Professional Documents
Culture Documents
Medical Devcie
Medical Devcie
Audit #:
Dates:
Lead Auditor: PP = Positive Practice
A = Acceptable
Objecti ve NC, OFI, PP,
Item Subsystem / Assessment Detail FDA / ISO reference Auditor Notes Auditor Observation Evidence or A?
Management Controls (main subsystem)
confirm manag ement reviews examine suitability and ISO 13485:2003: 4.1(f ), 5.6.1, 5.6.3, 6.1, 8.4
effectiveness of quality systems, improvements needed ISO 13485:2016: 4.1.3(c), 5.6.1, 5.6.3, 6.1, 8.4;
4 because of customer requirements, and resource needs 21 CFR 820.20(c) review procedure
AT AUDIT CONCLUSION . . .
Determine if executive management ensures adequate interview executive management;
and effectiv e quality system is implemented. Ensure provide confirmation or failures of
management is committed to and communicates quality sy stem;
importance of meeti ng customer requirements, ISO 13485:2003: 5.1(a), 5.2, 5.5.3 review other subsystems and
19 regulatory requirements, and QMS. ISO 13485:2016: 5.1(a), 5.2, 5.5.3 return to management controls
Design & Development / Design Controls (main subsystem)
ISO 13485:2003: 7.1, 7.3
ISO 13485:2016: 7.1, 7.3; review procedure;
1 verify products are subject to design controls 21 CFR 820.30(a) review products
ISO 13485:2003: 7.3
verify design control and risk management proc edures are ISO 13485:2016: 7.3; ensure procedures address all
2 established and applied 21 CFR 820.30(a) - (j) design control elements
selection criteria:
-contains softw are
-single produc t focus
-risk based
-result of complaints, problems
-most recent
-cover produc t range
4 select a design project -recent 510(k), PM A, CE mark
review procedure;
assess plan's
-milestones
-phases
ISO 13485:2003: 7.3.1 -responsibilities
review the project design & development plan, ISO 13485:2016: 7.3.2; -risk management
5 responsibilities, and interfaces 21 CFR 820.30(b) -interfaces
ISO 13485:2003: 7.3.1
verify design & development plan is updated, reviewed, ISO 13485:2016: 7.3.2; review plan revisions;
6 and approv ed 21 CFR 820.30(b) review and approval procedures
review procedure;
ensure requirements address
-intended use
-functional, performance, and
confirm design input requirements were established, safety requirements
reviewed, and approved; ensure customer requirements -applicable statutory and regulatory
are captured; ensure inputs include functional, ISO 13485:2003: 7.2.1, 7.3.2 requirements
performance, safety, and statutory and regulatory ISO 13485:2016: 7.2.1, 7.3.3; -user and patient needs
7 requirements 21 CFR 820.30(c) -other essential requirements
ISO 13485:2003: 7.3.2
incomplete, ambiguous, and/or conflicting requirements ISO 13485:2016: 7.3.3; review procedure;
8 were addressed 21 CFR 820.30(c) review resolutions
review procedure;
ISO 13485:2003: 7.3.3(a), (c) review drawings, specifications,
confirm design & dev elopment outputs are established, ISO 13485:2016: 7.3.4(a), (c) ; labeling, packaging, work
9 verifiable, rev iewed, and approved 21 CFR 820.30(d) instructions, IFUs
ISO 13485:2003: 7.3.3(b)
ensure desig n & development outputs are appropriate for ISO 13485:2016: 7.3.4(b);
10 purchasing , production, and servicing 21 CFR 820.30(d) review procedure;
review procedure;
ISO 13485:2003: 7.3.3(d) review drawings, specifications,
ISO 13485:2016: 7.3.4(d); labeling, packaging, work
11 verify essential design & development outputs are identified 21 CFR 820.30(d) instructions, IFUs
review procedure;
review drawings, specifications,
confirm acceptance criteria is referenced by design & ISO 13485:2003: 7.3.3(c), 7.3.5 labeling, packaging, work
development outputs and was defined prior to design ISO 13485:2016: 7.3.4(c), 7.3.6; instructions, IFUs;
12 verification and desig n validation activities 21 CFR 820.30(d) & (f ) review verification activities
ISO 13485:2003: 7.3.5
determine if desig n verification confirmed design outputs ISO 13485:2016: 7.3.6; review procedure;
13 met design input requirements 21 CFR 820.30(f) review verification activities
ISO 13485:2003: 7.3.6
confirm design validation results prove dev ice met ISO 13485:2016: 7.3.7; review procedure;
14 predetermined user needs and intended uses 21 CFR 820.30(g) review validation activities
