ISO 13485 2003

INTERNAL AUDIT PROGRAM

 

ISO 13485 Audit

Introduction to ISO 13485 Audit Program

Our Audit Program is made up of five programs:

  1. ISO 13485 Compliance Audit Program
  2. ISO 13485 Policy Audit Program
  3. ISO 13485 Procedures Audit Program
  4. ISO 13485 Process Audit Program
  5. ISO 13485 Records Audit Program

Each of these five programs will be discussed below.

We begin with a table of contents. It shows how we've organized our
ISO 13485 Internal Audit Program. While the content of each program
is different, the following table shows that each one of our five audit
programs is organized in the same way.

This web page will introduce our ISO 13485 2003 Internal Audit Program.
However, it will not present the complete program. Instead, it will show you
how our Audit Program is organized and it will explain how it works. Once
you've examined our approach, we hope you'll consider purchasing
our complete ISO 13485 2003 Internal Audit Program.

Our ISO 13485 Internal Audit Program (Title 47) is 189 pages
long, and is available in both pdf and MS doc file formats.

ISO 13485 2003 INTERNAL AUDIT PROGRAM

TABLE OF CONTENTS
PART INTRODUCTION PAGE
1 Introduction to ISO 13485 2
2 Introduction to Audit Program 4
A ISO 13485 COMPLIANCE AUDIT PROGRAM 13
1 Compliance Audit Procedure 13
2 Compliance Audit Profile 14
3 Compliance Audit Questions SAMPLE
HTML
4 Compliance Audit Scores 89
5 Compliance Audit Summary 90
6 Compliance Audit Conclusions 91
7 Compliance Audit Recommendations 92
8 Compliance Audit Implementation Record 93
B ISO 13485 POLICY AUDIT PROGRAM 94
1 Policy Audit Procedure 94
2 Policy Audit Profile 95
3 Policy Audit Questions 96
4 Policy Audit Scores 99
5 Policy Audit Summary 101
6 Policy Audit Conclusions 102
7 Policy Audit Recommendations 103
8 Policy Audit Implementation Record 104
C ISO 13485 PROCEDURES AUDIT PROGRAM 105
1 Procedures Audit Procedure 105
2 Procedures Audit Profile 106
3 Procedures Audit Questions 107
4 Procedures Audit Scores 113
5 Procedures Audit Summary 115
6 Procedures Audit Conclusions 116
7 Procedures Audit Recommendations 117
8 Procedures Audit Implementation Record 118
D ISO 13485 PROCESS AUDIT PROGRAM 119
1 Process Audit Procedure 119
2 Process Audit Profile 120
3 Process Audit Questions SAMPLE PDF
4 Process Audit Scores 164
5 Process Audit Summary 166
6 Process Audit Conclusions 167
7 Process Audit Recommendations 168
8 Process Audit Implementation Record 169
E ISO 13485 RECORDS AUDIT PROGRAM 170
1 Records Audit Procedure 170
2 Records Audit Profile 171
3 Records Audit Questions 172
4 Records Audit Scores 180
5 Records Audit Summary 182
6 Records Audit Conclusions 183
7 Records Audit Recommendations 184
8 Records Audit Implementation Record 185
F ADMINISTRATIVE INFORMATION 186
MAY 2007 COPYRIGHT Ó 2007 BY PRAXIOM RESEARCH GROUP LIMITED  VER 1.0

Compliance Audit Program

Overview of Compliance Audit Program
Our Compliance Audit Program uses questions to list the ISO 13485 quality
management system requirements. Like ISO’s five sets of requirements, our
Audit Program consists of five separate questionnaires (which start with the
number 4 because ISO’s requirements start in section 4):
  1. Systemic Audit Questionnaire
  2. Management Audit Questionnaire
  3. Resource Audit Questionnaire
  4. Realization Audit Questionnaire
  5. Remedial Audit Questionnaire >>> SAMPLE

ISO 13485:2003 is based on the ISO 9001:2000 quality management
standard. Both standards are organized in the same way and use basically
the same numbering system. In addition, most of the ISO 13485 requirements
are taken directly from ISO 9001 without modification. In order to distinguish
between ISO 9001 and the new ISO 13485 requirements we use two different
fonts and colors. A black font will be used to present ISO 9001 audit
questions, while a blue font will be used to present audit questions
that are unique to ISO 13485
.

