Hi All,
I have a question regarding the internal audit process. Please see below background about the company I work for:
Our site is certified to ISO 13485:2016 and 21 CFR 820. We have an extensive audit checklist (13485 and 21 CFR 820) which is pretty much in the form of turning every clause into a question. To accompany this we also have a Process Clause Matrix, however the PCM does not reference any clauses, it simply details the process on the X axis and then has a list of “elements” on the Y axis. See example below:
My issue with this PCM is that the 13485:2016 and 21 CFR clauses are not specifically called out in this document. For example if an auditor were to complete an internal audit that involved the review of the change management process, The control of documents is called out as an element for review during this audit but no specific clauses are called out. Therefore the auditor needs to trawl through the audit checklist, find this element (and other applicable elements) and complete the audit.
What I would like to know if anyone has any advice or any examples of a PCM that has a list of process and a list of elements that cover all applicable clauses to that site (Ideally if you have an example that has 13485 and 21 CFR 820 that would be great, I more so just want to see how it is laid out). In my opinion the PCM should reference all clauses for all certification on site to prove that our audits are robust and all elements are taken into consideration during the internal audit process. For example, if control of documents is required the elements section should include reference to 13485:2016 4.2 and 820.40 21 CFR 820
Also I want to ultimately make it easier on the internal auditors to complete the internal audit checklist, if they can simply review the PCM, N/A the clauses which are not applicable to their audit and carry on this will save invaluable time.
If anyone’s mindset differs please let me know and describe why you do not prescribe to this method of internal auditing and what you would do differently.
Many thanks
COR
I have a question regarding the internal audit process. Please see below background about the company I work for:
Our site is certified to ISO 13485:2016 and 21 CFR 820. We have an extensive audit checklist (13485 and 21 CFR 820) which is pretty much in the form of turning every clause into a question. To accompany this we also have a Process Clause Matrix, however the PCM does not reference any clauses, it simply details the process on the X axis and then has a list of “elements” on the Y axis. See example below:
My issue with this PCM is that the 13485:2016 and 21 CFR clauses are not specifically called out in this document. For example if an auditor were to complete an internal audit that involved the review of the change management process, The control of documents is called out as an element for review during this audit but no specific clauses are called out. Therefore the auditor needs to trawl through the audit checklist, find this element (and other applicable elements) and complete the audit.
What I would like to know if anyone has any advice or any examples of a PCM that has a list of process and a list of elements that cover all applicable clauses to that site (Ideally if you have an example that has 13485 and 21 CFR 820 that would be great, I more so just want to see how it is laid out). In my opinion the PCM should reference all clauses for all certification on site to prove that our audits are robust and all elements are taken into consideration during the internal audit process. For example, if control of documents is required the elements section should include reference to 13485:2016 4.2 and 820.40 21 CFR 820
Also I want to ultimately make it easier on the internal auditors to complete the internal audit checklist, if they can simply review the PCM, N/A the clauses which are not applicable to their audit and carry on this will save invaluable time.
If anyone’s mindset differs please let me know and describe why you do not prescribe to this method of internal auditing and what you would do differently.
Many thanks
COR