ISO 13485:2016 remote audits

[Jakub Milcarski]

The updated IAF MD 9 document states in clause 9.1:
Audit time for all types of audits includes time auditing a client’s premises (physical or virtual), using on-site, remote or a combination of audit methods

Does this mean that CABs are allowed to conduct remote audits regardless of the type of audit? If yes doesn't this contradict with ISO 17021 clauses that require on-site audits for stage 2, surveillance and recertification?

 

[Jen Kirley]

The updated IAF MD 9 document states in clause 9.1:
Audit time for all types of audits includes time auditing a client’s premises (physical or virtual), using on-site, remote or a combination of audit methods

Does this mean that CABs are allowed to conduct remote audits regardless of the type of audit? If yes doesn't this contradict with ISO 17021 clauses that require on-site audits for stage 2, surveillance and recertification?

It does not. ISO 17021 is a standard that accredited registrars are responsible to adhere to, including the requirement that Stage 2 audits are to be done on site. There was some relaxation during the worst of Covid, but we are now expected to do on-site audit at least once in the 3-year certification cycle.

The MD documents provide additional detail, but it is important to understand the clauses' context. Start with the sections' headers: MD 9.1.4 is about determining audit time, not whether or not to do remote.