In general, our Compliance Audit Program asks two types of questions:
questions that specify ISO 13485 mandatory quality management system
requirements and questions that specify requirements that may be excluded
or ignored under some circumstances. Questions that point to mandatory
requirements allow two response options: YES or NO, while questions that
specify requirements that may be excluded offer three response options:
YES, NO, or N/A. An N/A response option is provided because you may
exclude or ignore some requirements if you can justify doing so.

You can exclude ISO 13485 section 7 product realization requirements
if you cannot apply them because of the nature of your organization and
its products. Similarly, ISO 13485 says that you can exclude section 7
requirements if they are not applicable in your situation because of
the nature of your medical devices.

You can also exclude subsection 7.3 design and development if
official regulations allow you to do so and if you have made alternative
arrangements that comply with these regulations. In addition, ISO 13485
occasionally uses the phrase “if appropriate” or “where appropriate”.
When a requirement uses this phrase, you may ignore it if you can
justify doing so. In all of these cases all three YES, NO, and N/A
response options will be available.

YES answers mean you’re in compliance with the standard, NO answers
mean you’re not in compliance, and N/A answers mean that a question is
not applicable in your case. NO answers to Compliance Audit questions
point to compliance problems (also known as nonconformities or
noncompliances).

Once you’ve answered all the Compliance Audit Questions, you’re ready
to summarize your audit, calculate compliance scores, draw general audit
conclusions, and make and implement recommendations to address your
compliance problems.

Policy Audit Program

Overview of Policy Audit Program
Our Policy Audit covers the following topics:
  1. Management
  2. Documentation
  3. Usability
  4. Training
  5. Implementation
  6. Changes

Start by selecting a policy that you want to audit. Then prepare your Policy
Audit Profile. Before you begin answering policy audit questions, please
record the name of this policy at the top of the Policy Audit questionnaire.
This will help to maintain the focus of your audit.

Three response options are provided: YES, NO, and N/A. NO answers point
to policy performance problems, YES answers identify positive areas, while
N/A responses identify questions that are not applicable in your situation.

Once you’ve answered all the audit questions, you’re ready to summarize
your internal audit, calculate policy performance scores, draw general audit
conclusions, and make and implement recommendations to address your
policy performance problems.

Procedures Audit Program

Overview of Procedures Audit Program
Our Procedures Audit covers the following topics:
  1. Management
  2. Documentation
  3. Content
  4. Compliance
  5. Usability
  6. Training
  7. Control
  8. Records
  9. Changes

Start by selecting a procedure that you want to audit. Then prepare
your Procedures Audit Profile. Define the scope of your audit, identify
the participants, and prepare a brief audit plan.

Before you begin answering procedures audit questions, please record
the name of this procedure at the top of the Audit questionnaire. This
will help auditors to maintain the focus of their audit.

Three response options are provided: YES, NO, and N/A. NO answers point
to procedural performance problems, YES answers identify positive areas,
while N/A responses identify questions that are not applicable in your
situation.

Once you’ve answered all the audit questions, you’re ready to summarize
your audit, calculate procedural performance scores, draw general audit
conclusions, and make and implement recommendations to address your
procedural performance problems.

Process Audit Program

Overview of Process Audit Program

Our Process Audit covers the following topics:

  1. Develop Process >>> SAMPLE PDF
    1. Organization
    2. Documents
    3. Outputs
    4. Inputs
    5. Information
    6. Monitoring
    7. Measurement
    8. Training
    9. Resources
  2. Implement Process
    1. Management
    2. Competence
    3. Communication
    4. Infrastructure
    5. Records
  3. Maintain Process
    1. Management
    2. Competence
    3. Information
    4. Communication
    5. Infrastructure
    6. Records
  4. Control Process
    1. Management
    2. Outputs
    3. Inputs
    4. Monitoring
    5. Measurement
  5. Evaluate Process
    1. Scope
    2. Focus
    3. Methods
  6. Improve Process
    1. Information
    2. Methods
    3. Implementation
    4. Management

Clause 4.1 of ISO 13485 makes it clear that organizations must identify
and manage the processes that make up their quality management
systems. Therefore, the process approach is now a requirement.

