ISO 13485: 2016 Internal Audit - Is sampling on projects allowed?

T

Thukira

Hi...We are certified to ISO 13485: 2016 for service projects and products which are not included in MDD scope as per ISO certificate.

We are planning for internal audit program this year.

Give that the above scenario, is sampling on projects allowed as per ISO 13485:2016.

Example: In total of 4 service projects of different customer, can we do 2 projects for internal audit and show the same for external auditors or what standard says on this /would be best practices

In 13485, I could not refer requirements that we should cover all projects or sample projects for internal audit.

Please advise.
 
P

Pads38

Moderator
I would suggest that this is covered at 8.2.4 -

An audit program shall be planned, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits. The audit criteria, scope, interval and methods shall be defined and recorded.
 
A

AndyN

Moved On
Thukira said:
Hi...We are certified to ISO 13485: 2016 for service projects and products which are not included in MDD scope as per ISO certificate.

We are planning for internal audit program this year.

Give that the above scenario, is sampling on projects allowed as per ISO 13485:2016.

Example: In total of 4 service projects of different customer, can we do 2 projects for internal audit and show the same for external auditors or what standard says on this /would be best practices

In 13485, I could not refer requirements that we should cover all projects or sample projects for internal audit.

Please advise.
Click to expand...

I'm not certain you understand WHY you are selecting a specific project to be audited. So, please help us understand, what you are considering in selecting these two...?
 
T

Thukira

There was internal discussion happened internal audit , where it was decided that out of 4 projects , audit can be performed any two projects as sample, and also there was counter argument that atleast once in a year all projects in ISO scope should be audited and report should be submitted.

Finally, Audit plan for a year prepared having two projects in Q2 and other two in Q4
to focus.

I'm not sure where it is correct for the projects in ISO 13485 scope and not in MDD scope will make any difference here.. pl guide
 
A

AndyN

Moved On
Thukira said:
There was internal discussion happened internal audit , where it was decided that out of 4 projects , audit can be performed any two projects as sample, and also there was counter argument that atleast once in a year all projects in ISO scope should be audited and report should be submitted.

Finally, Audit plan for a year prepared having two projects in Q2 and other two in Q4
to focus.

I'm not sure where it is correct for the projects in ISO 13485 scope and not in MDD scope will make any difference here.. pl guide
Click to expand...

People talk all day long about how many, instead of why! It's incorrect to think in terms of quantities of things to audit. You have to ask yourself WHY do I need to audit a project...
 
T

Thukira

Not only quantity Andy, also includes that the audit of the processes and the sampling should focus on the following (based on risk):
a. Previously identified potential and existing nonconformities
b. new or modified designs and new products
c. new or modified processes
d. areas not sufficiently covered during the surveillance period

In all projects, as part of continuous improvement, there will be changes. Hence we have do audit for all projects atleast once in a year as defined in our procedure.

Hence it was planned as Q2 and Q4 for IA and the report will be presented during MRM.

Will this be acceptable, or any thoughts towards this
 
A

AndyN

Moved On
Thukira said:
Not only quantity Andy, also includes that the audit of the processes and the sampling should focus on the following (based on risk):
a. Previously identified potential and existing nonconformities
b. new or modified designs and new products
c. new or modified processes
d. areas not sufficiently covered during the surveillance period

In all projects, as part of continuous improvement, there will be changes. Hence we have do audit for all projects atleast once in a year as defined in our procedure.

Hence it was planned as Q2 and Q4 for IA and the report will be presented during MRM.

Will this be acceptable, or any thoughts towards this
Click to expand...

Your previous posts didn't mention this information, only number of projects. What are you seeking to have answered? You next consideration would be when to audit. Based on this recent information, surely, doing the audits only once a year doesn't appropriately address the reasons for auditing. Once a year is a frequency, true, but those processes which are riskier or have more changes need different frequencies.

My point is, planning audits isn't a simple task. Doing something based on once a year and in Q2 or Q4 isn't actually meaningful, if there's no consideration of why and when an audit is going to reveal useful results...
 
You must log in or register to reply here.

Similar threads

H
Integrated ISO 9001:2015 and ISO 13485:2016 standards
2
Replies
11
Views
752
hnasri
H
T
ISO 13485:2016 Internal Audits method
2
Replies
18
Views
1K
QCBOB
QCBOB
E
Bridging MDSAP Audit Model with MDR Requirements
Replies
2
Views
347
DanMann
D
C
Question on Finding - BSI Stage 2 ISO 13485:2016 Certification - PMS
Replies
7
Views
528
Enternationalist
Enternationalist
M
Integrating ISO 9001:2015 audits with ISO 13485:2016
Replies
2
Views
530
Philip B
P
Top Bottom