ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training

Schkund

Involved In Discussions
Our company's Quality Manager acts as the Head Team Auditor for our Internal Audit program. We are certified to ISO 13485:2016 and all of our internal auditors, Quality Manager, included, have received training as ISO 13485:2016 internal auditors. At a former job, our Quality Manager received training as a LEAD Auditor for a different industry, specifically IATF.

When she moved from her IATF-related job to this position in the medical device industry, she took a lot of forms that she developed, adapted them for our industry, and implemented them. One of these forms was our final audit report, which compiles the information from all of the internal audits performed for the month to share with management. At the top of the report she labeled herself as "Lead Auditor".

The auditor for the company that provides our ISO certification is giving us a minor nonconformance because there is no evidence that she has been trained as an ISO13485 lead auditor, only two separate certificates, one for lead auditing in another industry, and another for 13485, but not as a lead auditor. Our process doesn't state anything about a lead auditor, simply that the Quality Manager is the team leader for our internal auditing group, but because one form refers to her as a lead auditor, we are receiving a nonconformance.

So my question is this: what additional training is given to an ISO13485 lead auditor versus a "regular" ISO13485 internal auditor, and is that additional training different than what they would receive as an IATF lead auditor? My understanding is that certification as a lead auditor gives you the tools to plan, schedule, and review the internal audits of the team... basically, to act as a leader and planner for the rest of the internal audit team. Is there really so much different being taught between the two types of lead auditor that she will have to take 4 more days of training AGAIN to become a "legitimate" ISO13485 lead auditor?
 

Sidney Vianna

Post Responsibly
Leader
Admin
The auditor for the company that provides our ISO certification is giving us a minor nonconformance because there is no evidence that she has been trained as an ISO13485 lead auditor,
Push back. There is no SUCH requirement in the standard and you confirmed that it is not a self imposed requirement. If the CB auditor wants to infer your lead auditor is not competent for the function, s/he will have to provide evidence to that effect.
 

Golfman25

Trusted Information Resource
Not being intimately familiar with 13485, is there a specific training requirement for auditors? Or is it simply competence that is required, like the other standards (even IATF doesn't require training, just demonstrated competence)? There are several posts regarding competency and training here. I would push back. Good luck.
 
When you take a lead auditor training course, you are trained to ISO 13485 requirements. Regardless, this should not be a finding.

But wait, how can the Quality Manager be doing an internal audit? "Auditors shall not audit their own work." I would give you a nonconformity for that. Just sayin'...
 

Schkund

Involved In Discussions
She doesn't audit Quality Systems where she is listed as the process owner. Rather, she audits areas such as Purchasing, production processes on the floor, etc. She is the Quality Manager, but it doesn't mean that she is the one executing all aspects of the quality management system; those responsibilities are distributed among our managers.
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Wow, we've opened many different cans of worms here.

@Schkund
As mentioned by @Sidney Vianna and others, PUSH BACK. She can call herself what ever she wants ..."lead auditor" ..."supreme leader".... etc.. In this context that does NOT matter. There is NO requirement for any specific internal auditor training. (see my next comments below).

@Golfman25 .
Your assumption is correct. ISO 13485 is written nearly identical to 9001 in this regards. There are no specific requirements for internal auditors beyond competency, objectivity, impartiality.



Hope this helps.
Be well.
 
Last edited:

Sidney Vianna

Post Responsibly
Leader
Admin
there is NO longer a requirement that ... "Auditors shall not audit their own work." This was removed from ISO for standards "2015" and beyond.
John, the requirement is still in place for ISO 13485:2016. Very likely, the requirement will remain when the TC210 finally revise 13485 and align it with the HLS. The other day I posted the additional internal auditing requirements in ISO 37001 and they are VERY STRICT about who can be assigned as internal auditors.
 

Schkund

Involved In Discussions
Thank you so much for all of your feedback. When the issue arose, we presented all of the information that I've shared with you in the above posts and pressed the auditor to drop the finding, but he insisted that it was a nonconformance. We hope to bring it up one more time at the end of our audit... we've pulled some verbiage from ISO 19011 regarding requirements for lead auditor training. If he still insists on reporting it as a finding, we will likely argue the finding further with the regulatory body.
 
Top Bottom