| Regulatory Requirement | Document Section |
|---|---|
| ISO 13485:2016 Section 8.2.4 | Entire Document |
Overview
This SOP outlines the procedure for conducting internal audits to assess compliance with regulatory standards. It is applicable for both internal and supplier audits.
| Process Owner | \ |
| Key Performance Indicators | \ |
1. General Considerations
1.1 Auditor Competency
Auditors responsible for conducting audits must be properly trained through external auditor courses and have prior experience in auditing.
1.2 Audit Principles
Auditors must adhere to the following principles:
- Integrity: Participants must present truthful information, maintain confidentiality regarding sensitive data, and conduct audits with thoroughness.
- Objectivity: Auditors should perform their duties impartially, free from bias or conflicts of interest related to the subject of their audit.
- Verifiability: Auditors are required to gather supporting evidence for their findings. Documentation should include audit plans, criteria, and detailed evidence to ensure that audit outcomes are reliable and can be understood later.
1.3 Classification of Audit Findings
Audit findings are categorized as follows:
Major Nonconformities (MNC+):
These are significant departures from regulatory standards indicating systemic issues within the organization’s QMS that impair its ability to produce intended outcomes. Examples include missing processes, repeated minor nonconformities for the same area, or failure to address the root cause of nonconformities.
Minor Nonconformities (MNC-):
These refer to isolated issues that do not indicate systemic problems with the QMS or processes. The overall ability to maintain controlled and compliant processes remains intact. Examples include individual incidents such as mislabeled documents or missing review documentation.
Recommendations (REC):
These are suggestions provided by auditors to enhance the effectiveness or efficiency of the QMS.
2. Process Steps
2.1 Development or Update of the Audit Program
Audits should focus on the organization’s QMS processes. The QMO is responsible for maintaining an ongoing audit program that ensures:
- Annual audits of core processes as outlined in the quality manual.
- More frequent audits of processes with higher compliance risks, as identified through previous audit findings, CAPAs, or QMS changes.
| Participants | QMO |
| Input | Previous audit findings, CAPAs, QMS updates |
| Output | Revised or new audit program |
2.2 Performing Audits
Audits are scheduled by individual auditors, with coordination support from the QMO. As the audit date approaches, the QMO notifies relevant staff to confirm their availability for potential questions. The QMO and auditor collaborate to create an audit plan that defines the audit’s scope, objectives, and participants.
Audit objectives might include verifying regulatory compliance, assessing process adherence, and reviewing the implementation of corrective and preventive actions (CAPAs).
Audits involve reviewing process records and conducting interviews with relevant personnel. Findings, observations, and evidence are documented in an audit report.
| Participants | Auditor, QMO |
| Input | Audit program, QMS records and documentation |
| Output | Audit plan (prior to the audit) and audit report (post-audit) |
2.3 Follow-Up on Audit Findings
For major nonconformities identified during an audit, a CAPA is initiated. The QMO presents audit results to the Management during the next Management Review.
| Participants | QMO |
| Input | Audit report |
| Output | CAPA documentation |