4EasyReg

ISO 13485 Audit

ISO 13485 audit is the methodology through which certification body performs the assessment of a quality system of an organization and issue the related ISO 13485 certificate, upon successful completion of the assessment. 

ISO 13485 is a topic that has been extensively discussed, including the most significant requirements and the most important processes that support the whole quality system of an organization. For example, we have been discussing about design process, management review, post-market surveillance, supplier management, customer related processes, among many others. 

In this article we will focus on how to manage ISO 13485 audits, how these audits are structured and other important tips that you need to know to be successful on ISO 13485 assessment

The Certification Cycle

We need to split the ISO 13485 performed at the beginning of the certification cycle or during the certification cycle. 

ISO 13485 audit at the beginning of the certification cycle are basically certification or re-certification audit. The ISO 13485 certification audit is basically the audit that is performed for the first certification of the company; the certification cycle is lasting 3 years (that is the validity of ISO 13485 certificates) and each year there is a surveillance audit. At the third year, at the end of ISO 13485 validity, there is the re-certification audit, and the certification cycle will restart. 

ISO 13485 Certification Audits 

The certification audits, thus the audits performed for the first certification, consists of two different steps, typically named Stage 1 and Stage 2 Audits. 

Stage 1 audit has the purpose to ensure the Standard Operating Procedures for all the QMS processes are in place and that the most important QMS processes such as management review and internal audits have been implemented. Typically stage 1 is performed remotely, however it can be done on-site in case of high-risk devices. 

Stage 2 is the real certification audit, and it consists in a full QMS audits where auditors are checking the correct implementation of all the QMS processes, according to the requirements of ISO 13485. 

Audit Findings Classification from ISO 13485 Audit

When non-conformities are identified during an audit, it is of utmost importance to develop a well-defined corrective action plan (CAP) and submit it to the notified body. The CAP serves as a roadmap that outlines the specific steps and strategies to be undertaken in order to address and rectify the identified non-conformities. The severity and nature of these non-conformities play a crucial role in determining the subsequent actions and their impact on the certification process.

For major non-conformities, which signify significant deviations from the required standards, an additional on-site audit may be deemed necessary. This follow-up audit is conducted to meticulously assess the implementation of the proposed corrective actions put forth by the manufacturer. The primary objective is to ensure that the identified issues have been effectively resolved and appropriate measures have been put in place to prevent their recurrence in the future. The comprehensive verification process carried out during the on-site audit reaffirms the manufacturer’s commitment to meeting the necessary standards and regulatory requirements.

In the case of minor non-conformities, which indicate relatively less severe deviations, the CAP is submitted and thoroughly reviewed by the auditor. Upon acceptance of the CAP, the manufacturer can proceed with implementing the required corrective actions. The closure of these minor non-conformities typically takes place during the subsequent assessment visit. This approach enables a continuous improvement cycle, allowing for the ongoing monitoring of implemented corrective measures and the identification of further areas for enhancement.

It is essential to emphasize that the effectiveness of the proposed corrective actions is paramount to successfully closing the non-conformities. Manufacturers should ensure that their proposed actions are comprehensive, practical, and specifically address the root causes of the identified non-conformities. Open and transparent communication, as well as collaborative efforts between the manufacturer and the notified body, are vital in maintaining clarity, resolving any concerns, and ensuring alignment throughout the entire corrective action process.

By promptly addressing non-conformities and implementing effective corrective actions, manufacturers can demonstrate their unwavering commitment to quality management and regulatory compliance. This proactive approach not only helps in maintaining the integrity of their products and systems but also fosters a culture of continuous improvement within the organization. It signifies their dedication to delivering safe and reliable medical devices that meet the highest standards of quality and patient care.

Resolution of non-conformities

When non-conformities are identified during an audit, it is crucial to develop a corrective action plan (CAP) and submit it to the notified body. The CAP outlines the steps that will be taken to address and rectify the non-conformities. The severity of the non-conformities determines the subsequent actions:

  1. Major Non-Conformities: In the case of major non-conformities, which indicate significant deviations from the required standards, an additional on-site audit may be necessary. This follow-up audit is conducted to verify the proper implementation of the corrective actions proposed by the manufacturer. The purpose is to ensure that the identified issues have been adequately resolved and that the necessary measures have been put in place to prevent their recurrence.
  2. Minor Non-Conformities: For minor non-conformities, which represent relatively less severe deviations, the CAP is submitted and reviewed by the auditor. If the CAP is deemed acceptable, the implementation of corrective actions can proceed. The closure of these non-conformities is typically addressed during the next assessment visit. This allows for continuous improvement and monitoring of the corrective measures taken.

