Internal Auditing Frequency Requirements in a Medical Device Company

H

htquality

#11
Happy New Year everyone! Thanks to all of you for your great feedback. Afterall, I was able to keep the schedule as is for 2012, covering the entire Quality System.
 
Elsmar Forum Sponsor
M

MRWardell

#12
Our experience has been that our CB auditor expects us to audit the entire system yearly. We audit by process, and any process audit will cover one or more aspects of the standard, so over a year we do audit all requirements of 13485 (and 9001). To do all our processes requires about 30 internal audits, which is a considerable number to complete. Our plan this year is to begin reassessing auditing every process, and to reduce the frequency (from yearly) for some of the processes which are well implemented and have not shown issues either during internal or external audits. We are not FDA registered but we are contract manufacturing a medical device and seek to be FDA compliant. I wonder what the FDA (or any specific company) considers "the entire system"? Is it all the sections of the standard (doc control, internal audits, CAPA, etc.), is it all your procedures, is it every work center, etc.? I also audit for a CB 9001 and 14001, and my expectation is a company conducts regular audits, and that they cover the entire system (all their processes and all aspects of the standard) during the 3 year registration cycle. I also expect that they utilize the results of audits to reassess where they put their auditing resources, increasing audits in areas where there are issues and decreasing audits where the system is functioning well. I would be interested to hear any thoughts on what the FDA considers "the entire quality system".
 
T

treesei

#13
Our experience has been that our CB auditor expects us to audit the entire system yearly. We audit by process, and any process audit will cover one or more aspects of the standard, so over a year we do audit all requirements of 13485 (and 9001). To do all our processes requires about 30 internal audits, which is a considerable number to complete. Our plan this year is to begin reassessing auditing every process, and to reduce the frequency (from yearly) for some of the processes which are well implemented and have not shown issues either during internal or external audits. We are not FDA registered but we are contract manufacturing a medical device and seek to be FDA compliant. I wonder what the FDA (or any specific company) considers "the entire system"? Is it all the sections of the standard (doc control, internal audits, CAPA, etc.), is it all your procedures, is it every work center, etc.? I also audit for a CB 9001 and 14001, and my expectation is a company conducts regular audits, and that they cover the entire system (all their processes and all aspects of the standard) during the 3 year registration cycle. I also expect that they utilize the results of audits to reassess where they put their auditing resources, increasing audits in areas where there are issues and decreasing audits where the system is functioning well. I would be interested to hear any thoughts on what the FDA considers "the entire quality system".
To US FDA, the fundamental QMS is in 21 CFR 820 which fortunately is very similar to 13485. We plan our audits based on 13485 (like 9001), which strategically satisfies the FDA per "the entire quality system". There are a lot of work done to compare 13485 and 21 CFR 820, which we use for adjustment. FDA's QSIT manual is a good reference to tell us what they think about a QS and how they conduct their QMS inspections.
 

Marcelo

Inactive Registered Visitor
#14
Food for though - I think I’m inspired today :)

Theoretically speaking - love theory - what is the objective of an internal audit?

For ISO 9001/13485 it is to determine if the qualit system

- conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and

- is effectively implemented and maintained.

People tend to think of it only in terms of the time (6 months, 1 year, 2 years, etc) and in bulk (the internal audit wil verify everything), but in fact "planned intervals" and the four things you have to verify means that you have to analyse your processes and decide when it's necessary to:

- evaluate if the planning of product realization is being followed - this is related to fulfilling the plan.

- evaluate if the requirements of ISO standards are being fulfilled (the process "control" requirements which is what the standards are) - this is related to fulfilling the standard.

- evaluate if the requirements of the quality management system (the majority of the reuirements of any system are the ones that the organization defines as needed to perform - meaning, the processes requirements) - meaning, if the requirements define by the company are being fulfilled.

- evaluate if the system is effective - this is related to the system performance, meaning, if the system is achieving it's objectives.


Note that they are 4 very different things, but users and auditors usually focus only on the second part thinking that the "audit" will verify everything.

In fact it won't.

Also note that the type of audit for each one differs, which means that the required intervals differs too.

Problably, the best way to fulfill these requirements is to have at least 4 different audits, each one focusing on one of the aspects required by the standard.

- one audit to evaluate if the product realization planning is being fulfilled - plans are to be created and followed - and usually are finished in the defined time, and are only re-taken if something changed. So, this audit would be in principle performed when you create for the first time your product realization process, and another audit is only needed if the plan changes. This is the planned interval (note that it's related to the time but to a situation)

- one audit to evaluate the conformity with the standard - this is what regulators, NBs and certification bodies really might think of being annual. However, from the standpoint of the standard, when is it really necessary to evaluate the conformity with the standard?
If you remember that the requirements of a management system standard are simply controls which have to be included in the processes defined by the organization to fulfill it's objectives, when you need to evaluate if the controls are being used correctly? The standard already require that the system have a feedback loop of monitoring, measurement and anslysis processes to ensure conformity. So, in fact an audit to evaluate thaht the controls are implemented are only necessary when you implement the controls, or when the standard changes - not annually!

- one audit to evaluate if the requirements of the quality management system are being met - the same thing, once implemented, an audit would only be needed if things change.

- one audit to verify if the system is effectively implemented and maintained - this is the real deal. This audit verify if the system is “performing” as intended, if it’s achieving it’s objevtives. So, if the objective of a process is to creat xx devices per month, this audit would evaluate that. When is it needed? Aytime the business needs to verify if it’s operating as intented. Is annually ok? Doubt it, if I have a business I would require some kind of monthly analysis to verify that things are ok. From a business perspective, I cannot wait one year to see if things are ok, I need as much assurance as temporarily possible to make business decisions if things are out of the expected.

Wow. Now I’m tired.
 
Last edited:
C

channelr

#15
Hello, I see conflicting information and am analyzing our Audits. It would be nice to spread them out over a 2 year schedule the ones that have the least risk- but if the FDA gave a 483 to a company for not auditing annually, I feel that is a risk as well. Any advice is greatly appreciated. I thought for ISO 13485 if we audited 5 scopes was an annual requirement but I can't remember which ones. :nope:
 
Thread starter Similar threads Forum Replies Date
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
B PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
S Internal Auditing related to RISK Internal Auditing 9
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Internal Auditing - How to make it useful? Internal Auditing 36

Similar threads

Top Bottom