Information on Process-based Internal Auditing Needed

[Abdulkareem]

Can anyone share information on the the process based internal audit ?

Abdulkareem

Moderator Note: post and first response were moved to their own thread.

 

[Jen Kirley]

Christina
I hope you are ok
Can you or anyone share information on the the process based internal audit ?

Abdulkareem

Welcome Abdulkareem!

A process audit focuses on the process instead of just asking questions as read directly from the standard. Most people still find the standard's language to be too complicated. It is our job to verify process and system effectiveness without confusing the auditees.

Elsmar Cove has a number of attachments regarding process auditing. I did a search and came up with this list. Rather than repeat the discussions I will invite you to also see what people were saying in the threads where those attachments were placed. For example, see the thread ISO 9001 - Requirement for Process Audits. It is an old thread and it is about ISO 9001, but the subject of a process audit is the same between standards and has not changed much, if at all.

I hope this helps.

 

[Mike S.]

"Most people still find the standard's language to be too complicated. "

Amen.

 

[cscalise]

I believe your question is related to the medical device single audit program.

I have been performing MDSAP internal audits since 2019. The current FDA document: MDSAP Audit Approach AU P0002.007 clearly outlines the 7 process chapters, related tasks and associated ISO13485 clauses and country regulations. You can download and use during an audit. I had a copy printed for easy reference. You can also find this and other MDSAP documents on the FDA website. There are organizations that also provide auditor training for MDSAP that are very helpful. Before I started auditing for this, I took a course.

The audits I perform are either 5 days and I audit all 7 chapters or the chapters are split throughout the year so that all process chapters are audited at least once during a 12 month schedule. My notes/evidence follow the chapter tasks and are retained as a record of the audit. I also provide a summary report. You can modify it based on the applicable countries for the organization.

My best suggestion is to download and read through the MDSAP Audit Approach and have a copy of ISO13485.

If your question is related to just performing a process-based ISO13485 audit the above information can be helpful. Another way to approach it is to create a table with the clauses listed on the left and the organization's defined QMS processes as columns across the top. Use a check mark to identified all clauses related to each process. Clauses may apply to more than one process. Make sure all clauses are captured at least once (unless justified as nonapplicable). From this you can plan your audit based the process and ensure that conformance assessment is made to the associated clauses.

Hope this helps.

 

[Jim Wynne]

I believe your question is related to the medical device single audit program.

Thanks for the information, but I'm not sure how you came to this conclusion. Process-based audits are common in all standardized quality management systems. Outside of medical devices, of which I know next to nothing, internal audits should generally be based on the organization's own requirements and not clauses of the standard(s).

 

[cscalise]

The email message I received had the following header "MDSAP Internal Audit Program example wanted" so I replied with that in mind. then looking at the thread it linked to I wasn't sure so I tried to answer both. I have over 500 days of combined auditing experience is ISO13485, 9001, MDSAP, EU MDR, EU IVDR, 21CFR820 (3rd, 2nd and 1st party audits). I only audit using a processed based approach. The clause-based checklist is helpful but ineffective at addressing process linkages and interactions.

 

[Jim Wynne]

The email message I received had the following header "MDSAP Internal Audit Program example wanted" so I replied with that in mind. then looking at the thread it linked to I wasn't sure so I tried to answer both. I have over 500 days of combined auditing experience is ISO13485, 9001, MDSAP, EU MDR, EU IVDR, 21CFR820 (3rd, 2nd and 1st party audits). I only audit using a processed based approach. The clause-based checklist is helpful but ineffective at addressing process linkages and interactions.

This thread was created because the original post here had been tacked on to the thread with the title you cite, and was irrelevant to that topic.