Medical Device: ISO 13485 Audit Requirements

ISO 13485:2016 is one of the most popular international standards that apply to medical device manufacturers and suppliers. Although using the standard is voluntary, the U.S. Food and Drug Administration (FDA) and its counterparts in Canada, Australia, Japan, and the European Union, encourage and expect medical device firms to adhere to the standards. ISO 13485 was updated in 2016 to address technological advances and regulatory changes. The standard covers quality management system essentials, as well as ISO 13485 audit requirements.

Watch Related Videos
Download Free Resources

ISO 13485 Audit Requirements and Management

Audit is a key factor that demonstrates compliance with regulatory and customer requirements. Under ISO 13485’s audit requirements, the management team carries the responsibility of making sure regular audits are performed as part of quality management. ISO 13485 auditors hold the management ream accountable for a firm’s quality policies and procedures. Management must provide adequate resources for conducting audits, review audit results, and provide leadership in fostering continuous quality improvement.

ISO 13485 Internal Audit

Medical device manufacturers and suppliers must perform ISO 13485 internal audits on a regular basis as a way to ensure device quality and safety. The ISO 13485 audit section recommends setting up an internal audit program, developing an internal audit procedure, solving problems discovered by audits, and verifying that problems have been solved. Here is a breakdown of ISO 13485 internal audit requirements:

  • Establish an internal audit procedure:
    An internal audit process is meant to assess the strength of an organization’s quality processes and uncover any weaknesses. A company’s quality policy should include a formal internal audit program with documentation and implementation components.

  • Plan the organization’s internal audit program:
    ISO audit requirements call for a formal audit process, which implies the need for a documented plan that can be shared throughout the organization.

  • Perform internal audits at planned intervals:
    ISO standards require regular internal audits. Most companies typically perform it on an annual or semi-annual basis, though the frequency should depend on the organization’s needs.

  • Keep a record of the audit plan and performance:
    The documentation aspect of an internal audit program should include policies, procedures, instructions, and records of audits that have been performed.

  • Implement correction of nonconformances and their causes:
    Corrective action and preventive action (CAPA) is a crucial aspect of ISO audit procedures. CAPA implementation should be formally documented and its records maintained.

  • Evaluate steps taken to resolve nonconformances:
    It’s not enough to correct nonconformances and other quality issues. CAPA also calls for measures to help mitigate and prevent future occurrences of the same quality issues.

Remedial Nature of ISO Audit Procedures

ISO audit procedures are part of what’s known in the standard as “remedial” processes. Remedial covers the process of gathering customer feedback, internal audits, and establishing a procedure for handling nonconforming products. To be effective, ISO audit procedures should integrate risk management best practices to help identify issues that could have broader implications of risks. Covering risk management in audit allows a more proactive and holistic approach to quality.

Why You Need ISO Audit Procedures

ISO standards and quality regulations require audit procedures for the following reasons:

  • To examine specific processes that are critical to product quality and safety.
  • To examine specific products or services for the purpose of evaluation and decision making.
  • To use as a tool for continuous quality improvement.
  • To help correct a deviation or nonconformance.
  • To mitigate any possible risks or quality issues.

How MasterControl Can Help You

MasterControl Quality Excellence (Qx) combines a cloud-based quality management system (QMS) with configurable products and platform functionality to automate and improve quality processes, including internal audit, throughout the lifecycle. Automating quality processes facilitates compliance, increases operational efficiency, promotes product quality, and accelerates time to market. MasterControl Qx connects each phase in the product development lifecycle with every department throughout the company to make it easier for every stakeholder to participate in quality processes.

MasterControl Qx includes MasterControl Audit™, a robust and easy-to-use solution designed to help medical device firms and suppliers comply with ISO 13485 audit requirements. It helps align the audit procedure to an organization’s business objectives and strengthen risk assessment throughout the enterprise. The solution is widely used for compliance with FDA, MHRA, EMA, and MHLW regulations, in addition to ISO standards.

Exceed ISO 13485 Auditors’ Expectations

Choose a software solution that exceeds the expectations of ISO 13485 auditors and trusted by regulators. Two divisions of the FDA use MasterControl as their quality management system. They use MasterControl to manage documents, training, change control, and other quality processes.

For more information about MasterControl solutions, contact a MasterControl representative today.