Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither?


Quite Involved in Discussions
Can someone tell me which standard would be best to help us determine a good sampling plan for internal audits?

My manager mentioned the two standards in the title, but when I looked into them, each has a few different "sub-standards".

Any help would be most appreciated.



Quite Involved in Discussions
To create more consistency within our audits. A few customer's have pointed out that the sampling done isn't really robust enough. Some of our internal auditors only pull a couple samples and call it good.

So we are reviewing our Internal Audit procedure (we are ISO 13485 certified), and are defining the process for sampling internal audits.


Trusted Information Resource
As there is practically no one size fits all, you can gain some legitimacy by understanding and applying the binomial based plans of FDA's qsit inspection guide. This can fit the per sample item good vs not good audit claim under the normal conditions allowing you to make some statement concerning the larger population with some robustness.

What remains critical in this is the actual method of randomly selecting suitable items, keeping sample homogeneity in mind as well as knowing how to care about type 1/type 2 (false positive/ false negative) errors for your conclusion.

Do beware that, though not huge, they remain time consuming amounts of items to assess and depending on scope you might not manage. The correct way to proceed is to be aware of and communicate the lesser certainty. (Don't go for the generic "alas audit is sampling based, bladibla"; just nuance your conclusion or state inability to make an unambiguous one you dare to stand behind. )


Trusted Information Resource
If you are looking for how many DHRs, CAPAs, etc to examine, you could take a look at the FDA QSIT guide, this gives tables of how many samples to take based on binomial confidence levels.

Moderator Note: Edited to provide a link to the FDA QSIT guide.
Last edited by a moderator:

Bev D

Heretical Statistician
Super Moderator
Assuming the ‘things’ you are sampling are documents that provide objective evidence of compliance the use of Binomial or Poisson distributions for confidence intervals or to determine sample sizes to achieve a specific confidence level is fatally flawed. These sampling plans rely on the randomness of the ‘defect’ distribution. There are some who will advocate fro random sampling to overcome a lack of randomness in the distribution but this has only limited effect. The only non-compliance’s that are random are true (and usually trivial) mistakes. Systemic non-compliance is never random. This is why traditional sampling plans don’t work for audits. Well that and the fact that if the real defect rate is fairly low (as it should be to pass an audit) the sample size will be >100. So here’s the real question: Are you trying to find non-compliances or are you trying to prove that there are no important non-compliance’s?
Top Bottom