QSIT-Based ISO 13485 Internal Audit Schedule

[MyronW]

Our internal audit schedule had become an unwieldy nightmare for me. I am the only auditor, and the schedule was not process based, it was not logic based, it was not anything based. It was just a mess that I inherited, so I took it upon myself to make some sense of it.

Fortunately, I had just completed an audit cycle, and our system is in pretty good shape, so I didn't have any huge messes to clean up. I started looking at different ways to schedule the audits according to the standard: status, importance, results of previous audits, etc., and found that none of these criteria are useful for setting up a baseline schedule. That's why new folks stand around with that deer-in-the headlights look when they try to set up their first schedule. It doesn't make sense to set up a results-based schedule when you don't have any results to work with!

After much thought and work, I developed an annual internal audit schedule that is based on the FDA's QSIT Manual. I was careful to keep it as process-based as I could, although there is room for improvement. All of the ISO 13485:2003 elements are covered, but they are not sequential, nor are they intended to be.

Have a look, and let me know what you think. So far it's worked out quite well!

Myron

 

[MIREGMGR]

You say that things are in pretty good shape regarding preceding internal audits...is that also true of your CB's last couple of audits, and of any recent FDA inspections?

 

[Gert Sorensen]

That looks very interesting. I will dig into it immediately!

Thank you for sharing it.

 

[MyronW]

You say that things are in pretty good shape regarding preceding internal audits...is that also true of your CB's last couple of audits, and of any recent FDA inspections?

FDA came through here in September. No troubles.
We had our recertifying audit 2 weeks ago. We passed, although there were 3 minor NCs. One for an obsolete sterilization standard (we don't make sterile products), one for references to obsolete revisions of standards in a couple of SOPs and a job description, and one for a missing audit checklist.

Each of these NCs falls on my shoulders as the internal auditor to detect prior to an outside audit. I inherited this system in May of last year, and I'm the Chief Cook and Bottlewasher when it comes to doing audits both internal and external. I take this stuff both seriously and personally, and when it becomes apparent that I have not performed to the same standard I hold others to, I am mortified.

That's why I developed this new QSIT-based schedule. I created it prior to the recent audits, but the cycle had just started. I am confident that as the audits progress, there will be more that comes to light, and more that needs to be fixed.

 

[Weiner Dog]

Glad that you have developed a QSIT-based audit approach.

My understanding is that internal audits typically should be quality system based. When required (such as through risk analysis), mini process audits should occur. This is how FDA does it. Why shouldn't US companies do the same? Why do some US companies base their internal audits against EU notified body requirements first?

 

[MIREGMGR]

Why do some US companies base their internal audits against EU notified body requirements first?

One reason might be that a US company certified to ISO 13485 and CE Mark is audited ~annually for those certifications, and much less frequently by FDA. We talk with FDA regularly, but they haven't been in to see us in almost eight years.

In addition, the Voluntary Audit Report Submission program is expected to get off the ground sometime soon, and it'll formally replace the QSIT1 process with US FDA recognition of the ISO 13485 audit process.

 

[jinggu]

That's how I find it to be. My current audit plan developed around FDA requirements were berated by ISO certification body. I figure a plan fulfilling EU or ISO requirements put you in a better position in face of FDA's inspections.

 

[SpeedRacer24]

This audit schedule looks quite good and very well thought out . Thanks MyronW for sharing this.

As a Quality Engineer one of my many responsibilities is to manage the Internal Audit program. My Manager has requested that we move to a QSIT style audit approach in 2014. I'm going to see if your schedule could be of help to me in this regards.

Now I just need a really good QSIT style internal audit checklist as a starting point for the auditors to go on. Can anyone here suggest where I might be able to find one? Please let me know, thanks.

 

[love02eat]

Our internal audit schedule had become an unwieldy nightmare for me. I am the only auditor, and the schedule was not process based, it was not logic based, it was not anything based. It was just a mess that I inherited, so I took it upon myself to make some sense of it.

Fortunately, I had just completed an audit cycle, and our system is in pretty good shape, so I didn't have any huge messes to clean up. I started looking at different ways to schedule the audits according to the standard: status, importance, results of previous audits, etc., and found that none of these criteria are useful for setting up a baseline schedule. That's why new folks stand around with that deer-in-the headlights look when they try to set up their first schedule. It doesn't make sense to set up a results-based schedule when you don't have any results to work with!

After much thought and work, I developed an annual internal audit schedule that is based on the FDA's QSIT Manual. I was careful to keep it as process-based as I could, although there is room for improvement. All of the ISO 13485:2003 elements are covered, but they are not sequential, nor are they intended to be.

Have a look, and let me know what you think. So far it's worked out quite well!

Myron

Love the the QSIT. How is this working for you since 2010. I was thinking of using this. But if you also have a updated version would love to see it. my story is similar like yours. we are also ISO13485:2003.


Many thanks
Rachel