ISO 13485:2003: 7.3.6
confirm design validation did not leave unresolved ISO 13485:2016: 7.3.7; assess design and specification
15 discrepancies 21 CFR 820.30(g) changes
if required by national or regional regulations, confirm ISO 13485:2003: 7.3.6
clinical evaluations and/or evaluation of device ISO 13485:2016: 7.3.7; review procedure;
16 performance were performed 21 CFR 820.30(g) review evaluation data
review procedures;
ensure that procedures for rework, retesting, and re- ISO 13485:2003: 8.3, 8.5 review DHRs (of nonconforming
evaluation of nonconforming product exist and are ISO 13485:2016: 8.3, 8.5; products)
4 followed 21 CFR 820.90(b)(2)
review procedures;
ISO 13485:2003: 8.1, 8.2.3, 8.4, 8.5 review records of incoming
determine if trend analysis data indicates quality ISO 13485:2016: 8.1, 8.2.5, 8.4, 8.5; products, components, testing, S PC
6 problems; determine if data used for CAPA decisions 21 CFR 820.100( a)(1), 820.250 data
verify CAPAs and nonconformities were disseminated to ISO 13485:2003: 8.3, 8.5
personnel responsible for ensuring quality and prevention ISO 13485:2016: 8.3, 8.5; review CAPA and non-conformance
14 of problems 21 CFR 820.100( a)(6) records
ISO 13485:2003: 5.6.3, 8.3, 8.5
verify quality issues and CAPAs were disseminated for ISO 13485:2016: 5.6.3, 8.3, 8.5; review procedure;
15 Manag ement Review 21 CFR 820.100( a)(6), 820.100( a)(7) review CAPA records
verify firm has procedures for handling complaints and ISO 13485:2003: 7.2.3, 8.2.1
investig ation of advisory notic es / recalls; ensure ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3;
16 provisions ex ist to feed in CAPA system 21 CFR 820.100, 820.198 review procedures
Medical Device Reporting (MDR)
ISO 13485:2003: 8.5.1
ISO 13485:2016: 8.5.1;
1 Verify MDR procedures comply with regulatory requirements 21 CFR 803.17 review procedures
ISO 13485:2003: 8.5.1
verify firm maintains MDR event files that comply with ISO 13485:2016: 8.5.1;
2 regulatory requirements 21 CFR 803.18 review MDR files
ISO 13485:2003: 8.5.1
confirm appropriate MDR information is identified, ISO 13485:2016: 8.5.1;
3 reviewed, reported, documented, and filed 21 CFR 803, 820.198(d) review MDR files
review procedures;
ISO 13485:2003: 8.5.1 review M DR files;
ISO 13485:2016: 8.5.1; review complaints & returned
4 ensure firm is effective in identifying MDR reportable events 21 CFR 803 products
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
ensure firm has established procedures for receiv ing, ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
5 reviewing, and evaluating complaints 21 CFR 820.198( a) - (c) review procedures
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
verify firm maintains complaint files and that they are ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
6 reasonably accessible 21 CFR 820.198( a), (f), (g) review complaint records
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
confirm that complaints are evaluated to determine if an ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3, 8.5.1;
7 event should be a MDR 21 CFR 803, 820.198(a) (3) review procedures
1 verify C&R procedures comply with regulatory requirements 21 CFR 806 review procedures
determine if removal was initiated
2 examine records of corrections and/or removals of product 21 CFR 806 by firm
3 verify reporting requirements are implemented 21 CFR 806 review procedures
4 identify C&R actions not identified or initiated by firm 21 CFR 806 identify events not identified
confirm ex istence file of non-reportable corrections and
5 removals 21 CFR 806.20 review non-reportable C&R files
Medical Device Tracking
identif y all manufactured or imported devices that require
1 tracking 21 CFR 821.20 review product listings
verify tracking procedures comply with regulatory review procedures;
2 requirements 21 CFR 821.25(c) review records
verify firm performs internal audits of track ing system per
3 timeframes specified in regulations 21 CFR 821.25(c)(3) review procedures
Production & Process Controls (main subsystem) (P&PC)
p age 1 o f 3
QMS Aud it C heckl ist
selection criteria:
-CAPA indicators of process issues
-process for higher risk device
