ISO 13485 Internal Audit

Jen Kirley

Quality and Auditing Expert
Leader
Admin
As has been stated, yes the audit is required. Please contact your registrar, who should provide you with a full description of the process and what is required of you at each stage (Stage 1 and Stage 2). If your registrar will not provide this, you have the wrong registrar and need to find one that properly communicates with you, the client.
 

Randy

Super Moderator
Is it mandatory to perform the internal audit before the first stage of the ISO 13485?
I just reread the post...........and will give an amendment.

Not entirely and it's like the management review so here goes. (I used to teach this stuff)

The Stage 1 is to verify that you've got in place the mechanisms necessary to successfully navigate the Stage 2.

Stage 1 verifies PLANNING of the system (can it work)

Stage 2 verifies PERFORMANCE of the system (does it work and is it being done)

Here's a small part of the real deal requirements for Stage 1 & Stage 2 from ISO 17021, it's copywrited so it can't be shown in its entirety.

ISO 17021 Conformity assessment - Requirements for bodies providing audit and certification of management systems
9.2.3.1.1 The stage 1 audit shall be performed to.....
g) evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

9.2.3.2 Stage 2 audit
The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system.
 

Andrada T.

Registered
Thank you for all the responses!
We do internal audits for ISO 9001 and also Management Reviews every year. We are doing only software development and we want to get certified ISO 13485 for a few projects where we develop software for medical devices. Actually, we do not have many changes in our QMS, we are not producing medical devices. And the teams are following the clients' processes (the clients are ISO 13485 certified). Also, we are working with our clients on these projects. We will perform the internal audit on ISO 13485 before the first stage of the external audit, I just wanted to be sure if this is mandatory or not.
 

Andrada T.

Registered
Hi all, I would have one more question: do we need to have procedures for the validation of the application of computer software
used in production and service provision? As I said in the previous comments, we produce software for medical devices and we are working in projects together with our clients. We are not involved in medical devices production or storage.
On the other hand, all the documents, records, code sources for these projects are stored in the clients' repositories. And we use the same tools for projects as our clients. Thank you!
 
Last edited:

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Hello Andrada T., please see 4.1.6 of ISO 13485:2016. The clause specifies "...used in the quality management system." Do you have a copy of the standard?
 

Andrada T.

Registered
Hello Andrada T., please see 4.1.6 of ISO 13485:2016. The clause specifies "...used in the quality management system." Do you have a copy of the standard?
Hi, we have a copy of the standard, but we are at the beginning with the implementation of the requirements...
Thank you for your response!
 

Chrisx

Quite Involved in Discussions
It's been a number of years since I worked for a notified body, but as I recall the policy at the time was to issue a minor nonconformity if a complete internal audit had not been completed. We could proceed with the state 2 audit. However, if a complete internal audit of the QMS had not been completed by the stage 2, then a major nonconformity was issued. I am quite certain no certificate could be issued without a complete internal audit of the QMS. The auditor has to obtain objective evidence of implementation for each clause of the standard. No objective evidence equals no certificate.
 

LUFAN

Quite Involved in Discussions
Hi, we have a copy of the standard, but we are at the beginning with the implementation of the requirements...
Thank you for your response!

If you're making some sort of milestone type tracker or gantt chart, you'll definitely want to include a full QMS audit and management review prior to your certification audits as a blocking activity.
 

Guarina

Starting to get Involved
It is not being obligated, also you have an internal audit plan with the different processes to be audited, not all of them are going to be performed before the stage 1
 
Top Bottom