Competency Management

What competency management actually means

Competency management defines what competence means for each role, verifies people have it before assigning them to perform the work, and maintains it over time through requalification, refresh training, and gap remediation. It treats competence as a managed state — defined, verified, maintained — rather than as an outcome of training attendance.

The discipline goes beyond training records. Training is the activity of conveying knowledge or skill; competency is the demonstrated ability to apply it correctly in the actual work. A trained operator has been through the training; a competent operator has been verified to perform the task correctly. The distinction matters because training completion isn't proof of competence. Inspectors increasingly want to see how competence was assessed, not just that training was attended.

Competency management is regulated explicitly under 21 CFR §211.25, 21 CFR §820.25, EU GMP Chapter 2 §§2.1-2.7, ISO 13485 §6.2, ISO 9001:2015 §7.2, ICH Q10, and WHO GMP. The expectation is universal: personnel performing GxP-relevant work must have demonstrated competence appropriate to the role, with ongoing maintenance.

Why competency discipline shows up everywhere else

Competency is where the people side of the QMS gets tested. Every other QMS control — deviation handling, CAPA, change control, batch review, audit, supplier qualification — depends on the people performing it being competent. If the underlying competency discipline is weak, every dependent process inherits the weakness, and findings that look like specific process failures often trace back to competency gaps.

Inspectors keep finding cases where the apparent issue was a specific failure — a missed deviation, a poorly conducted investigation, a release decision that shouldn't have been made — and the underlying issue was competency. The person who missed the deviation hadn't been assessed for review competence. The investigator wasn't trained on the RCA method they were using. The QP signing release didn't have the experience the role required. The narrow finding became a systemic one.

Recent guidance has tightened the bar specifically. ICH Q10 emphasises ongoing competence. ICH Q9(R1) (effective January 2023) expects competency-based risk management. PIC/S PE 009-17 (June 2023) explicitly addresses personnel competence. Inspectors increasingly ask not just 'are people trained?' but 'how do you know they're competent?' and 'how do you maintain competence over time?'

Where competency is treated as paperwork — signed training records as proof — the dysfunction is visible in inspector interviews with operators. Do they actually know what they're supposed to do, or did they pass the test on paper? Programs that treat competency as the actual capability to do the work, verified, maintained, and gap-remediated, develop genuine quality capacity. The difference shows up the first time inspectors sit down with the people doing the work.

Inspector perspective: competency assessment is often one of the early questions. Pick a critical task — batch review, OOS investigation, deviation closure — and ask how the people performing it were assessed for competence. If the answer is 'they completed the training', the follow-up is 'how do you know they can actually do it?' The answer to that question tells inspectors whether competency is managed or assumed. Assumed competence tends to fail when sampled.

Where competency management obligations come from

Competency is regulated across multiple frameworks:

• 21 CFR §211.25 (Personnel qualifications): each person engaged in the manufacture, processing, packing, or holding of a drug product shall have education, training, and experience, or any combination thereof, to enable that person to perform the assigned functions. Training shall be in the particular operations the employee performs and in current good manufacturing practice.
• 21 CFR §211.25(b): training in current GMP shall be conducted by qualified individuals on a continuing basis and with sufficient frequency to assure that employees remain familiar with applicable requirements.
• 21 CFR §820.25 (Personnel): each manufacturer shall have sufficient personnel with the necessary education, background, training, and experience to assure that all activities required by this part are correctly performed. Training procedures established and maintained; employees made aware of device defects which may occur from improper performance.
• 21 CFR §820.25(b): as part of training, personnel shall be made aware of device defects which may occur from the improper performance of their specific jobs.
• EU GMP Chapter 2 §§2.1-2.7: establishment and maintenance of a satisfactory system of quality assurance and the correct manufacture and control of medicinal products relies upon people. Personnel in sufficient numbers, qualifications, and experience; defined responsibilities; training in theory and practice; assessment of effectiveness.
• EU GMP Annex 1 (2022): personnel working in clean areas qualified and trained; specific competence for sterile manufacturing.
• EU GMP Annex 16: QP competence requirements; experience and qualifications.
• ISO 13485 §6.2 (Human resources): organisation shall determine the necessary competence for personnel performing work affecting product quality; ensure persons are competent on the basis of education, training, skills, and experience; evaluate the effectiveness of the actions taken; maintain appropriate records.
• ISO 9001:2015 §7.2: organisation shall determine necessary competence; ensure persons are competent; take actions to acquire necessary competence; evaluate effectiveness.
• ICH Q10 (Pharmaceutical Quality System): human resources as enabler; competence essential to PQS effectiveness.
• ICH Q9(R1) (effective 2023): risk management requires competent personnel; subjectivity and bias awareness includes competence.
• WHO TRS 986 Annex 2, TRS 1019, TRS 1033: WHO GMP personnel competence.
• MHRA GxP DI guidance (March 2018, updated September 2021): data integrity governance requires competent personnel.
• PIC/S PE 009-17 (June 2023): personnel competence requirements.
• PIC/S PI 041-1 (July 2021): data integrity requires competent personnel and assessors.

