Professional Documents
Culture Documents
FDA-ISO QMS Audit Checklist Greenlight Guru
FDA-ISO QMS Audit Checklist Greenlight Guru
Verify firm has established and conducts Management ISO 13485:2016: 5.1(d), 5.6;
3 Reviews, at least annually 21 CFR 820.5, 820.20(c)
verify firm has established a Quality Manual and Quality ISO 13485:2016: 4.1.2(a), 4.2.1(b), (c);
6 System Procedures and Instructions that are appropriate 21 CFR 820.5, 820.20(c), (d), (e), 820.22
1
© 2019 Greenlight Guru | Medical Device QMS Software
confirm that Quality Planning addresses QMS needs and ISO 13485:2016: 5.4.2;
8 Quality Objectives 21 CFR 820.20(a), (d)
verify firm has implemented Quality Policy and Quality ISO 13485:2016: 4.2.1(a), 5.1(b), (c), 5.3, 5.4.1
9 Objectives 21 CFR 820.20(a), (d)
Verify firm has established Quality Audit procedures and ISO 13485:2016: 4.2, 8.2.4;
10 conducts audits 21 CFR 820.20(c), 820.22
ensure quality audits examine compliance and ISO 13485:2016: 4.1.3(c), 4.2.1(d), 8.2.4;
11 effectiveness 21 CFR 820.22
verify appropriate responsibilities , authority, and ISO 13485:2016: 5.1(e), 5.5.1, 5.5.2, 6.1, 6.2;
17 resources are in place for quality system activities 21 CFR 820.5(b)(1)-(2), 820.20(b), 820.25
2
© 2019 Greenlight Guru | Medical Device QMS Software
verify firm has established procedures for identifying
training needs;
ensure personnel are trained to perform assigned ISO 13485:2016: 6.2;
18 responsibilities 21 CFR 820.25(b)
AT AUDIT CONCLUSION . . .
Determine if executive management ensures adequate
and effective quality system is implemented. Ensure
management is committed to and communicates
importance of meeting customer requirements,
19 regulatory requirements, and QMS. ISO 13485:2016: 5.1(a), 5.2, 5.5.3
Design & Development / Design Controls (main subsystem)
verify design control and risk management procedures are ISO 13485:2016: 7.3;
2 established and applied 21 CFR 820.30(a) - (j)
review the project design & development plan, ISO 13485:2016: 7.3.2;
5 responsibilities, and interfaces 21 CFR 820.30(b)
verify design & development plan is updated, reviewed, ISO 13485:2016: 7.3.2;
6 and approved 21 CFR 820.30(b)
3
© 2019 Greenlight Guru | Medical Device QMS Software
confirm design input requirements were established,
reviewed, and approved; ensure customer requirements
are captured; ensure inputs include functional,
performance, safety, and statutory and regulatory ISO 13485:2016: 7.2.1, 7.3.3;
7 requirements 21 CFR 820.30(c)
confirm design & development outputs are established, ISO 13485:2016: 7.3.4(a), (c) ;
9 verifiable, reviewed, and approved 21 CFR 820.30(d)
ensure design & development outputs are appropriate for ISO 13485:2016: 7.3.4(b);
10 purchasing, production, and servicing 21 CFR 820.30(d)
verify essential design & development outputs are ISO 13485:2016: 7.3.4(d);
11 identified 21 CFR 820.30(d)
confirm design validation results prove device met ISO 13485:2016: 7.3.7;
14 predetermined user needs and intended uses 21 CFR 820.30(g)
confirm design validation did not leave unresolved ISO 13485:2016: 7.3.7;
15 discrepancies 21 CFR 820.30(g)
4
© 2019 Greenlight Guru | Medical Device QMS Software
if required by national or regional regulations, confirm
clinical evaluations and/or evaluation of device ISO 13485:2016: 7.3.7;
16 performance were performed 21 CFR 820.30(g)
if device contains software, confirm software was ISO 13485:2016: 7.3.2, 7.3.7;
17 validated 21 CFR 820.30(g), 820.75
determine if initial production units (or equivalents) were ISO 13485:2016: 7.3.7;
18 used for design validation 21 CFR 820.30(g)
confirm design changes were controlled and validated (or ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9;
20 where appropriate, verified) 21 CFR 820.30(i), 820.70(b), 820.75(c)
confirm design changes have been reviewed for effect on ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9;
21 components and product previously made 21 CFR 820.30(i), 820.70(b)
determine if design reviews were conducted at ISO 13485:2016: 7.2.2, 7.3.2, 7.3.5;
22 appropriate stages of design & development 21 CFR 820.30(e)
confirm design review attendees were appropriate for ISO 13485:2016: 7.3.2, 7.3.5;
23 stage and included independent reviewer 21 CFR 820.30(e)
verify CAPA procedures comply with regulatory ISO 13485:2016: 4.1, 4.2, 8.5;
1 requirements 21 CFR 820.100(a)
verify non-conforming product and CAPA procedures ISO 13485:2016: 8.3, 8.5;
2 determine the need for investigation and notification 21 CFR 820.90(a), 820.100(a)(2)
5
© 2019 Greenlight Guru | Medical Device QMS Software
