We have an auditor who wrote up an OFI (opportunity for improvement)stating that we have to be audited to 13485:2003 before we are officially audited to it. Has anyone heard of this before? Is there a standard that internal auditor have to be trained to a certain standard?

Thank you in advance for your assistance.

Anne

Anne Delaney:confused:

We have an auditor who wrote up an OFI (opportunity for improvement)stating that we have to be audited to 13485:2003 before we are officially audited to it. Has anyone heard of this before? Is there a standard that internal auditor have to be trained to a certain standard?

Thank you in advance for your assistance.

Anne

Anne Delaney:confused:It's an OFI, not a finding because there is no requirement.

We have an auditor who wrote up an OFI (opportunity for improvement)stating that we have to be audited to 13485:2003 before we are officially audited to it. Has anyone heard of this before? Is there a standard that internal auditor have to be trained to a certain standard?

Thank you in advance for your assistance.

Anne

Anne Delaney:confused:
As Al writes, an opportunity for improvement is NOT a requirement. However, I would like to know the exact wording the auditor used which would even give you the ambiguous idea you have to be audited to 13485:2003 before we are officially audited to it.

At the least, the auditor should be reminded about making a distinction between OFI and Nonconforming findings. At the worst, it appears this guy was angling to add several thousand dollars to your bill by having a completely optional "pre-assessment" (a non-official "look-see" to assure your ducks are in a row before the official "initial assessment" takes place.)

Could you please take the time to give us the exact wording used by the auditor? Was it, in fact, an auditor, or merely the guy who signs you up with the registrar? (I never heard of OFI except in a regular audit or a pre-assessment audit. What exactly was this person's mission at your shop?)

Has your company been registered to ANY Standard before this? Have you been through your FDA stuff already?

In re-reading the OP, I'm thinking that you must do internal audits to the standard before being audited by the registrar. Is that what this is about?

In re-reading the OP, I'm thinking that you must do internal audits to the standard before being audited by the registrar. Is that what this is about?
Maybe. But who in heck is the "auditor" who was the original source? In-house or outside auditor or some guy they met in a saloon?
We have an auditor who wrote up an OFI (opportunity for improvement)stating that we have to be audited to 13485:2003 before we are officially audited to it.

Maybe. But who in heck is the "auditor" who was the original source? In-house or outside auditor or some guy they met in a saloon?
We have an auditor who wrote up an OFI (opportunity for improvement)stating that we have to be audited to 13485:2003 before we are officially audited to it.I know, it doesn't seem right. Also, the title of the thread refers to training. Maybe delaney will clarify this.

Hello All,

Thank you for the input. The following is what the auditor stated in the OFI:

1. Better training on the use and implementation of the Process Approach could be very beneficial

2. The internal audit schedule is a matix showing product group vs elements of the standard. The audit schedule could better show/reflect the Process Approach.

With that stated, the guide who was with the external auditor interpreted what was being stated as, all internal auditors should be trained on ISO 13485:2003 and that the audit schedule should reflect covering processes more than only showing coverage of all elements.

Any thoughts?

Thank you again on you input.

Anne:o

How do they know what they're auditing unless they've been trained?

Also there is a requirement that "ALL" personnel be competent. How can an auditor be competent if he hasn't been trained?

You also have a requirment to conduct internal audits. If internal audits haven't been conducted then how can the internal audi process be audited by a 3rd party to verify its effectiveness?

If auditors aren't trained as to what to audit for there is a doubt that the internal audit process would be effective.

As a former Notified Body auditor I would tell you that we required our clients to perform a complete Internal Audit, by someone internally who had been trained to the ISO 13485: 2003 standard, before we would agree to come in to perform our "upgrade" audit.
The reason you need to have the training to the new standard is obvious. How can you know if you are compliant to the new standard if you don't know what it requires. How can you do that if you aren't trained.

As a former Notified Body auditor I would tell you that we required our clients to perform a complete Internal Audit, by someone internally who had been trained to the ISO 13485: 2003 standard, before we would agree to come in to perform our "upgrade" audit.
The reason you need to have the training to the new standard is obvious. How can you know if you are compliant to the new standard if you don't know what it requires. How can you do that if you aren't trained.
Gee! I'm not sure. Did your trainers have training certificates running back to the original framers of the new revision (similar to calibration running back to NIST?) Can I see them?

I haven't been "trained" by folks from a registrar on the new revisions. Would you like to test my knowledge against some of your trainers?

How do you suppose I got my knowledge about the new revision? Perhaps I got it in a "vison" from some Deity (my personal desire for the Deity to inculcate me in the mysteries might be Athena, the Goddess of Wisdom!)

Bottom line:
This is not difficult material. Normal folks of normal intelligence can easily learn the ins and outs of ANY Standard without running to a training class offered by a registrar.