The process approach is a management strategy. When managers use a
process approach, it means that they manage the processes that make up
their organization, the interaction between these processes, and the inputs
and outputs that “glue” these processes together.

But, what’s a process, and what are inputs and outputs? Briefly put, a
process uses inputs to generate outputs. Or, more precisely, a process is
an integrated set of activities that uses resources to transform inputs into
outputs. A system exists whenever several processes are interconnected
using such input-output relationships.

Processes are interconnected because the output from one process
becomes the input for another process. In effect, processes are “glued”
together by means of such input-output relationships. And because the
output of one process becomes the input of another process, inputs and
outputs are really the same thing. In general, there are three basic types
of inputs/outputs: products, services, and information.

Below you will find a list of some of the processes that can
be audited using our Audit Program:

  1. Production process
  2. Assembly process
  3. Purchasing process
  4. Design process
  5. Delivery process
  6. Marketing process
  7. Management process
  8. Manufacturing process
  9. Service provision process
  10. Communications process
  11. Record keeping process
  12. Document control process
  13. Measurement process
  14. Monitoring process
  15. Planning process
  16. Training process

Of course, this does not exhaust the list of possible processes that could
be audited using our approach. Your organization’s processes will certainly
include many more processes that we have failed to mention.

Start your audit by selecting a process. Then prepare your Process Audit
Profile. Define the scope of your audit, prepare a brief audit plan, and identify
the inputs that are used by this process and the outputs that are generated.

Before you begin answering process audit questions, please enter
the name of your process at the top of the Process Audit questionnaire.
Three response options are provided: YES, NO, and N/A. NO answers
point to process performance problems, YES answers identify positive
areas, while N/A responses identify questions that are not applicable
in your situation.

Once you’ve answered all the audit questions, you’re ready to summarize
your audit, calculate process performance scores, draw general audit
conclusions, and make and implement recommendations to address
your process performance problems.

Records Audit Program

Overview of Records Audit Program
Our Records Audit Program is partly based on the ISO 15489-1
records management standard and covers the following topics:
  1. Management
  2. Initiation
  3. Recording
  4. Revisions
  5. Access
  6. Maintenance
  7. Retention
  8. Destruction
  9. Reporting
  10. Usability
  11. Authenticity
  12. Protection
  13. Continuity
  14. Training
  15. Auditing
  16. Compliance

Start by selecting a set of records. Our Audit Program can be used to audit
virtually any type of record keeping system. Examples that you may wish to
consider include the following: training records, design records, production
records, service delivery records, measurement records, product traceability
records, audit records, manufacturing records, management review records,
and calibration records.

Once you’ve chosen which records to audit, you’re ready to prepare your
Records Audit Profile. Specify the scope of your audit, its location, the
participants, and prepare a brief audit plan.

Before you begin answering record keeping audit questions, please enter
the name of the records being audited at the top of the audit questionnaire.
This will help to ensure that the focus of the internal audit is maintained.
Three response options are provided: YES, NO, and N/A. NO answers
point to record keeping performance problems, YES answers identify
positive areas, while N/A responses identify questions that are not
applicable.

Once you’ve answered all the audit questions, you’re ready to summarize
your audit, calculate record keeping performance scores, draw general audit
conclusions, and make and implement recommendations to address your
record keeping performance problems.

