Two generic comments here:
1) Passing an audit does not mean that you comply with the requirements. Due to several reasons (such audits are performed by sampling, and unfortunately a lot auditors do not really know the requirements well), passing an audit only means that you may have satisfied one particular auditor. This does not mean that the next audit (if, for example, another auditor comes) will also pass. Anyway, it's the responsibility of the organization to be compliant, not of the auditor.
For example, we are doing a project in Brazil in which we are evaluating compliance of some manufacturers, and they all are certified to ISO 13485, have CE mark, etc (some have been even had an certification audit the week before our visit). They still fail more than 90 % of the requirements (and most are taken directly from standards and regulations), but we are asking them in a way most auditors do not ask (we created something I called "International Good Regulatory Practices"to use as a basis).
This is also one of the reasons I started this thread:
Some possible misunderstandings on the application of ISO 13485
2) I usually do not make suggestions here to pass the audit, I make suggestions to do what I think is right (and thus you can pass all the audits).
With this in mind:
Two weeks ago, I visited a company that just had its ISO 13485:2016 audit. Their argument with the certification body was that, although they use software for the purchasing process and logistics, they print out all of their documentation to ensure traceability and therefore work paper-based and do not view the software as part of the QMS and do not validate it.
This was accepted by the certification body. I have to say I was surprised myself, i did not think this was possible.
I just want to add that I kind of agree with RichardJ_CH.
Two weeks ago, I visited a company that just had its ISO 13485:2016 audit. Their argument with the certification body was that, although they use software for the purchasing process and logistics, they print out all of their documentation to ensure traceability and therefore work paper-based and do not view the software as part of the QMS and do not validate it.
This was accepted by the certification body. I have to say I was surprised myself, i did not think this was possible.
Oh, I've seen several instances of things like that being accepted, but as I mentioned above, that does not mean that they really comply with the requirement.
In particular, if the company writes the document in the computer, they will have to guarantee that the requirements for documentation are fulfilled, even if in the end they only use the printed ones, because they do have a software document management system. So, I don't think the situation you mention is acceptable, even if the certification auditor did accept that. The problem as I see it is, this auditor accepted that today, he (or another auditor) may not accept that tomorrow.