ISO 13485: 2016 Internal Audit - Is sampling on projects allowed?

Thukira

Involved In Discussions
#1
Hi...We are certified to ISO 13485: 2016 for service projects and products which are not included in MDD scope as per ISO certificate.

We are planning for internal audit program this year.

Give that the above scenario, is sampling on projects allowed as per ISO 13485:2016.

Example: In total of 4 service projects of different customer, can we do 2 projects for internal audit and show the same for external auditors or what standard says on this /would be best practices

In 13485, I could not refer requirements that we should cover all projects or sample projects for internal audit.

Please advise.
 

Pads38

Quite Involved in Discussions
#2
I would suggest that this is covered at 8.2.4 -

An audit program shall be planned, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits. The audit criteria, scope, interval and methods shall be defined and recorded.
 

AndyN

A problem shared...
Staff member
Super Moderator
#3
Hi...We are certified to ISO 13485: 2016 for service projects and products which are not included in MDD scope as per ISO certificate.

We are planning for internal audit program this year.

Give that the above scenario, is sampling on projects allowed as per ISO 13485:2016.

Example: In total of 4 service projects of different customer, can we do 2 projects for internal audit and show the same for external auditors or what standard says on this /would be best practices

In 13485, I could not refer requirements that we should cover all projects or sample projects for internal audit.

Please advise.
I'm not certain you understand WHY you are selecting a specific project to be audited. So, please help us understand, what you are considering in selecting these two...?
 

Thukira

Involved In Discussions
#4
There was internal discussion happened internal audit , where it was decided that out of 4 projects , audit can be performed any two projects as sample, and also there was counter argument that atleast once in a year all projects in ISO scope should be audited and report should be submitted.

Finally, Audit plan for a year prepared having two projects in Q2 and other two in Q4
to focus.

I'm not sure where it is correct for the projects in ISO 13485 scope and not in MDD scope will make any difference here.. pl guide
 

AndyN

A problem shared...
Staff member
Super Moderator
#5
There was internal discussion happened internal audit , where it was decided that out of 4 projects , audit can be performed any two projects as sample, and also there was counter argument that atleast once in a year all projects in ISO scope should be audited and report should be submitted.

Finally, Audit plan for a year prepared having two projects in Q2 and other two in Q4
to focus.

I'm not sure where it is correct for the projects in ISO 13485 scope and not in MDD scope will make any difference here.. pl guide
People talk all day long about how many, instead of why! It's incorrect to think in terms of quantities of things to audit. You have to ask yourself WHY do I need to audit a project...
 

Thukira

Involved In Discussions
#6
Not only quantity Andy, also includes that the audit of the processes and the sampling should focus on the following (based on risk):
a. Previously identified potential and existing nonconformities
b. new or modified designs and new products
c. new or modified processes
d. areas not sufficiently covered during the surveillance period

In all projects, as part of continuous improvement, there will be changes. Hence we have do audit for all projects atleast once in a year as defined in our procedure.

Hence it was planned as Q2 and Q4 for IA and the report will be presented during MRM.

Will this be acceptable, or any thoughts towards this
 

AndyN

A problem shared...
Staff member
Super Moderator
#7
Not only quantity Andy, also includes that the audit of the processes and the sampling should focus on the following (based on risk):
a. Previously identified potential and existing nonconformities
b. new or modified designs and new products
c. new or modified processes
d. areas not sufficiently covered during the surveillance period

In all projects, as part of continuous improvement, there will be changes. Hence we have do audit for all projects atleast once in a year as defined in our procedure.

Hence it was planned as Q2 and Q4 for IA and the report will be presented during MRM.

Will this be acceptable, or any thoughts towards this
Your previous posts didn't mention this information, only number of projects. What are you seeking to have answered? You next consideration would be when to audit. Based on this recent information, surely, doing the audits only once a year doesn't appropriately address the reasons for auditing. Once a year is a frequency, true, but those processes which are riskier or have more changes need different frequencies.

My point is, planning audits isn't a simple task. Doing something based on once a year and in Q2 or Q4 isn't actually meaningful, if there's no consideration of why and when an audit is going to reveal useful results...
 
Top