ISO 13485:2016 specifies necessities for a quality management system where an organization wants to prove its capability to deliver medical devices and related services that constantly meet consumer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, with design and development, production, storage and supply, installation, or servicing of a medical device and design and development or provision of associated activities. ISO 13485:2016 can also be used by suppliers or external parties that deliver product, including quality management system-related services to such organizations.
The ISO 13485 internal audit process as one more essential evil
required for ISO 13485 certification
and maintenance. Some think of it as a waste of time, simply duplicating the
work of the certification body; others see it as a witch hunt, looking for
mistakes, or searching for someone to blame or discipline. In truth, the
internal audit is neither of these things, these are certainly not the intent.
Steps to Follow During ISO 13485
Audit
The purpose of the internal audit
is to inspect processes more closely and try to identify areas for improvement.
As a process owner, it can be very helpful to step away for a moment and permit
a second set of eyes to look for opportunities that may have missed. The purpose
is not to criticize, but rather to find ways to streamline processes so that
they work more efficiently. So, here are the five key steps in the internal
audit process, with tips for how to best use this process to the advantage of
company.
· Plan and announce the ISO 13485 audit
schedule: The audit is not about surprising people so “catch them in the
act” of doing something wrong. When do that, top management sends a clear message
that they don’t trust their employees, and in turn, employees may try to
protect themselves by hiding data or giving false information. So, with this in
mind, it is significant to set up a clear audit schedule, and make sure that everybody
knows when each process will be audited – even if it’s just a rough guideline
to start. The ISO 13485 Audit shows an assurance from management to supporting
employees in their efforts to improve their processes. It also permits those in
charge of a process to finish up any improvements they are currently working
on, so they can get a clear view of the influence of those changes, and also process
owners may wish to make special requests for the auditor to look for particular
information associated to other planned improvements.
· Plan the individual process audits: Now
that everybody has an idea of when to expect an ISO 13485 audit, need to plan
and schedule the audits of each individual process. This permits both auditor
and auditee to find a time that works for each, and a timeline that is
comfortable. This is also a good time to go over previous ISO 13485 audit checklist
reports to determine what follow-up might be required, and to talk about any
areas that either party would like to pay extra attention to. Taking the time
to plan the audit well is the best way to make sure that both the company and
the process owner will advantage from the audit process.
· Conduct the ISO 13485 audit: To begin,
the auditor and process owner should meet to discuss the audit plan, and make sure
it is complete and ready to go. Then, the auditor can go to work gathering the
evidence they want to determine whether the process is functioning as it
should, according to the Quality Management System for Medical devices, and if
it is producing the desired results. This information can be assembled through analyzing
key process data, reviewing records, talking with employees, or observing the
process itself. During the process, it is appreciated if the ISO 13485 auditor
can point out any areas that do not have sufficient evidence that they are
functioning as expected, or any areas they notice that could be enhanced.
· Report on the audit: The ISO 13485 audit
is complete, then the auditor should hold a closing meeting with the process
owner to communicate any findings right away, such as any faintness in the
process, any particularly positive observations, or any areas that are
functioning as expected, but that could be better. A written report should be
provided as documentation.
· Improvements: Of course, just like any
other part of the QMS in medical device manufacturers, improvements are key to
a successful audit. If problems were found, and corrective actions taken, it is
critical to follow up and assure that the problems were truly addressed. If
improvement projects were implemented based on opportunities found during the
audit, then assembly data to see just how much the process has enhanced will
motivate employees and management to look for more opportunities for
improvement.
The internal audit as a necessary evil for maintaining compliance in the organization, a management or quality personnel can use the ISO 13485 internal auditor training as a way to understand, monitor and improve upon company’s processes. As ISO 13485 places heavy emphasis on process improvement within the Quality Management System, this should be a key motivator for company, not to mention the other benefits that go along with improvement, like enhanced efficiency in terms of costs and time. Allow internal audit to bring value to QMS, and to company.
