Different types of ISO 13485 Audits
What are the different ISO 13485:2016 Audits?
The two main ISO 13485:2016 audit types are internal and external audits. Audits are a key component of ISO 13485:2016. To become certified, you must have internal audits and pass a 2-stage formal audit conducted by an external party to become ISO 13485:2016 certified.
ISO 13485:2016 is mentioned in the harmonised European Standards (hENs)'s list. Medical Manufacturers and other companies in the same industry can follow this standard to ensure complete compliance with EU MDR and other regulations. Of course, an ISO 13485:2016 certificate doesn't necessarily mean that you can sell your product in the market, as there are many more factors around commercialising a Medical product.
ISO 13485:2016 is a Quality Management System that enables companies to demonstrate quality compliance within their manufacturing processes. In this blog, you will learn more about the different types of ISO 13485:2016 Audits, and how they are executed.
There are 3 ways to conduct an audit –
- On-site audits are performed in ‘whole’ days. The number of days needed for an audit depends on several factors including size, complexity, risk and nature of an organisation. The International Accreditation Forum (IAF) has provided guidelines for Regulators to calculate audit time.
- Remote audits may be performed via web meetings, teleconferencing or electronic verification of processes. Remote audits are less common and typically not as effective as on-site audits. Remote audits did prove invaluable, however, during the COVID-19 Pandemic.
- Self-audits do not always mean an internal audit. A self-audit can be requested of your customer to eliminate the need for them to use their resources and still offer some assurance that you are meeting requirements.
Different types of Audits for ISO 13485:2016
There are 2 types of Audits
- - Internal Audits
- - External Audits followed by the Certification Audit
Internal audits are audits that are performed by your organisation and are a self-examination of your organisation's QMS, performed on-site. These audits are beneficial for preparing your internal team members for the main Audit and will demonstrate ongoing monitoring and continual improvement of your QMS. Internal audits are an ISO 13485:2016 requirement, and they are critical to the success of your QMS.
Internal audits will be used to
- - assess conformity,
- - evaluate effectiveness and
- - identify opportunities for improvement.
When you perform an internal audit, you will be able to compare your quality management system to the requirements and understand if there are any non-conformances.
External audits include customer, supplier, certification and surveillance. A customer audit is where an existing or potential customer audits your organisation to verify you can, or are, meeting their requirements. If you are auditing an existing or potential supplier, we consider this to be a ‘supplier audit’. Supplier audits can be one of the methods used to meet the requirements around the control of external providers.
A certification audit is an Audit your selected Notified Bod,y or Approved Body, will conduct to verify conformance against the ISO 13485:2016 standard before they issue your official ISO 13485:2016 certificate.
Certification audits are conducted in 2 stages:
Stage one is performed to determine an organisation's readiness for stage two of the Audit. Stage one is often conducted remotely to avoid the additional cost of travel. If the auditor determines you meet the minimum criteria for the stage one audit, your organisation will proceed with the stage two Audit.
Stage two will always be on-site. This is where the auditor will interview your staff and review your documented information (procedures, records, etc.) to verify you are meeting all the ISO 13485:2016 requirements applicable to your Economic Operator role . Certification audits are typically conducted every three years.
After certification, your appointed Notified Body (or Approved Body) will monitor you periodically using surveillance audits to verify you are still upholding your QMS and the ISO requirements. Surveillance audits are conducted annually and are very much like certification audits, with the exception that they are not issuing or re-issuing a certificate.
Lack of preparation or a wrong step during an Audit can push you miles off course from being ISO 13485:2016 certified!
Make sure you are fully prepared and can pass all your audits ‘first time’ by arranging a consultation with one of our specialist RAQA Advisers. Book a FREE 30 Minute One-2-One call with one of our RAQA Advisers by sending an email to: firstname.lastname@example.org or on our Calendly page – BOOK NOW