ISO 13485 2003

INTERNAL AUDIT PROGRAM

Our Audit Program is made up of five programs:

1. ISO 13485 Compliance Audit Program
2. ISO 13485 Policy Audit Program
3. ISO 13485 Procedures Audit Program
4. ISO 13485 Process Audit Program
5. ISO 13485 Records Audit Program

Each of these five programs will be discussed below.

We begin with a table of contents. It shows how we've organized our ISO 13485 Internal Audit Program. While the content of each program
is different, the following table shows that each one of our five audit
programs is organized in the same way.

ISO 13485 2003 INTERNAL AUDIT PROGRAM

4. Systemic Audit Questionnaire
5. Management Audit Questionnaire
6. Resource Audit Questionnaire
7. Realization Audit Questionnaire
8. Remedial Audit Questionnaire >>> SAMPLE

ISO 13485:2003 is based on the ISO 9001:2000 quality management standard. Both standards are organized in the same way and use basically the same numbering system. In addition, most of the ISO 13485 requirements are taken directly from ISO 9001 without modification. In order to distinguish between ISO 9001 and the new ISO 13485 requirements we use two different fonts and colors. A black font will be used to present ISO 9001 audit questions, while a blue font will be used to present audit questions that are unique to ISO 13485.

In general, our Compliance Audit Program asks two types of questions: questions that specify ISO 13485 mandatory quality management system requirements and questions that specify requirements that may be excluded or ignored under some circumstances. Questions that point to mandatory requirements allow two response options: YES or NO, while questions that specify requirements that may be excluded offer three response options: YES, NO, or N/A. An N/A response option is provided because you may exclude or ignore some requirements if you can justify doing so.

You can exclude ISO 13485 section 7 product realization requirements if you cannot apply them because of the nature of your organization and its products. Similarly, ISO 13485 says that you can exclude section 7 requirements if they are not applicable in your situation because of the nature of your medical devices.

You can also exclude subsection 7.3 design and development if official regulations allow you to do so and if you have made alternative arrangements that comply with these regulations. In addition, ISO 13485 occasionally uses the phrase “if appropriate” or “where appropriate”. When a requirement uses this phrase, you may ignore it if you can justify doing so. In all of these cases all three YES, NO, and N/A response options will be available.

YES answers mean you’re in compliance with the standard, NO answers mean you’re not in compliance, and N/A answers mean that a question is not applicable in your case. NO answers to Compliance Audit questions point to compliance problems (also known as nonconformities or noncompliances).

Once you’ve answered all the Compliance Audit Questions, you’re ready to summarize your audit, calculate compliance scores, draw general audit conclusions, and make and implement recommendations to address your compliance problems.

1. Management
2. Documentation
3. Usability
4. Training
5. Implementation
6. Changes

Start by selecting a policy that you want to audit. Then prepare your Policy Audit Profile. Before you begin answering policy audit questions, please record the name of this policy at the top of the Policy Audit questionnaire. This will help to maintain the focus of your audit.

Three response options are provided: YES, NO, and N/A. NO answers point to policy performance problems, YES answers identify positive areas, while
N/A responses identify questions that are not applicable in your situation.

Once you’ve answered all the audit questions, you’re ready to summarize your internal audit, calculate policy performance scores, draw general audit conclusions, and make and implement recommendations to address your policy performance problems.

1. Management
2. Documentation
3. Content
4. Compliance
5. Usability
6. Training
7. Control
8. Records
9. Changes

Start by selecting a procedure that you want to audit. Then prepare your Procedures Audit Profile. Define the scope of your audit, identify the participants, and prepare a brief audit plan.

Before you begin answering procedures audit questions, please record the name of this procedure at the top of the Audit questionnaire. This will help auditors to maintain the focus of their audit.

Three response options are provided: YES, NO, and N/A. NO answers point to procedural performance problems, YES answers identify positive areas, while N/A responses identify questions that are not applicable in your situation.

Once you’ve answered all the audit questions, you’re ready to summarize your audit, calculate procedural performance scores, draw general audit conclusions, and make and implement recommendations to address your procedural performance problems.

Our Process Audit covers the following topics:

1. Develop Process >>> SAMPLE PDF
   1. Organization
   2. Documents
   3. Outputs
   4. Inputs
   5. Information
   6. Monitoring
   7. Measurement
   8. Training
   9. Resources
2. Implement Process
   1. Management
   2. Competence
   3. Communication
   4. Infrastructure
   5. Records
3. Maintain Process
   1. Management
   2. Competence
   3. Information
   4. Communication
   5. Infrastructure
   6. Records
4. Control Process
   1. Management
   2. Outputs
   3. Inputs
   4. Monitoring
   5. Measurement
5. Evaluate Process
   1. Scope
   2. Focus
   3. Methods
6. Improve Process
   1. Information
   2. Methods
   3. Implementation
   4. Management

Clause 4.1 of ISO 13485 makes it clear that organizations must identify and manage the processes that make up their quality management systems. Therefore, the process approach is now a requirement.