-degree of risk for process to cause
dev ice failures
-lac k of familiarity and experience
with process
-process used for multiple devices
-variety in process technologies
-processes not covered during
8 select a process to review previous inspec tions
verify firm has established procedures for production and ISO 13485:2003: 7.3.7, 7.5.2
process changes; ensure c hanges are verified or validated, ISO 13485:2016: 7.3.9, 7.5.6;
12 as needed 21 CFR 820.70(b), 820.75( c) review procedures
ISO 13485:2003: 8.3
review device history record (DHR) to identify rejects ISO 13485:2016: 8.3;
13 and/or non-conformances 21 CFR 820.70 review DHRs
review procedures;
identify processes that cannot be
verified;
review validation records to ensure:
-all operators hav e documented
qualification
-full change control of all processes
-calibration and maintenance of all
instruments
-equipment is properly installed,
adjusted, & maintained
-predetermined product
specifications are established
-test sampling and plans are
performed according to statistically
ISO 13485:2003: 7.5.2 valid rationale
ISO 13485:2016: 7.5.6; -process tolerance limits are
15 ensure processes that cannot be fully verified are validated 21 CFR 820.75(a) challenged
ISO 13485:2003: 7.5.2.1
ensure automated or software driven processes are ISO 13485:2016: 7.5.6;
16 validated for intended uses 21 CFR 820.70(i) review validation records
verify that validations are documented and conducted by ISO 13485:2016: 7.5.6; review procedures;
17 qualified personnel 21 CFR 820.75(b)(1) review validation records
ensure that monitoring and control methods, data, date ISO 13485:2003: 7.1, 8.4
performed, indiv iduals performing the process, and the ISO 13485:2016: 7.1, 8.4;
19 major equipment used is doc umented 21 CFR 820.75(b)(2) review validation records
confirm that product packaging and shipping containers ISO 13485:2003: 7.5.5 review procedures;
adequately protect device during processing, storage, ISO 13485:2016: 7.5.11; review packaging and shipping
29 handling, shipping, and distributi on 21 CFR 820.130 containers
verify procedures exist to prevent mix- ups, damage, ISO 13485:2003: 7.5.5
deterioration, contamination, or other adverse effects to ISO 13485:2016: 7.5.11;
30 product during handling 21 CFR 820.140, 820.150 review procedures
review procedures;
review validation records to ensure
processes are effective in:
-obtaining S AL
ISO 13485:2003: 7.5.2.2 -product performance not
review sterilization process procedures; verify sterilization ISO 13485:2016: 7.5.7; adversely affected
1 process is validated 21 CFR 820.75(a) , (c) -packaging not adversely affected
review procedures;
ISO 13485:2003: 4.2.3 review documents and records;
ISO 13485:2016: 4.2.4; review change management
2 ensure documents and changes are approved prior to use 21 CFR 820.40 records
ISO 13485:2003: 4.2.3(e), 4.2.4
3 verify documents and records are legible and identifiable ISO 13485:2016: 4.2.4(e), 4.2.5 review documents and records
ensure documents of external origin are identified with ISO 13485:2003: 4.2.3(f)
4 controlled distribution ISO 13485:2016: 4.2.4(f) review external documents and records
ensure chang e records are reviewed and approv ed by the ISO 13485:2003: 4.2.3, 7.3.7
same functions that performed original review and ISO 13485:2016: 4.2.4, 7.3.9; review procedures;
7 approval 21 CFR 820.40(b) review change records
verify change records include a description of change, ISO 13485:2003: 7.3.7
identification of affected documents, approval signatures, ISO 13485:2016: 7.3.9; review procedures;
8 approval date, and effective date 21 CFR 820.40(b) review change records
review procedures;
ISO 13485:2003: 4.2.3(d), (g) review document distribution;
ensure documents are available at point of use and ISO 13485:2016: 4.2.4(d), (h); review change management
9 obsolete document are not in use 21 CFR 820.40(a) records
ISO 13485:2003: 4.2.1
ISO 13485:2016: 4.2.1;
10 verify that firm maintains DMRs for each type of device 21 CFR 820.181 review DMRs
selection criteria:
-single produc t focus
- risk based
-result of complaints
-recent project
3 select documentation to review -covers product range
p age 2 o f 3
QMS Aud it C heckl ist
p age 3 o f 3