Determining Legal& Statutory requirements while Auditing Design & Development process

J

juliov

#1
"ISO 9001:2000 requires an organization to identify and control the statutory and regulatory requirements applicable to its products (including services). It is up to the organization how to do this within its quality management system. The organization should demonstrate that the legal requirements applicable to its products / services have been properly identified, are available, and easily retrievable. "

How do we ensure that an internal audit covers the above reqs. What type of docs or questions should be asked to the design function in order to verify compliance to the above.?
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
Re: Determining Legal and Statutory reqs while Auditing Design and Development proces

How do we ensure that an internal audit covers the above reqs.
First and foremost, the auditor should understand what is the process established during contract review, design and development, etc. to ensure that product related legal requirements are being identified and complied with. Then, and only then, the auditor should determine if the process is deployed and effective.

Typical failure modes for this type of issue:
  • regulatory requirements not being identified by the customer and/or the supplier.
  • regulatory documents not available to the organization.
  • people reviewing legal requirements not having the knowledge to perform an effective assessment.
  • validation reports not clearly demonstrating compliance to regulatory requirements.
 
J

juliov

#3
Re: Determining Legal and Statutory reqs while Auditing Design and Development proces

Thanks for the info Sydney. Shall the auditor before auditing our design and development process request to see the statutory and regulatory requirements pertinent to our product? we fabricate pneumatic tools for the application of fasteners. Electromechanical tools for applying industrial staples, nails, hog rings. What type of statutory and regulatory reqs could apply to our designs.
 
J

Jeff Frost

#4
Re: Determining Legal and Statutory reqs while Auditing Design and Development proces

Sidney has give you good guidance in his replay but he, or most other Covers cannot tell you “What type of statutory and regulatory reqs could apply to our designs”. Its time to seek guidance from a layer in this matter as you more than likely will need to comply with a number of federal or international regulatory issues.

Two that come to mind is product safety and OSHA.
 
#5
Re: Determining Legal and Statutory reqs while Auditing Design and Development proces

Thanks for the info Sydney. Shall the auditor before auditing our design and development process request to see the statutory and regulatory requirements pertinent to our product? we fabricate pneumatic tools for the application of fasteners. Electromechanical tools for applying industrial staples, nails, hog rings. What type of statutory and regulatory reqs could apply to our designs.
As an auditor I would be not simply be asking for the regulations, per se. I'd want to know how the engineering management make certain (aka assure) that the engineers have considered those regs in their design. One aspect is doing some research to find out if any exist. Do you have an occupational saefty person? They might know, for starters.

Then it becomes a matter of ensuring the design process considered those applicable regs/specs and that the product was tested, including any certification/type approval testing (like by a UL type of organization).

BTW - if you are auditing a design process and you don't know some of these things (lucky for me I've been in design quality) you might consider getting some help to do the audit.

FWIW - It always pays to do lots of research before doing an audit, since it's not just a case of asking "what's the right question" for an auditor, because you have to know the right answers too............
 

Paul Simpson

Trusted Information Resource
#6
Re: Determining Legal& Statutory requirements while Auditing Design & Development pro

"ISO 9001:2000 requires an organization to identify and control the statutory and regulatory requirements applicable to its products (including services). It is up to the organization how to do this within its quality management system. The organization should demonstrate that the legal requirements applicable to its products / services have been properly identified, are available, and easily retrievable. "

How do we ensure that an internal audit covers the above reqs. What type of docs or questions should be asked to the design function in order to verify compliance to the above.?
The company should be designing its products to comply with the legal requirements for the markets that your company sells into. Earlier posters have given you a good set of starters. My :2cents: you should be asking the people with responsibility for the New Product Introduction (NPI) process how they have access to legal requirements, relevant standards etc. (for all markets the products will be sold into) and how they feed into the design activity.

They form part of design input (7.3.2) and should be used in the review (7.3.4) , verification (7.3.5) and validation (7.3.6) activities within the process.

To give you some idea when working at a previous certification body I produced guidance for auditors on the European Machinery Directive (MD) giving guidance to our (3rd party) auditors on what to look for in the various areas of an organization's QMS. To meet the MD organizations had to design around European (and International) standards and testing was carried out against these standards in the design process and later in production.
 
C

curryassassin

#7
Re: Determining Legal& Statutory requirements while Auditing Design & Development pro

Paul,
Do you have to ID the legal and statutory requirements in which your product MAY be used? I've just audited a software supplier that my org purchased from and now uses software in a pharmaceutical environment. I know the drug manufacturer is responsible for demonstrating that the software complies with regulations, but where does this leave the supplier?
 

Paul Simpson

Trusted Information Resource
#8
Re: Determining Legal& Statutory requirements while Auditing Design & Development pro

Paul,
Do you have to ID the legal and statutory requirements in which your product MAY be used?
Yes, in relation to the product.

But if your product is going to be designed into someone else's then they take responsibility for the final product - although they may require additional information / controls from you.
I've just audited a software supplier that my org purchased from and now uses software in a pharmaceutical environment. I know the drug manufacturer is responsible for demonstrating that the software complies with regulations, but where does this leave the supplier?
I presume this is embedded software?