The process approach is a management strategy. When managers use a process approach, it means that they manage the processes that make up their organization, the interaction between these processes, and the inputs and outputs that “glue” these processes together.

But, what’s a process, and what are inputs and outputs? Briefly put, a process uses inputs to generate outputs. Or, more precisely, a process is an integrated set of activities that uses resources to transform inputs into outputs. A system exists whenever several processes are interconnected using such input-output relationships.

Processes are interconnected because the output from one process becomes the input for another process. In effect, processes are “glued” together by means of such input-output relationships. And because the output of one process becomes the input of another process, inputs and outputs are really the same thing. In general, there are three basic types of inputs/outputs: products, services, and information.

Below you will find a list of some of the processes that can
be audited using our Audit Program:

1. Production process
2. Assembly process
3. Purchasing process
4. Design process
5. Delivery process
6. Marketing process
7. Management process
8. Manufacturing process
9. Service provision process
10. Communications process
11. Record keeping process
12. Document control process
13. Measurement process
14. Monitoring process
15. Planning process
16. Training process

Of course, this does not exhaust the list of possible processes that could be audited using our approach. Your organization’s processes will certainly include many more processes that we have failed to mention.

Start your audit by selecting a process. Then prepare your Process Audit Profile. Define the scope of your audit, prepare a brief audit plan, and identify the inputs that are used by this process and the outputs that are generated.

Before you begin answering process audit questions, please enter the name of your process at the top of the Process Audit questionnaire. Three response options are provided: YES, NO, and N/A. NO answers point to process performance problems, YES answers identify positive areas, while N/A responses identify questions that are not applicable in your situation.

Once you’ve answered all the audit questions, you’re ready to summarize your audit, calculate process performance scores, draw general audit conclusions, and make and implement recommendations to address your process performance problems.

1. Management
2. Initiation
3. Recording
4. Revisions
5. Access
6. Maintenance
7. Retention
8. Destruction
9. Reporting
10. Usability
11. Authenticity
12. Protection
13. Continuity
14. Training
15. Auditing
16. Compliance

Start by selecting a set of records. Our Audit Program can be used to audit virtually any type of record keeping system. Examples that you may wish to consider include the following: training records, design records, production records, service delivery records, measurement records, product traceability records, audit records, manufacturing records, management review records, and calibration records.

Once you’ve chosen which records to audit, you’re ready to prepare your Records Audit Profile. Specify the scope of your audit, its location, the participants, and prepare a brief audit plan.

Before you begin answering record keeping audit questions, please enter the name of the records being audited at the top of the audit questionnaire. This will help to ensure that the focus of the internal audit is maintained. Three response options are provided: YES, NO, and N/A. NO answers point to record keeping performance problems, YES answers identify positive areas, while N/A responses identify questions that are not applicable.

Once you’ve answered all the audit questions, you’re ready to summarize your audit, calculate record keeping performance scores, draw general audit conclusions, and make and implement recommendations to address your record keeping performance problems.

A. COMPLIANCE AUDIT PROGRAM

3. COMPLIANCE AUDIT QUESTIONS

8. REMEDIAL AUDIT QUESTIONS

8.5 TAKE REMEDIAL ACTION

8.5.1 MAINTAIN QUALITY MANAGEMENT SYSTEM

NOTES

N

If you would like to see the rest of this audit
 questionnaire, please consider purchasing the 
complete ISO 13485 2003 Internal Audit Program.

COPYRIGHT AUTHORIZATION

Now that you know what our internal audit
 program looks like, please consider purchasing
  Title 47: ISO 13485 2003 Internal Audit Program.
Check our Prices.  Place an Order.
  Contact Praxiom Research.

OTHER AUDIT TOOLS

Plain English Process Audit Program

ISO 9001 2000 Internal Audit Program

ISO 14001 2004 Internal Audit Program

ISO 22000 Food Safety Audit Program

ISO 27002 Information Security Audit Tool

NFPA 1600 Business Continuity Audit Program

Home Page

Introduction to ISO 13485 Quality System Standard for Medical Devices

Definitions for ISO 13485 Quality Standard for Medical Devices

Plain English Overview of ISO 13485 2003 Quality Standard

ISO 13485 2003 Standard Translated into Plain English

How to Develop an ISO 13485 Quality Management System

ISO 13485 2003 Gap Analysis Tool

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and developing this electronic publication. We make no representation or warranties with respect to accuracy or completeness of the contents of this publication and specifically disclaim any implied warranties or merchantability or fitness for any particular purpose and shall in no event be liable for any loss of profit or any other commercial damage, including but not limited to special, incidental, consequential, or other damages.