ISO 13485:2016 Clause 8.2.2 Internal Audit: To conduct internal audits at planned intervals to determine whether the QMS is effectively implemented and maintained, and to identify any potential opportunities for improvement. The audit applies to all operations and departments that are covered under the documented quality management system of the organization. The management representative of the organization is responsible for conducting the internal audit.
How and when to conduct ISO 13485 Internal Audit
Internal Audits are conducted at planned intervals to determine the conformity of the quality management system with the requirements of the QMS standards, such that all elements are covered once a year. (Frequency of Internal Audit as decided by the organization)
Audits are conducted based on regulatory requirements of ISO 13485:2016 (Mention if any other standards are applicable.). Internal Audits are planned (Frequency of Internal Audit as decided by the organization) in a year.
If you wish to apply for ISO 13485 Certification, at least two internal audits must be completed either by an in-house team or with the help of external consultants are highly recommended.
How to select an Internal Auditor?
- The (As per Roles & Responsibilities defined)should identify members of the audit team to perform the internal audit. The composition of the team should be approved by them (As per Roles & Responsibilities defined).
- The (As per Roles & Responsibilities defined)should ensure that the members of the audit team do not audit their department/functions.
- The company can hire qualified lead auditors to conduct/support IQA. The auditors must be qualified and approved.
Competence of Internal Auditor
The identified persons to perform the internal quality audits should be trained to fulfil the requirements for the purpose mandated by the QMS standard and should have prior experience in conducting internal audits. I3CGLOBAL team of regulatory and ISO 13485 consultants supports manufacturers doing internal audits.
Audit Plan
The (As per Roles & Responsibilities defined) should develop an Internal Audit Plan ( as per organization documentation ) that is suitable to the needs of the organization. The audit plan for a particular year should include information on the number of planned audits for the year and the schedule. The audits are sequentially numbered (as per organization documentation) for the year.
- The audit schedule should document which area/processes are being audited and when.
- The following should be considered in the development of internal audit plans/schedules.
Status and importance of the processes and areas to be audited.
– Input from interested parties such as customers, corporate audit plans or third-party assessment organizations.
– Reports from previous audits including any corrective and preventive actions generated.
Note: Planning for internal audits shall be flexible to permit changes in emphasis based on findings and objective evidence obtained during the audit
- The (As per Roles & Responsibilities defined) should organize the internal audits as per the audit schedules to verify that the QMS established by the organization meets the requirements of ISO 13485 and other regulatory requirements. (Please mention if any other standards are applicable).
- Each process area/activity/department should be audited at least once in a year (or as decided by the organization). In addition to the periodic internal audits, a special internal audit can be initiated if required.
- The audit schedule should be communicated to the respective departments.
Audit Preparation.
The (As per Roles & Responsibilities defined) should schedule the opening meeting for the audit team. This should involve the department heads and/or representatives of the areas to be audited.
Note: The opening meeting may be formal or informal. The objective of this is to outline the scope of the audit, the schedule and the activities that must be followed by the audit.
The audit team should revisit the required standards, refreshing their knowledge of the Quality Manual and the relevant standard operating procedures. The team should then prepare checklists based on the audit plan/schedule using the form of the Internal Audit Checklist, for each auditor.
Audit execution.
The audit team should audit all the processes/activities/departments with the aid of checklists.
The audit should be carried out by referring to the relevant checklists, documents, procedures, and information provided by the auditee and previous audit results.
Note: These documents will vary significantly depending on the area being audited.
The outcomes/observations/findings of the audit, specific to the area being audited, should be discussed with the auditee at the end of the audit.
The audit summary will be prepared by the auditor after the audit. The (As per Roles & Responsibilities defined) should schedule the closing meeting.
The (As per Roles & Responsibilities defined) should provide feedback to the auditees and include details of any:
- Good practice /good ideas observed.
- Non-compliances
- Improvement opportunities
- Corrective Actions and/or Preventive Actions
Audit Report
The findings are divided into 3 types:
- Opportunities for Improvement
- Observation
- Non-conformances
The details of non-conformance are recorded in the internal audit report by the auditor and the signature of the auditee is obtained.
The (As per Roles & Responsibilities defined) should compile an Internal Summary, based on information gathered through the audit process, such as audit checklists and/or other tools used for the audit.
The (As per Roles & Responsibilities defined) should review the audit documentation, identify, and document any potential non-compliance(s) in the audit report along with potential improvement opportunities, corrective actions and preventive actions.
NCs should require a CAPA to be issued and the issue(s) should be investigated and tracked as mandated by the CAPA.
The completed audit report, NCs and improvement opportunities should be forwarded to the relevant department heads, and auditors e (As per the Roles & Responsibilities defined).
Note: The (As per Roles & Responsibilities defined) shall be responsible for tracking the timely completion of the action items that address non-compliance with the responsible department head.
The audit reports should be maintained by the (As per Roles & Responsibilities defined) in an Audit Report File (as per organization documentation).
Audit results should be presented to Senior Management in the Management Review Meeting as dictated by the Management review procedure.
Please mention any other practice followed by the organization in conducting the Internal Quality Audit.
Conclusion
Proper Implementation of ISO 13485 is recommended for those applying for medical device CE Marking or UKCA marking. Contact the I3CGLOBAL team of regulatory experts for proper guidance.
