Ultimate Internal Audit Checklist: FDA QSR & ISO 13485 Audit Checklist

The Ultimate Internal Audit Checklist Every Medical Device Company Needs

Request a Demo

It was nothing more than a checklist that saved $175 million and 1,500 lives.

Professional surgeon and public health researcher Atul Gawande reported, in a now-famous article for The New Yorker, that the simple act of requiring doctors to use checklists as they did their rounds helped one hospital system drop its quarterly infection rate to zero. Hospitals across the region saved millions of dollars and thousands of lives, all because of a simple checklist.

The lesson here applies across industries, particularly for the medical device industry. If you want your product and processes to be efficient, effective, and accurate, the checklist is the tool to use.

There are few times when efficiency, effectiveness, and accuracy are more important than during your internal audits. FDA and ISO require medical device companies to conduct internal audits although the quality of these audits can vary widely.

This guide will provide the ultimate internal audit checklist you can begin using today to ensure every system, process, and operation associated with your device is performing at its best.

Review FDA and ISO standards

Internal audits are not a “nice to have” procedure. Both FDA and ISO require manufacturers to conduct regular internal audits. Before we continue, let’s review the language each uses.

Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action(s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and re-audits shall be documented.

In other words, manufacturers must conduct quality audits to ensure compliance. Internal auditors have to be objective and initiate corrective actions as necessary. Of course, all this needs to be documented and made available to the necessary stakeholders, too.

The organization shall conduct internal audits at planned intervals to determine whether the quality management system: a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements; b) is effectively implemented and maintained.

In other words, ISO, too, requires organizations to conduct internal audits. The goal, similar to FDA, is to determine compliance to ISO requirements and effective implementation of QMS best practices.

The quality management system standard for medical devices goes on to say that the audit program must take “into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits” and requires companies to define and record the “audit criteria, scope, interval and methods.”

Without defining things like criteria, scope, interval, and methods—as ISO 13485:2016 outlines—the internal audit process can quickly go haywire.

We worked with one company that included an annual internal audit in their SOPs but realized on month eleven that they hadn’t followed their own requirement. They had to scramble and hire an external consultant who could only make judgments from afar. The company learned nothing and gained little more than a check mark from the audit.

You can do better.

Determine the scope of your internal audits

Determining the scope of your internal audit will give it the best chance of success. With a plan in mind, you can turn internal audits—something most quality managers lose sleep over—into an opportunity for company-wide improvement.

The scope of your internal audit is a combination of your timeline and your checklist. Your timeline determines when you perform internal audits, and the checklist determines what you do during those audits.

The timeline for your internal audits will vary depending on several factors. A modern QMS solution like Greenlight Guru with specific audit management workflows can expedite the overall audit prep time and improve audit outcomes.

greenlight-guru-audit-prep-vs-traditional-systems

Your internal audit timeline will also vary based on the markets your device is entering. Different regulations will apply, and different timing will be necessary.

ISO audits, for instance, usually occur before your device enters a market. It’s best to do your internal audits as early as possible so you can heed off ISO audits. FDA inspections occur after a device passes the review process and is ready for market launch. Conduct internal audits as you prepare your device submissions to FDA so you’re ready in the event of an FDA inspection.

The checklist for your internal audits will ensure that your internal audits are comprehensive—not so short that they miss things and not so long that they become burdensome.

Separate your checklist by section, and make sure that each item complies with its applicable regulation. Verify the standard during the audit, including listing procedures and their associated records.

The goal of an external auditor isn’t to focus individual requirements; it is to determine the overall effectiveness of your QMS. As such, you should ensure that during your internal audit, you don’t lose the forest for the trees.

Write your internal audit checklist from the perspective of an external auditor. Be stricter than the auditor and you’ll pass easily when the actual external auditor comes.

Management

The management section of your internal audit checklist is meant to verify that management reviews are being held in an effort to support and maintain an effective QMS.