What disciplined competency management looks like

The practices that survive inspection:

• Role-based competency requirements defined. Each role has documented competency requirements: knowledge, skills, training, experience, qualifications. The competency profile is the basis for hiring, training assignment, and assessment.
• Training plan derived from competency requirements. Training assigned because it builds a defined competency, not because it's available. Curriculum mapped to roles.
• Initial qualification before independent performance. New personnel demonstrate competence (through assessment appropriate to the task) before performing the work without supervision. Supervised period documented.
• Assessment methods matched to task criticality. Knowledge-based tasks via examination; practical tasks via observed performance; behaviour-based via supervisor evaluation. Higher-criticality typically requires multiple methods.
• Assessor independence. Where possible, the assessor isn't the person being assessed (and isn't the direct supervisor doing the actual work). For critical roles, the independent-assessor expectation tightens.
• Documented competency records. Assessment outcomes captured: who assessed, when, what method, what result, what evidence supports the conclusion. Records retrievable per regulatory expectation.
• Linkage to SOPs. Competency assessments reference the SOP versions on which competence was assessed. SOP revision triggers competency reassessment for the affected work.
• Periodic requalification. Risk-based interval — annual for high-criticality, less frequent for lower. Requalification isn't skipped even when nothing has changed.
• Trigger-based reassessment. SOP changes, equipment changes, method changes, extended absence, performance issues, deviation involvement all trigger reassessment.
• Gap remediation. Identified gaps drive retraining, supervised practice, role reassignment, or formal CAPA. Persistent gaps without remediation produce findings.
• Management Review input. Competency metrics — assessment completion, gap rates, requalification overdues — as standing MR inputs under ICH Q10 §3.2.4.
• Training and competency segregation. Training records and competency records distinct; not conflated as evidence of the same thing.

What strong competency programs do

The controls that hold up at inspection:

• Role-based competency profiles. Documented for each role; reviewed periodically.
• Curriculum-to-competency mapping. Training maps to the competencies it builds; not arbitrary.
• Initial qualification gate. Independent performance blocked until competency demonstrated.
• Method-to-criticality matching. Assessment method appropriate to task; paper-only assessment for hands-on tasks is a finding.
• Independent assessor for critical roles. Reduces conflict-of-interest in assessment.
• Documented assessment records. Method, evidence, conclusion, assessor identity all captured.
• SOP-revision-triggers-reassessment. Linkage enforced procedurally.
• Periodic requalification schedule. Risk-based; tracked; overdues visible.
• Trigger-based reassessment. Defined triggers; not improvised.
• Gap remediation discipline. Identified gaps drive action; persistent without remediation escalates.
• Training and competency segregation. Records distinct; both required for personnel performing GxP work.
• MR visibility. Metrics as standing input under ICH Q10.
• Auditor competency itself managed. Internal auditors, deviation investigators, root cause analysts all have defined competency requirements.

How Complere supports competency management

Whether people are competent to do the work is your quality team's call, not a software answer. What Complere gives you is a way to run training and competency as connected disciplines — so the training record and the assessment record sit together, and so the people doing the work are the people you've actually verified.

You define what training each role needs; when someone joins a role, the right training is assigned automatically. When you revise a role profile, the right people get reassigned. Competency assessment lives alongside the training, not separate from it. You can run knowledge-based assessments — structured questions with scoring — or task-based assessments backed by observation evidence. The assessment record carries the assessor's identity, the method, the evidence, and the signed conclusion. Your auditor can read it back and see how you decided someone was competent, not just that they attended a class.

The link between your SOPs and your training is the part that closes the most common gap. When you revise an SOP, training is reassigned to the affected people, and competency requalification can be triggered on the same change. People can't be marked current on the new version until training — and, where applicable, reassessment — is complete. The "trained on the obsolete revision" problem your inspector watches for stops appearing.

Requalification runs on the interval you set per role. People due for requalification surface in the workflow; managers and your quality team see who's coming due and who's overdue. Trigger-based reassessment — after an SOP change, after a performance event, after an extended absence — can be kicked off against just the affected people.

When an event names someone who was performing the work, the event can reference that person's training and competency status at the time. Investigators looking at whether competency was a contributing factor have the answer in front of them rather than having to hunt for it across spreadsheets.

What stays with your team: the competency profiles themselves (what does competence actually mean for this role), the assessment methods you use (appropriate to the task), the assessor selection (independent where it needs to be), the depth of the assessment (real rigour rather than rubber-stamp), and the discipline of remediating gaps when they show up. Complere makes that discipline easier to operate and easier to evidence. Competent people are still your quality work.

Related personnel and quality system terms

Competency intersects with most of the people-side QMS:

• Training Effectiveness — assessment of whether training produced competence
• SOP Management — competency assessed against current SOP version
• Role-Based Access Control — system access gated on role and competency
• Investigation Management — investigator competency is principal
• Internal Audit — auditor competency required
• Management Review — competency metrics as MR inputs
• Risk Management — Q9(R1) competence requirement
• Training & Competency Module