Praxiom

SAMPLE AUDIT QUESTIONS

A. COMPLIANCE AUDIT PROGRAM

3. COMPLIANCE AUDIT QUESTIONS

8. REMEDIAL AUDIT QUESTIONS

8.5 TAKE REMEDIAL ACTION

8.5.1 MAINTAIN QUALITY MANAGEMENT SYSTEM

NOTES

N

164 Do you maintain the effectiveness of
your quality management system?
YES NO    
165 Do you maintain the suitability of
your quality management system?
YES NO    
166 Do you use your quality data to maintain
the effectiveness and suitability of your
quality management system?
YES NO    
167 Do you use your quality policy to maintain
the effectiveness and suitability of your
quality management system?
YES NO    
168 Do you use your quality objectives to
maintain the effectiveness and suitability
of your quality management system?
YES NO    
169 Do you use your quality audits to maintain
the effectiveness and suitability of your
quality management system?
YES NO    
170 Do you use your management reviews to
maintain the effectiveness and suitability
of your quality management system?
YES NO    
171 Do you use your corrective actions to
maintain the effectiveness and suitability
of your quality management system?
YES NO    
172 Do you use your preventive actions to
maintain the effectiveness and suitability
of your quality management system?
YES NO    
173 Have you established procedures that you
can use to implement advisory notices?
YES NO    
174 Have you documented your
advisory notice procedures?
YES NO    
175 Do you use your procedures whenever
an advisory notice must be issued?
YES NO    
176 Do you maintain your organization's
advisory notice procedures?
YES NO    
177 Do you maintain a record of your
customer complaint investigations?
YES NO    
178 Do you exchange information with
external organizations whenever an
investigation shows that the activities
of those organizations have contributed
to the receipt of a customer complaint?
YES NO    
179 Do you formally authorize decisions not
to take corrective or preventive actions
in response to customer complaints?
YES NO    
180 Do you record all decisions not to
take corrective or preventive actions
in response to customer complaints?
YES NO    
181 Do you record why you chose not to
take corrective or preventive actions
in response to a customer complaint?
YES NO    
182 Have you established procedures to notify
regulatory authorities about adverse events
if national or regional regulations require
special reporting rules to be followed?
YES NO N/A    
183 Have you documented your
notification procedures?
YES NO N/A    
184 Do you use your notification procedures
whenever adverse events must be
reported to regulatory authorities?
YES NO N/A    
185 Do you maintain your
notification procedures?
YES NO N/A    
  Etcetera ...          

Praxiom Research

ISO 13485 Audit Program

Now that you know what our internal audit
 program looks like, please consider purchasing
  Title 47: ISO 13485 2003 Internal Audit Program.

Check our PricesPlace an Order.
Check our License Agreement.

If you purchase our ISO 13485 2003 Audit Program, you'll find
that it's integrated, detailed, exhaustive, and easy to understand.
You'll find that we've worked hard to create a high quality
product. In fact, we
guarantee the quality!

Praxiom Research

OTHER ISO 13485 WEB PAGES

Introduction to ISO 13485 Quality System Standard for Medical Devices

Definitions for ISO 13485 Quality Standard for Medical Devices

Plain English Overview of ISO 13485 2003 Quality Standard

ISO 13485 2003 Standard Translated into Plain English

How to Develop an ISO 13485 Quality Management System

ISO 13485 2003 Gap Analysis Tool

OTHER AUDIT TOOLS

Plain English Process Audit Program

ISO 9001 2008 Internal Audit Program

ISO 14001 2004 Internal Audit Program

ISO 22000 2005 Food Safety Audit Program

ISO 27002 2005 Information Security Audit Tool

NFPA 1600 2007 Business Continuity Audit Program


Home Page Our Libraries A to Z Index Our Customers
How to Order Our Products Our Prices Our Guarantee

PRAXIOM RESEARCH GROUP LIMITED
9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada
Telephone: (780)461-4514
info@praxiom.com

Updated on October 20, 2008. On the Web since May 25, 1997.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
  developing this electronic publication. We make no representation or warranties
  with respect to accuracy or completeness of the contents of this publication and
  specifically disclaim any implied warranties or merchantability or fitness for any
  particular purpose and shall in no event be liable for any loss of profit or any
  other commercial damage, including but not limited to special, incidental,
  consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies, or to copy and paste
 any of our material onto another web site.  If you would like to purchase our
 material, please contact our Sales Desk. Our staff would be very pleased to
 take your order or to answer any questions you might have.

ISO 13485 Audit Program by Praxiom Research Group Limited