It is important to note that the effectiveness of the corrective actions plays a critical role in the successful closure of non-conformities. The manufacturer should ensure that the proposed actions are comprehensive, practical, and address the root causes of the non-conformities. Regular communication and collaboration between the manufacturer and the notified body are essential to ensure clarity and alignment throughout the corrective action process.

By promptly addressing non-conformities and implementing effective corrective actions, manufacturers can demonstrate their commitment to quality management and regulatory compliance. This proactive approach helps to maintain the integrity of their products and systems, while also fostering continuous improvement within the organization.

Opening Meeting and Closing MeetingĀ for ISO 13485 Audit

Every audit begins with an opening meeting, and this is no different for an ISO 13485 audit. The purpose of the opening meeting is to gather essential information on specific topics:

  1. Confirmation of the scope of ISO 13485: During the opening meeting, the auditor seeks confirmation regarding the specific areas or processes within the organization that fall under the scope of ISO 13485. This helps to establish a clear understanding of the extent to which the standard applies.
  2. Reporting of adverse events to competent authorities: The auditor inquires whether any adverse events or incidents have been reported to the relevant competent authorities. This information is crucial for evaluating the organization’s compliance with regulatory requirements and their ability to identify and address potential risks.
  3. Identification of key personnel: The opening meeting provides an opportunity to obtain information regarding the name of the management representative and senior management individuals within the organization. This helps establish effective communication channels and ensures that the audit process involves the appropriate stakeholders.
  4. Notable changes to the quality system, products, or product range: The auditor seeks information regarding any significant changes made to the quality system, products, or the organization’s product range. This includes modifications in processes, procedures, or any updates that may impact the organization’s compliance with ISO 13485 requirements.

On the other hand, the closing meeting is typically conducted to communicate the audit findings and any non-conformities that were identified during the assessment. It serves as a platform for the auditor to provide feedback on the organization’s compliance status and discuss areas that require improvement or corrective actions. The closing meeting also allows for a constructive dialogue between the auditor and the auditee, facilitating a comprehensive understanding of the audit results and establishing a roadmap for further actions.

Both the opening and closing meetings play crucial roles in the audit process. They provide opportunities for information exchange, clarification of expectations, and effective communication between the auditor and the auditee. By conducting these meetings, organizations can enhance their understanding of the audit objectives, address any queries, and ensure a successful audit outcome.

ISO 13485 Audit Checklist

QualityMedDev has prepared and ISO 13485 Audit Checklist that can be used to support audit preparation against the requirements of ISO 13485; this checklist can also be useful during internal audits or audit to supplier. The use of this ISO 13485 audit checklist is extremely easy and provides an efficient way to have all the requirements in one unique document. It is not necessary to use all the checklist at the same time; depending on the audit scope and audit criteria, only the section of the checklist that covers the audit criteria can be used.

Subscribe to 4EasyReg Newsletter

4EasyReg is an online platform dedicated to Quality & Regulatory matters within the medical device industry. Have a look to all the services that we provide: we are very transparent in the pricing associated to these consulting services.

Within our WebShop, a wide range of procedures, templates, checklists are available, all of them focused on regulatory topics for medical device compliance to applicable regulations. Within the webshop, a dedicated section related to cybersecurity and compliance to ISO 27001 for medical device organizations is also present.

As one of the leading online platforms in the medical device sector, 4EasyReg offers extensive support for regulatory compliance. Our services cover a wide range of topics, from EU MDR & IVDR to ISO 13485, encompassing risk management, biocompatibility, usability, software verification and validation, and assistance in preparing technical documentation for MDR compliance.

Do not hesitate to subscribe to our Newsletter!

Related Post

ISO 13485 Mandatory Documents

Device History Record (DHR): An Overview

Quality Agreement: An Overview

You missed

Cybersecurity and Medical Devices

Medical Device Cybersecurity Testing

April 26, 2024 4EasyReg
Digital Health Machine Learning

AI Act and Medical Devices: An Overview

April 24, 2024 4EasyReg
post market surveillance

MDCG 2022-21: Requirements for Preparation of the Periodic Safety Update Reports

April 19, 2024 4EasyReg
Process Validation Sterilization

ISO 11138 Family of Standards: Requirements for Biological Indicators

April 16, 2024 4EasyReg
Categories

4EasyReg

Proudly powered by WordPress | Theme: Newspaperex by Themeansar.

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

4EasyReg will use the information you provide on this form to be in touch with you and to provide updates and marketing.