ISO 13485 Audit Questions - Internal Auditor Training and other Requirements

M

mlaurie

#1
I looked through our blogs but could not find an answer.

We recently completed a surveillance audit, 3-11-15, from our CB. Although we did not receive an NC, he claims that: (#1) I, as the Manager Rep, have jeopardized the internal audit process because, 5.5.2 a) states that ?ensuring the processes needed for the QMS are established, implemented and maintained?. Meaning any internal auditing I do is essentially auditing my own work.
#2) any internal auditors trained to 9001 are not qualified for 13485 medical audits.
There is some validity in 2 but they can audit common/similar areas of the system. Does anyone have any input on this?

Also: Is there a data base somewhere for qualified auditors that conduct in-house auditor training? We have 9 people in-scope and top management will not pay $10K to fly trainers in from our CB.
Thanks
Sarasota Mike
 
Elsmar Forum Sponsor
#2
I looked through our blogs but could not find an answer.

We recently completed a surveillance audit, 3-11-15, from our CB. Although we did not receive an NC, he claims that: (#1) I, as the Manager Rep, have jeopardized the internal audit process because, 5.5.2 a) states that ?ensuring the processes needed for the QMS are established, implemented and maintained?. Meaning any internal auditing I do is essentially auditing my own work.
#2) any internal auditors trained to 9001 are not qualified for 13485 medical audits.
There is some validity in 2 but they can audit common/similar areas of the system. Does anyone have any input on this?

Also: Is there a data base somewhere for qualified auditors that conduct in-house auditor training? We have 9 people in-scope and top management will not pay $10K to fly trainers in from our CB.
Thanks
Sarasota Mike
Your auditor is talking rubbish, frankly! (if what you post is accurate). You are NOT auditing your own work, unless you actually TOUCH it. The QMS isn't YOUR work. Good grief! Why would anyone cite that, when it's in 8.2.2, either, is beyond me!

Also, YOU determine "competency" for your auditors. Frankly going to ANY course doesn't make ANYONE competent - again, the auditor demonstrates a complete lack of competency themselves in saying so! No, ignore them, and call your CB and tell them you don't appreciate such "off the cuff" comments, which are both unwarranted and unwelcome. Ask them to NOT send back the auditor next time - maybe consider also changing CBs...
 

Marcelo

Inactive Registered Visitor
#3
(#1) I, as the Manager Rep, have jeopardized the internal audit process because, 5.5.2 a) states that “ensuring the processes needed for the QMS are established, implemented and maintained”. Meaning any internal auditing I do is essentially auditing my own work.
Theoretically, he?s right, but I don?t see this NC being raised often (I do raise them, thought :p).

The requirement for auditing is not that you must not audit your own work, but to have freedom from responsibility for the activity being audited.

The management representative is required by the standard to be responsible for the whole quality system, so in practice if you are the management representative, you cannot audit the system in any way.

#2) any internal auditors trained to 9001 are not qualified for 13485 medical audits.
This is also correct.
 
#4
Theoretically, he?s right, but I don?t see this NC being raised often (I do raise them, thought :p).

The requirement for auditing is not that you must not audit your own work, but to have freedom from responsibility for the activity being audited.

The management representative is required by the standard to be responsible for the whole quality system, so in practice if you are the management representative, you cannot audit the system in any way.



This is also correct.
I don't believe you are correct! The "work" referred to isn't the QMS at all! If this were the case, about 70% of implementations would be non-compliant. As for someone trained in ISO 9001 vs 13485, where is it a requirement in either standard that any auditor has to be trained in a standard?
 

Marcelo

Inactive Registered Visitor
#5
I don't believe you are correct! The "work" referred to isn't the QMS at all!
From ISo 19011:

3.1
audit
systematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it objectively to determine the extent to which the audit criteria (3.2) are fulfilled
NOTE 1 Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g. to confirm the effectiveness of the management system or to obtain information for the improvement of the management system). Internal audits can form the basis for an organization?s self- declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.

If this were the case, about 70% of implementations would be non-compliant.
I think they are, but nobody seems to care.

As for someone trained in ISO 9001 vs 13485, where is it a requirement in either standard that any auditor has to be trained in a standard?
Nowhere, but if you are auditing ISO 13485, how can you audit if you do not know ISO 13485? Would it be ok to audit ISO 13485 if you only know ISO/TS 16949: 2009?