Wes Buckley

You are correct in that assessment. I only meant that at least show
some evidence that they actually understand the standard, not that
they attend a formal training seminar. However they should at least have the standard and show some evidence that they read and understood it.

My main point was that the company needs to show compliance to ISO13485: 2003 via a complete internal audit of the Quality System before the certification audit as well as a Management Review. To do that the internal auditor should show some evidence of the above.

Thanks for your correction to my comment.

Gee! I'm not sure. Did your trainers have training certificates running back to the original framers of the new revision (similar to calibration running back to NIST?) Can I see them?

I haven't been "trained" by folks from a registrar on the new revisions. Would you like to test my knowledge against some of your trainers?

How do you suppose I got my knowledge about the new revision? Perhaps I got it in a "vison" from some Deity (my personal desire for the Deity to inculcate me in the mysteries might be Athena, the Goddess of Wisdom!)

Bottom line:
This is not difficult material. Normal folks of normal intelligence can easily learn the ins and outs of ANY Standard without running to a training class offered by a registrar.
Wes, your sarcasm is a bit much for me, but....

I was never trained in ISO 9001. I read ISO 9001:1987 around 1990, I understood it and went on to work with companies helping them implement it. Having started quality in military manufacturing, ISO 9001 and its language / requirements were a cake walk. I did the same with QS-9000. I picked it up, read it and, having some automotive background, it all made sense. I went on to work with a number of companies in implementing QS-9000, including big clients such as Motorola, without ever taking a course in QS-9000 myself.

BUT - Not everyone can do what I did either, so in that I disagree with Wes somewhat. There are people who simply do not have the background and/or experience to pick up ISO 13485 and understand it. It simply is not always a matter of intelligence alone. Oh, sure, given time, that may be the case but often people don't have that time so a course helps.

In short, lets not over simplify - Courses can be of help. I did a 14001 course a couple of years ago so that I could better understand it and how everything fits together. Back in the 1990's I took APQP, FMEA, SPC / Statistics, and lots of other classes. Before that in the 1980's I took other 'profession' related courses. Yes, I could read the books, but there's more to it than that in many cases.

The only course I can say was a total waste of time was the required auditor 'transition' course the IRCA required for the last ISO 9001 revision. I took it through Perry Johnson and I was thoroughly disgusted at the waste of time and money.

As to the original subject of this thread, it appears the title and intro post were worded vaguely and Al figured it out in Post 4.

"My main point was that the company needs to show compliance to ISO13485: 2003 via a complete internal audit of the Quality System before the certification audit as well as a Management Review. To do that the internal auditor should show some evidence of the above." is correct. A complete round of Internal audits by 'qualified' people which, as a minimum, means auditors have to understand how to audit as well as what they are auditing to.

As a former Notified Body auditor I would tell you that we required our clients to perform a complete Internal Audit, by someone internally who had been trained to the ISO 13485: 2003 standard, before we would agree to come in to perform our "upgrade" audit.
The reason you need to have the training to the new standard is obvious. How can you know if you are compliant to the new standard if you don't know what it requires. How can you do that if you aren't trained.


Our registrar hinted that they would ask us for evidence to show that we've initiated evaluation of our processes to the ISO 13485:2003 version (not just a Quality Manual revision/update) for the certification upgrade assessment. Objective evidence shown included: Updated Quality Manual, evidence that management is trained on the new standard requirements (basically internal in-class training on the Quality Manual to executive management), audit schedule with processes identified (and applicable clauses), 2 audit reports that show we've audited to the new standard after the Quality Manual update, and evidence that the auditor(s) of these 2 audits were trained on the 2003 version (5-day lead auditor class on the 2003 version). We got our certification upgrade.

FYI... When we use part-time auditors from non-QARA department, we Internal Audit Program would train them on our Internal Audit SOP and the applicable QSR, MDD, ISO and CMDR requirements for the areas they'll be auditing. We would document such training via on-the-job training record (if they are part of an audit team with a qualified Lead Auditor) or a classroom training record (if they are going to be the Lead Auditor especially when we need them to audit Internal Audit Program). No questions were raised by the Registrar on their competency/training.

Yes - this is a common observation against 13485. It is expected that to meet the requirements of 13485 you have also ensured that the quality system has been effectively implemented - this is done through management review and internal audits. You should not go through a full assessment without first completing a full internal audit and at least one management review against 13485.

In my oppinion OFI is a personal approach of the Auditor interpretating all the Quality Norms. Whether not a CAR would have been raised.

If I recommend something obvious to me but not included in the norm, I would have raise an OFI instead of CAR.

When do you raise OFI?

I agree with fuji033:

For a certification audit I expect that internal audits have been performed in the whole company and a management review has been done (including results from internal audits).

If there is no internal audit, I would discontinue the certification audit.

I also expect "some" quality related training records or experience showing the qualification of the internal auditors.

~ghw