Small Medical Device instrument manufacturer. Just passed our Audit but the Auditor missed items that I thought we would be written up. We ended up with one minor and a few observations. The minor was for doc control (mixed revisions) of documents in a Device History Record. I looked back on the Internal Audits and found nine incidents of minors written for doc control. Training was also an issue, with people selectively picking and creating training records at the last second.The internal audit corrective actions were not effective for doc control and we missed being bagged for training. Granted I'm not complaining but this was a gift that needs to be fixed. My opinion is we should double our auditing efforts in a few of these lacking areas and add some sort of process type audit for random checking. Any suggestions would be appreciated. Great Thanks

You are thinking exactly what I would be thinking.

One benefit if having outsiders come to view our management systems is that we can also learn something about ourselves by observation, if we pay attention. It sounds like you have doen that. By all means, use what you have observed as focus points to make your audit master plan.

When I do audits of whatever type, I audit all kinds of elements. Document control is always there, as are records and usually training. I'll draw a sample of records from the process being audited. This way I can learn two things:

If it's local to a group or system-wide
If it's just a temporary glitch or a systemic looking problem

Based on the above, when it comes time to audit that element (training, for example) I can begin with an idea of what to put in my audit plan. I might even decide that an unscheduled audit is called for to do that, if waiting invites too big a risk.

I hope this helps!

I hope your management takes the view that getting away with stuff is bad, not good.

Did the auditor look at process planning, controls, feedback etc as specified in the GHTF guidance? It seems odd that the non-conformances are for the old auditor favourites of doc control & training.

That's another story - sometimes they like hearing themselves talk.

An unscheduled random audit is definitly in the plan.

We will definitely fix it.

Sorry, in that type of a sceanrio, I would look to improve the quality of the internal auditing and auditors and not merely increase the number of auditors.

Few ideas -

1. You could also explore the idea of self auditing the own department by the dept representatives before the Internal Auditor steps in.

2. You could also have the Layered Process Audits (LPA) to have the involvement of one and all.

That's another story - sometimes they like hearing themselves talk.

That is true - but I was under the impression auditing ISO 13485 was focussed on the effectiveness of audits as well as the usual QMS non-conformities. Of course being only a young whippersnapper myself some of the more experienced members of the forum may be able to share a more detailed insight. :D

I am not familiar with the ISO 13485 standard, but if the external audit findings combined with internal audit findings point to systemic failure of a core process, the smart thing to do is maybe escalate the minors to a major and have it addressed through your CA or CI system...not waiting until it becomes a festering wound that the external auditor can't allow to slide.

Of course, in our company it usually takes an external NC to galvanize action :D

.....Of course, in our company it usually takes an external NC to galvanize action :D

I suppose that a universal phenomenon ;)

The Internal Audits were not effective in those areas and rightfully should have been a major after so many items found. Part of the Internal Improvement plan is to perform random process audits, in addition to system audits. Those checklist keep you in line, but can get you in trouble if your too rigid and have your blinders on.

That is true - but I was under the impression auditing ISO 13485 was focussed on the effectiveness of audits as well as the usual QMS non-conformities. Of course being only a young whippersnapper myself some of the more experienced members of the forum may be able to share a more detailed insight. :D

You are correct, effectiveness in implementation is a key part of all ISO 9001 based standards. As ANAB recently wrote, "Outputs Matter."