ISO 13485 Certification - Internal Audit Program Required

M

Matthies

Dear All,

for our ISO 13485 certification we need an internal audit program.
Anyone familiar with this program and what the requirements of this program are?

thanks in advance!!!
 
D

db

An internal audit program is simply the process you go through to administer and conduct your internal audits. In order for the audit process to function effectively, it needs to be clear as to what the steps and responsibilities are. Some of the factors include:
  • audit scope
  • audit schedule
  • auditor selection/evaluation
  • audit conduct
  • audit criteria
  • audit corrective action process
  • audit follow-up
I know there are many others, but typically the program will be laid out in your procedure(s).

Hope that helps
 
M

Matthies

With what frequency internal audits need to be performed? Because i could not find it in ISO 19011 or ISO 13485?
Anybody has a basic sample of an internal audit program? thanks!
 

DannyK

Trusted Information Resource
With what frequency internal audits need to be performed? Because i could not find it in ISO 19011 or ISO 13485?
Anybody has a basic sample of an internal audit program? thanks!

It should be performed at least once per year prior to certification.
I would recommend that you get more information through training.
There may be webinars that will explain the requirements and they are not expensive.
 

AndyN

Moved On
With what frequency internal audits need to be performed? Because i could not find it in ISO 19011 or ISO 13485?
Anybody has a basic sample of an internal audit program? thanks!

The words status and importance give you a clue. You don't have to do anything "once a year", if you did it would say so in the standard.

Status and importance is "risk and impact". Some parts of the qms present risks and those can impact customers, reg. compliance and $$$. So, select a timetable to do an audit, say monthly (it shouldn't take a lot to do an internal audit) and then, based on what's going on in your organization, select a "scope" and the "criteria" for your audit. See what you find and then schedule the next one based on a revised scope etc.
 

RCW

Quite Involved in Discussions
Also, there are no additional requirements going from ISO 9001 to ISO 13485 with regards to internal audits. Don't limit your search to just "ISO 13485 internal audits". You will find a lot more information from the ISO 9001 realm or even just internal auditing in general.

The skill set is transferable on this one.
 

Mark Meer

Trusted Information Resource
I suggest dividing up internal audits into logical (easily manageable) scopes and have them scheduled throughout the year.

The key is to check:
1. The current processes are sufficient, without major gaps or inconsistencies.
2. Your current records and actual day-to-day activities actually reflect your procedures (i.e. you have evidence that you are doing what you say you should be doing)

For example, you might make a schedule at the beginning of the year into the following (loosely titled) categories:

1st quarter: design & development processes
- schedule dates for reviewing all related procedures and current records

2nd quarter: production processes
- schedule dates for reviewing purchasing, receiving, inventory/traceability, assembly...etc. processes. ...again check records for completion and accuracy as per your SOPs.

3rd quarter: management processes
- management reviews, internal audits, document control...

4th quarter: post-market and improvement processes
- CAPAs, NCRs, complaints...

The intent is to review everything at intervals that are reasonable. No hard-and-fast rule for "one year", though many companies operate this way.

When making a schedule, justify the intervals. For example:
- Standard processes: ones that have not changed in years, and have survived several internal audits without observations, might be scheduled at a lesser frequency (e.g. once every 2 years...)
- Problem areas: schedule several times a year if necessary. For example, if you have a history of problems with DHR accuracy, perhaps schedule a random internal audit of DHR records every quarter...

All the best!
MM
 
R

Rooster69

I suggest dividing up internal audits into logical (easily manageable) scopes and have them scheduled throughout the year.

The key is to check:
1. The current processes are sufficient, without major gaps or inconsistencies.
2. Your current records and actual day-to-day activities actually reflect your procedures (i.e. you have evidence that you are doing what you say you should be doing)

For example, you might make a schedule at the beginning of the year into the following (loosely titled) categories:

1st quarter: design & development processes
- schedule dates for reviewing all related procedures and current records

2nd quarter: production processes
- schedule dates for reviewing purchasing, receiving, inventory/traceability, assembly...etc. processes. ...again check records for completion and accuracy as per your SOPs.

3rd quarter: management processes
- management reviews, internal audits, document control...

4th quarter: post-market and improvement processes
- CAPAs, NCRs, complaints...

The intent is to review everything at intervals that are reasonable. No hard-and-fast rule for "one year", though many companies operate this way.

When making a schedule, justify the intervals. For example:
- Standard processes: ones that have not changed in years, and have survived several internal audits without observations, might be scheduled at a lesser frequency (e.g. once every 2 years...)
- Problem areas: schedule several times a year if necessary. For example, if you have a history of problems with DHR accuracy, perhaps schedule a random internal audit of DHR records every quarter...

All the best!
MM

As a side note: Internal audits are to be performed by employees from a different department ie; As a Quality Engineer, Can not audit any quality procedures or processes. Another note: Some ISO certification auditors will ask for a checklist or question/answer sheet to know what was covered. Others don"t care. They just want to see that it was done and documented.
 

AndyN

Moved On
As a side note: Internal audits are to be performed by employees from a different department ie; As a Quality Engineer, Can not audit any quality procedures or processes. Another note: Some ISO certification auditors will ask for a checklist or question/answer sheet to know what was covered. Others don"t care. They just want to see that it was done and documented.

Actually, that's not true. In many cases you WANT to have someone from the department (or with familiarity of the process) to do the audit. Nowhere does it say someone has to be from another department! What it says is - "you can't audit your own work". ISO auditors should ask you to show that you've followed your own audit process/procedure - not come with preconceived ideas about looking at a checklist or q/a sheet. If they do, show them the door!
 
R

Rooster69

Wow Andy, I've been served. My closed mindedness I guess. We are a small company of 32 people and we are very fortunate to have three lead auditors, so here, we schedule so as not to audit our own work by having one of the others do it. You may have miss understood my reference to a checklist or q/a sheet. We absolutely have a form that is completed and attached to our "internal audit" module in the DMSand yes, we have a checklist of questions, answers, evidence, etc...I have been told by more than one ISO auditor that was not necessary. Others have asked to see it.
 
Top Bottom