Internal Audit Process for small Medical Device company

N

Nash27

Involved In Discussions
We are a small Medical device and life sciences products manufacturing company most of the work is outsourced and small repacking is performed at our office site. We have 2 full time staff and authorised as Internal Auditors. We both(QA and Operations)evaluate each others section that cover whole ISO 13485:2003 QMS. As per the ISO 13485 requirement it states that 'Internal Auditors, as far as possible, are independent of the areas being audited'

Technically we are independent in terms of responsibilities (1. Opeartions 2. QA/RA) although work as a team. We regularly audited by our customers as well by TGA.

My question is do we need to have to have QMS system audited by an independent third party auditor? or we are fine to follow current process as long as we maintain effectiveness of QMS in terms of the quality and safety of the end user.
 
G

Gert Sorensen

Given the size of the company I do believe that it will be hard to maintain independence. You are basically performing all - or almost all - tasks at the company. But you can probably argue that - due to size and jobdescriptions - you are as independent as possible, and get away with that.

However, in the interest of having the most output of your audits I would suggest that you team up with another device company and swap audits, so that you can and have them perform audits at your site (at least of management responsibilities and QA) and vice versa. This way you will avoid the discussion of independence, you will benefit from auditing another company, and you will get valuable input from someone more objective than yourself.
 
N

Nash27

Involved In Discussions
Thanks Gert,
Much appreciated. We have not developed that much of the close network with the other device manufacturers, but I am going to do so now onwards.
 
Ronen E

Ronen E

Problem Solver
Moderator
Nash27 said:
We are a small Medical device and life sciences products manufacturing company most of the work is outsourced and small repacking is performed at our office site. We have 2 full time staff and authorised as Internal Auditors. We both(QA and Operations)evaluate each others section that cover whole ISO 13485:2003 QMS. As per the ISO 13485 requirement it states that 'Internal Auditors, as far as possible, are independent of the areas being audited'

Technically we are independent in terms of responsibilities (1. Opeartions 2. QA/RA) although work as a team. We regularly audited by our customers as well by TGA.

My question is do we need to have to have QMS system audited by an independent third party auditor? or we are fine to follow current process as long as we maintain effectiveness of QMS in terms of the quality and safety of the end user.
Click to expand...

Strictly speaking, if the TGA (or any other regulatory authority for that matter) is regularly auditing you and haven't cited you for lack of independence, you're good to go.

Having said that, it would make sense to have some other party take a look at least once, to identify any shortcomings. The difference between someone you bring in and the TGA is that the former can do a more comprehensive review, over a longer period, and you can support them without being too concerned with direct consequences.

Cheers,
Ronen.
 
A

AndyN

Moved On
Nash27 said:
We both(QA and Operations)evaluate each others section that cover whole ISO 13485:2003 QMS. As per the ISO 13485 requirement it states that 'Internal Auditors, as far as possible, are independent of the areas being audited'

Technically we are independent in terms of responsibilities (1. Operations 2. QA/RA) although work as a team. We regularly audited by our customers as well by TGA.

My question is do we need to have to have QMS system audited by an independent third party auditor? or we are fine to follow current process as long as we maintain effectiveness of QMS in terms of the quality and safety of the end user.
Click to expand...

Being audited by a Third Party usually means being registered. I'm not sure where you're getting the quote from, because my copy of ISO 13485 doesn't say anything like that. It's basically the same as ISO 9001 and says auditors can't audit their own work!

If you are not using the standard, but instead someone's interpretation (from a book etc) then this maybe the cause of your confusion and question.
 
  • Like
Reactions: db
Q

qualityboi

Maybe you could solicit some customer audits and have the customer audit your company.
 
A

AndyN

Moved On
qualityboi said:
Maybe you could solicit some customer audits and have the customer audit your company.
Click to expand...

That would be, potentially, very risky! Having your customer (who may NOT be a qualified, competent auditor) go through your dirty laundry? Hmmmm....
 
W

Weeder

Involved In Discussions
Can you clarify what are the management responsibilities and QA responsibilities that should be audited by an independent auditor?

For example, in a small company environment, if the QA manager is helping with pakaging the product, does that mean that he cannot audit that area? He is merely lending a hand but does not manage the department.

How would you differentiate someone only helping, from someone having direct influence on packaging, such as the production manager?
 
A

AndyN

Moved On
Weeder said:
Can you clarify what are the management responsibilities and QA responsibilities that should be audited by an independent auditor?

For example, in a small company environment, if the QA manager is helping with pakaging the product, does that mean that he cannot audit that area? He is merely lending a hand but does not manage the department.

How would you differentiate someone only helping, from someone having direct influence on packaging, such as the production manager?
Click to expand...

That depends on your definition of what they are responsible for - the simple answer is you can't audit your own work, that's all. Even if they "help", they can still audit what's going on, just not work they touched.
 
N

Nash27

Involved In Discussions
Thanks mates and dudes,

I appreciate your feedback, its true and our SOP says auditor must be independent with Ref to ISO 13485/9001. Being a small manufacturer without compromising quality and safety of the end user we try to find out the cost saving. My logic is if we share the load of Internal audits between 2 departments and once a year seek external auditor services to evaluate our performance.

I just wanted to know if we could carry all internal audits, although taking different views, I decided to see external auditor at least once a year. I am trying to conduct the internal audits as independently as possible to find out weak links to avoid any havoc and to ensure QMS is working as intended. Now, I have planned QA/RA area to be audited by a third party/external auditor to make sure company has got third party opinion.
 
You must log in or register to reply here.

Similar threads

V
Scope of Audit
Replies
1
Views
73
Chrisx
C
W
ISO 13485:2016 / MDSAP Surveillance 2 Audit Delay Consequences
Replies
2
Views
164
Ed Panek
Ed Panek
A
Internal Audit-Clause 7.4
Replies
3
Views
401
SeanN
S
A
Internal audits of multi-site companies
Replies
2
Views
134
Randy
Randy
G
Internal audit plan
Replies
4
Views
521
Tom Penn
T
Top Bottom