Again the customer takes the overall responsibility but they should be providing application information to the software developer so they can design the necessary level of robustness / fail safe into the software. I mean you wouldn't want the same level of quality / reliability as Bill provides, would you? :lmao:
 

Helmut Jilling

Auditor / Consultant
#9
Re: Determining Legal& Statutory requirements while Auditing Design & Development pro

"ISO 9001:2000 requires an organization to identify and control the statutory and regulatory requirements applicable to its products (including services). It is up to the organization how to do this within its quality management system. The organization should demonstrate that the legal requirements applicable to its products / services have been properly identified, are available, and easily retrievable. "

How do we ensure that an internal audit covers the above reqs. What type of docs or questions should be asked to the design function in order to verify compliance to the above.?
If you have a clear process for how to determine and identify these regs, and,

If you have some method of listing or summarizing them, and

If your engineers and technical folks can access and explain them...

Then, your auditors should be able to audit whether they are met.

The gap usually is, when asked, no one can point to them, or even a clear system for it.
 
Thread starter Similar threads Forum Replies Date
D ISO 14001 - Determining Legal Regulations and Requirements ISO 14001:2015 Specific Discussions 3
R ISO 14001 - Determining and Keeping Current with Legal Requirements ISO 14001:2015 Specific Discussions 10
J Process Capability - Determining the process capability of certain equipment Lean in Manufacturing and Service Industries 6
S Determining Sample Size and Method Quality Tools, Improvement and Analysis 6
S Determining a device category according to the MDR EU Medical Device Regulations 3
S Determining the requirements for the products and services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Q Determining Adverse Effects of Corrective/Preventive Actions ISO 13485:2016 - Medical Device Quality Management Systems 2
S Determining sample sizes for PQ Qualification and Validation (including 21 CFR Part 11) 4
M Determining if an Insulin Pen Testing Machine is a Medical Device? EU Medical Device Regulations 4
M Determining a tolerance value for Measuring devices in-house inspection General Measurement Device and Calibration Topics 12
D Determining the the maximum number of reprocessing cycles of attachments CE Marking (Conformité Européene) / CB Scheme 2
R Determining Uncertainty from Gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
A IATF 16949 4.3.1 - Determining the scope of the quality management system - supplemental IATF 16949 - Automotive Quality Systems Standard 9
D ISO 9001:2015 4.3 Determining the Scope of the QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
J Determining SPC tolerance Statistical Analysis Tools, Techniques and SPC 21
B Determining SAT Offsets vs TUS Offsets per SAE AMS 2750E AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B Determining sample size for device sterility Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
D Determining of sample size for 'Operational Qualification' AQL - Acceptable Quality Level 5
R Question on determining defective units - I am not recording fixture to part rejected Statistical Analysis Tools, Techniques and SPC 5
S Clause 8.2.2 Determining the requirements for products and services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
D Determining Calibration Frequency schedule for items used in production Manufacturing and Related Processes 2
C Determining if Maintenance Contractor is an External Service subject to ISO 9001 Clause 8.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 43
S AS9100D PEAR - Examples for organization's method for determining process results? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
I Determining Calibration Tolerance of a Measurement Device General Measurement Device and Calibration Topics 2
J ISO 17025 Documented Procedure for 6.2.5 - Determining competency ISO 17025 related Discussions 4
V Determining FDA 820 (registration) vs ISO 13485 - Supplier gives us the kit ISO 13485:2016 - Medical Device Quality Management Systems 1
J ISO 9001 8.4.1 - Determining controls applied to externally provided processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
E Determining what is good and what is bad can be subjective - when is it a quality issue? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
F Determining what type of scrap to include in my internal PPM calculation Quality Manager and Management Related Issues 5
M Determining number of employees within the "Scope" of the QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Determining the Scope of the QMS during Stage 1? Registrars and Notified Bodies 11
W Minor Audit Nonconformance Against Determining the scope of QMS IATF 16949 - Automotive Quality Systems Standard 12
D Determining Critical Components for conformity with IEC 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 21
Q ISO 9001, section 4.3 Determining the scope of our QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
R Determining Sample Size for Medical Device Component Validation Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
A What does 8.2.2.1, Determining the requirements related to products and services,mean IATF 16949 - Automotive Quality Systems Standard 1
A Determining Retention Period for Medical Device QMS documents Document Control Systems, Procedures, Forms and Templates 5
S Surveillance Sampling Test - Determining Sample Size Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
F ISO 9001:2015 4.3 - Determining the scope of the quality management system ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Standards Needed In House - Determining what standards are applicable Various Other Specifications, Standards, and related Requirements 3
W Determining Medical Device Classification in Mexico Other Medical Device Regulations World-Wide 5
K Determining Effect of Failure without a DFMEA (Design FMEA) FMEA and Control Plans 1
W Determining the Status and Importance of the Processes and Areas to be Audited Internal Auditing 7
T Determining Customer Requirements for the US Postal Service (USPS) IATF 16949 - Automotive Quality Systems Standard 4
Crimpshrine13 Rules of achieving and maintaining IATF recognition - Determining audit days IATF 16949 - Automotive Quality Systems Standard 2
R Developing procedure for Determining Company's Context And Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 53
W Determining Asset Life or Depreciation Life for M&TE General Measurement Device and Calibration Topics 1
N Reason for determining no adverse effect on reworked product ISO 13485:2016 - Medical Device Quality Management Systems 8
N Procedure for determining pinhole position in condom Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
alonFAI Determining PCBA Xray Test Sampling Size Statistical Analysis Tools, Techniques and SPC 1

Similar threads

Top Bottom