Anyway, I think what the OP meant is that someone with only and ISO 9001 background cannot , in principle audit ISO 13485 requirements, and that?s what I agreed with (not related to courses of anything).
 
#6
From ISo 19011:






I think they are, but nobody seems to care.



Nowhere, but if you are auditing ISO 13485, how can you audit if you do not know ISO 13485? Would it be ok to audit ISO 13485 if you only know ISO/TS 16949: 2009?

Anyway, I think what the OP meant is that someone with only and ISO 9001 background cannot , in principle audit ISO 13485 requirements, and that?s what I agreed with (not related to courses of anything).
That's a completely bizarre interpretation of both what ISO 19011 guides and the requirement to not audit your own work! How would a very small company exist, if someone couldn't audit a process they participate in - unless they avoid auditing the work they actually touched! The QMS isn't the QA mgr (or Mgmt rep's) "Work". Someone else implements it, don't they?

Also, internal auditors don't need to know a standard to be able to perform an internal QMS audit - if they did, it would state so - and only ISO/TS 16949 makes that a clear requirement...(it may be in AS, I can't remember and it's a sector scheme, not an ISO)
 
Last edited:

Marcelo

Inactive Registered Visitor
#7
As I mentioned, the requirement is not "not to audit your own work", but "not to audit an activity your are responsible for".

Responsability is different from who does "work". It?s related to accountability. So yes, people implement the system, but due to the requirement of the standards, the management representative is accountable (responsible) for the whole system.

Also, related to the QMS auditing, I didn?t say that you need to know the standard to audit a QMS, but one requirement from the standards is that you need to audit the requirements form the standards, so I don?t think it?s possible if you don?t know the standard. Anyway, I still don?t think this is what the OP mentioned.
 

Marcelo

Inactive Registered Visitor
#8
Oh, sorry, you were talking about the requirement "Auditors shall not audit their own work" (I think I?m still jet-lagged :p). Yes, this is also true, but in a more general way, as described in 19011, the impartiality is related to responsibilities. I?ve always thought that that requirement is a bit misleading the way it?s phrased and, if you note, the draft revision removed this requirement and points to ISO 19011 so they will really correct that mistake, in my opinion.
 

Big Jim

Super Moderator
#9
As I mentioned, the requirement is not "not to audit your own work", but "not to audit an activity your are responsible for".

Responsability is different from who does "work". It?s related to accountability. So yes, people implement the system, but due to the requirement of the standards, the management representative is accountable (responsible) for the whole system.

Also, related to the QMS auditing, I didn?t say that you need to know the standard to audit a QMS, but one requirement from the standards is that you need to audit the requirements form the standards, so I don?t think it?s possible if you don?t know the standard. Anyway, I still don?t think this is what the OP mentioned.
In support of Andy, you are reaching beyond what the standard says.

19011 is GUIDANCE. There are no SHALLS in 19011. You cannot impose 19011 guidance as requirements for either 9001 or 13485. Consider it more as a best practice at most.
 
M

mlaurie

#10
Although somewhat new to the manager rep position, I?ve guided our company through stage 1 & 2, ? dozen surveillance audits and one re-cert with several different auditors. This is the first time this issues has been raised and this auditor is just now in his 2nd year. I lean more towards Andy and Jim on this but appreciate everyone?s input. No NC was assessed so no formal compliant will be issued to my CB. Thanks to all.
I still need a resource for audit instructors
Thanks again
Sarasota Mike
 
