconformity itself

The distinction between verification and validation carries particular regulatory weight. Verification confirms that specified requirements have been met; validation confirms that requirements for a specific intended use have been met. FDA's 21 CFR Part 820 (Quality System Regulation for medical devices) mandates both as discrete documented activities.

How It Works

QA systems operate through a structured framework of documented processes, measurement activities, and review cycles. The Plan-Do-Check-Act (PDCA) cycle, formalized through ISO 9001, underlies most QMS implementations:

1. Plan — Establish objectives, processes, and resources required to deliver results aligned with quality policy
2. Do — Implement the processes as planned
3. Check — Monitor and measure processes and outputs against policies, objectives, and requirements; report results
4. Act — Take action to improve performance based on check-phase findings

Within this cycle, three operational constructs carry distinct definitional weight:

• Quality plan: A document specifying which procedures and associated resources apply to a specific project, product, or contract
• Quality audit: Systematic, independent examination to determine whether quality activities comply with planned arrangements (ISO 9000:2015, §3.13.1)
• Risk-based thinking: A requirement explicitly introduced in ISO 9001:2015 under clause 6.1, obligating organizations to identify risks and opportunities that could affect conformity of products and services

Quality audit procedures govern how these reviews are structured, including scope definition, audit criteria selection, and evidence collection protocols.

Common Scenarios

QA terminology is applied across four primary regulated contexts, each with sector-specific vocabulary extensions:

Manufacturing — Under AS9100 Rev D (aerospace) and IATF 16949 (automotive), "special processes" designates operations whose output cannot be fully verified by subsequent inspection. First Article Inspection (FAI) refers to the documented verification that production processes can produce a conforming part.

Healthcare — The FDA's Quality System Regulation (21 CFR Part 820) uses "design history file" (DHF) and "device master record" (DMR) as defined artifacts. The new Quality Management System Regulation (QMSR) at 21 CFR Part 820 (2024 revision) aligns FDA requirements with ISO 13485.

Software — ISO/IEC 25010 establishes the product quality model defining 8 quality characteristics: functional suitability, performance efficiency, compatibility, usability, reliability, security, maintainability, and portability.

Food Safety — FDA's FSMA (Food Safety Modernization Act) introduces "preventive controls" as the operative QA mechanism, replacing traditional corrective-response models. Quality management in food safety standards maps these to broader QMS frameworks.

Decision Boundaries

QA professionals apply classification boundaries that determine which regulatory framework, document type, or remediation process applies to a given situation. Three boundary distinctions recur across regulated sectors:

QA vs. QC: Quality assurance addresses the system producing the output; quality control addresses the output itself. A process capability study (Cpk analysis) is a QA activity; an incoming inspection of received parts is a QC activity. Conflating the two produces misallocated resources and audit findings.

Nonconformity vs. Defect: ISO 9000:2015 explicitly separates these terms. All defects are nonconformities, but not all nonconformities are defects — a document missing a required signature is a nonconformity but not a product defect. This distinction affects disposition authority and legal exposure.

Corrective Action vs. Preventive Action (CAPA): Corrective action responds to detected nonconformities; preventive action responds to potential nonconformities. ISO 9001:2015 merged these into a unified risk-based approach under clause 10.2, but regulated industries including FDA-regulated manufacturing retain explicit CAPA requirements as separate documented processes.

Verification vs. Validation: Verification asks "Did the product meet the specification?" Validation asks "Does the specification meet the need?" A product can pass verification and fail validation — a critical boundary in medical device and software development contexts.

References

• ISO 9000:2015 — Quality Management Systems: Fundamentals and Vocabulary (International Organization for Standardization)
• ISO 9001:2015 — Quality Management Systems: Requirements (International Organization for Standardization)
• 21 CFR Part 820 — Quality System Regulation / QMSR (U.S. Food and Drug Administration)
• FDA FSMA Preventive Controls Rule (U.S. Food and Drug Administration)
• ASQ Quality Assurance vs. Quality Control (American Society for Quality)
• AS9100 Rev D (SAE International / International Aerospace Quality Group)
• ISO/IEC 25010 — Systems and Software Quality Models (International Organization for Standardization)