ISO 13485 Internal Audit

[Jen Kirley]

As has been stated, yes the audit is required. Please contact your registrar, who should provide you with a full description of the process and what is required of you at each stage (Stage 1 and Stage 2). If your registrar will not provide this, you have the wrong registrar and need to find one that properly communicates with you, the client.

 

[Randy]

Is it mandatory to perform the internal audit before the first stage of the ISO 13485?

I just reread the post...........and will give an amendment.

Not entirely and it's like the management review so here goes. (I used to teach this stuff)

The Stage 1 is to verify that you've got in place the mechanisms necessary to successfully navigate the Stage 2.

Stage 1 verifies PLANNING of the system (can it work)

Stage 2 verifies PERFORMANCE of the system (does it work and is it being done)

Here's a small part of the real deal requirements for Stage 1 & Stage 2 from ISO 17021, it's copywrited so it can't be shown in its entirety.

ISO 17021 Conformity assessment - Requirements for bodies providing audit and certification of management systems
9.2.3.1.1 The stage 1 audit shall be performed to.....
g) evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

9.2.3.2 Stage 2 audit
The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system.

 

[Andrada T.]

Thank you for all the responses!
We do internal audits for ISO 9001 and also Management Reviews every year. We are doing only software development and we want to get certified ISO 13485 for a few projects where we develop software for medical devices. Actually, we do not have many changes in our QMS, we are not producing medical devices. And the teams are following the clients' processes (the clients are ISO 13485 certified). Also, we are working with our clients on these projects. We will perform the internal audit on ISO 13485 before the first stage of the external audit, I just wanted to be sure if this is mandatory or not.

 

[Andrada T.]

Hi all, I would have one more question: do we need to have procedures for the validation of the application of computer software
used in production and service provision? As I said in the previous comments, we produce software for medical devices and we are working in projects together with our clients. We are not involved in medical devices production or storage.
On the other hand, all the documents, records, code sources for these projects are stored in the clients' repositories. And we use the same tools for projects as our clients. Thank you!

 

[Jen Kirley]

Hello Andrada T., please see 4.1.6 of ISO 13485:2016. The clause specifies "...used in the quality management system." Do you have a copy of the standard?

 

[Randy]

" Do you have a copy of the standard?

I'd guess not.

 

[Andrada T.]

Hello Andrada T., please see 4.1.6 of ISO 13485:2016. The clause specifies "...used in the quality management system." Do you have a copy of the standard?

Hi, we have a copy of the standard, but we are at the beginning with the implementation of the requirements...
Thank you for your response!