Thread starter Similar threads Forum Replies Date
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
A What if Contract Manufacturers does not have an ISO 13485 certificate? Where will the NB audit take place, at legal mfg. site or contract mfg. site? Other Medical Device Regulations World-Wide 3
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
L ISO 13485:2016 Clause 8.4 - Analysis of Audit Observations ISO 13485:2016 - Medical Device Quality Management Systems 8
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
P Dropping ISO 9001 limits the scope of the ISO 13485 audit? ISO 13485:2016 - Medical Device Quality Management Systems 6
E MDSAP Audit - Our QMS conforms to ISO 13485:2016 and FDA GMP Canada Medical Device Regulations 9
J ISO 13485 Audit Nonconformance written against 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 25
J Training documentation - ISO 13485 audit and the auditor had questions General Auditing Discussions 7
J EU ISO 13485:2016 Recertification Audit - Effect of 10 Minor Nonconformances EU Medical Device Regulations 2
J ISO 13485 Recertification audit extension ISO 13485:2016 - Medical Device Quality Management Systems 1
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
A ISO-13485 7.1 - Preparing for our MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
T ISO 13485: 2016 Internal Audit - Is sampling on projects allowed? ISO 13485:2016 - Medical Device Quality Management Systems 6
D Where I can find an ISO 13485:2016 Audit Schedule example? ISO 13485:2016 - Medical Device Quality Management Systems 4
L Need HELP with Internal Audit Program ISO 13485.2003 Quality Management System (QMS) Manuals 3
J Internal Audits - Closing Audit Deficiency Reports (ISO 13485) Internal Auditing 4
S EN ISO 13485:2016 vs. ISO 13485:2016 - Unannounced MDD Audit yesterday ISO 13485:2016 - Medical Device Quality Management Systems 4
V Under what circumstances will a Registrar Audit a Company? (ISO 13485 - Canada) Canada Medical Device Regulations 5
A Audit Checklist for ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 19
S Audit checklist for "Design Controls" per ISO 13485 wanted Internal Auditing 3
somashekar ISO 13485 plus ISO 9001:2015 will now attract a minimum 2 day upgrade audit ISO 13485:2016 - Medical Device Quality Management Systems 9
J Can I conduct Internal Audit for combined ISO 9001, ISO 13485 and ISO 14001? Internal Auditing 37
Q Writing appropriate ISO 13485 Audit Report Findings Internal Auditing 15
S How is the NB ISO 13485 audit for CE Marking different from regular ISO audit ? EU Medical Device Regulations 5
K Including ISO 13485 Audit JPAL Registration Japan Medical Device Regulations 3
M ISO 13485 Certification - Internal Audit Program Required ISO 13485:2016 - Medical Device Quality Management Systems 12
J Pre-Revenue Medical Device Company ISO 13485 Audit ISO 13485:2016 - Medical Device Quality Management Systems 1
F Response to ISO 13485 Audit Minor Nonconformances ISO 13485:2016 - Medical Device Quality Management Systems 6
L Mock Audit by External Consultant (ISO 13485) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
Q Class I Technical File reviewed during ISO 13485 Certification Audit by NB CE Marking (Conformité Européene) / CB Scheme 10
A Quality Objectives 5.4.1 - KPI SOP - ISO 13485 Audit Observations EU Medical Device Regulations 6
M IAF-MD9 Audit Man-Days Requirements for ISO 13485 Quality Manager and Management Related Issues 30
R How much "harder" is an ISO 13485 Registration Audit compared to ISO 9001 ISO 13485:2016 - Medical Device Quality Management Systems 6
Q Post Market Surveillance SOP - ISO 13485 Audit Nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 3
L ISO 13485 Internal Audit Schedule example needed Internal Auditing 9
T One Supplier Audit Checklist to cover ISO 9001:2008 and 13485:2003 Supplier Quality Assurance and other Supplier Issues 1
T I'm seeking ISO 13485:2003 Supplier Audit Checklist Supplier Quality Assurance and other Supplier Issues 1
C Lapse between ISO 13485 certificate expiring and new audit ISO 13485:2016 - Medical Device Quality Management Systems 9
J General ISO 13485 Certification Assessment Audit Question ISO 13485:2016 - Medical Device Quality Management Systems 1
C Contract Manufacturer and Stage 2 Audit for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
M QSIT-Based ISO 13485 Internal Audit Schedule Internal Auditing 8
G Need help in an upcoming ISO 13485 Audit ISO 13485:2016 - Medical Device Quality Management Systems 7
K ISO 13485 Audit Finding on Regulatory Issues - Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S Freshman needs help with ISO 13485 Audit Process ISO 13485:2016 - Medical Device Quality Management Systems 46
R ISO 13485 Surveillance Audit Nonconformances and Report Help Needed ISO 13485:2016 - Medical Device Quality Management Systems 9
C System Root Cause and CA (Corrective Action) for ISO 13485 Audit Nonconformances ISO 13485:2016 - Medical Device Quality Management Systems 3
K ISO 13485 Audit help needed General Auditing Discussions 20
Le Chiffre ISO 13485:2003 Voluntary Audit Report Submission Program ISO 13485:2016 - Medical Device Quality Management Systems 3

Similar threads

Top Bottom