verify non-conforming product and CAPA procedures ISO 13485:2016: 8.3, 8.5;
3 define responsibilities for review and disposition 21 CFR 820.90(b)(1)
verify that appropriate records of quality problems have ISO 13485:2016: 8.3, 8.5;
5 been created and used 21 CFR 820.100(a)(1)
determine if trend analysis data indicates quality ISO 13485:2016: 8.1, 8.2.5, 8.4, 8.5;
6 problems; determine if data used for CAPA decisions 21 CFR 820.100(a)(1), 820.250
determine CAPA actions were effective, verified, validated, ISO 13485:2016: 8.5;
13 documented, and implemented appropriately 21 CFR 820.100(a)(4), 820.100(a)(5), 820.100(b)
6
© 2019 Greenlight Guru | Medical Device QMS Software
verify CAPAs and nonconformities were disseminated to
personnel responsible for ensuring quality and prevention ISO 13485:2016: 8.3, 8.5;
14 of problems 21 CFR 820.100(a)(6)
verify quality issues and CAPAs were disseminated for ISO 13485:2016: 5.6.3, 8.3, 8.5;
15 Management Review 21 CFR 820.100(a)(6), 820.100(a)(7)
verify firm maintains MDR event files that comply with ISO 13485:2016: 8.5.1;
2 regulatory requirements 21 CFR 803.18
ensure firm has established procedures for receiving, ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
5 reviewing, and evaluating complaints 21 CFR 820.198(a) - (c)
verify firm maintains complaint files and that they are ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
6 reasonably accessible 21 CFR 820.198(a), (f), (g)
confirm that complaints are evaluated to determine if an ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3, 8.5.1;
7 event should be a MDR 21 CFR 803, 820.198(a)(3)
7
© 2019 Greenlight Guru | Medical Device QMS Software
verify C&R procedures comply with regulatory
1 requirements 21 CFR 806
examine records of corrections and/or removals of
2 product 21 CFR 806
3 verify reporting requirements are implemented 21 CFR 806
4 identify C&R actions not identified or initiated by firm 21 CFR 806
confirm existence file of non-reportable corrections and
5 removals 21 CFR 806.20
Medical Device Tracking
identify all manufactured or imported devices that require
1 tracking 21 CFR 821.20
verify tracking procedures comply with regulatory
2 requirements 21 CFR 821.25(c)
verify firm performs internal audits of tracking system per
3 timeframes specified in regulations 21 CFR 821.25(c)(3)
Production & Process Controls (main subsystem) (P&PC)
verify product realization processes are planned; confirm ISO 13485:2016: 7.1;
that risk management occurs throughout product ISO 14971:2000
1 realization 21 CFR 820.70
8
© 2019 Greenlight Guru | Medical Device QMS Software
ensure firm maintains procedures and records for
traceability of each unit, lot, or batch of finished devices
and components ISO 13485:2016: 7.5.9;
7 NOTE: may not be required for all devices 21 CFR 820.65
verify the equipment used has been adjusted, calibrated, ISO 13485:2016: 7.5;
10 and maintained 21 CFR 820.70(g)(3), 820.72(a), 820.70(g)(1)
review device history record (DHR) to identify rejects ISO 13485:2016: 8.3;
13 and/or non-conformances 21 CFR 820.70
9
© 2019 Greenlight Guru | Medical Device QMS Software
verify that defects, rejects, non-conformances, and ISO 13485:2016: 8.3;
14 removal of materials were handled properly 21 CFR 820.50, 820.70(h), 820.90, 820.100
ensure processes that cannot be fully verified are ISO 13485:2016: 7.5.6;
15 validated 21 CFR 820.75(a)
10
© 2019 Greenlight Guru | Medical Device QMS Software
ensure that monitoring and control methods, data, date
performed, individuals performing the process, and the ISO 13485:2016: 7.1, 8.4;
19 major equipment used is documented 21 CFR 820.75(b)(2)
ensure the infrastructure and work environment are ISO 13485:2016: 6.3, 6.4;
21 appropriate and controlled 21 CFR 820.70(c), (f), (g)
confirm that maintenance schedules, routine inspections, ISO 13485:2016: 6.3, 7.5.1, 7.5.6, 7.6;
22 and adjustments to equipment occur 21 CFR 820.70(g)
verify procedures are in place for contamination control ISO 13485:2016: 6.4.2, 7.5.2;
23 and cleanliness 21 CFR 820.70(e)
ensure procedures define receiving, in-process, and final ISO 13485:2016: 7.5.11, 8.4;
25 acceptance activities. 21 CFR 820.80(a) - (d)
confirm receiving, in-process, and final acceptance activity ISO 13485:2016: 8.4;
26 records exist 21 CFR 820.80(e)
verify that procedures exist and that acceptance status of ISO 13485:2016: 7.1, 8.2.6;
27 product is indicated 21 CFR 820.86
11
© 2019 Greenlight Guru | Medical Device QMS Software
verify procedures exist for product distribution; confirm
distribution records include name and address of
consignee, identification and quantity shipped, date of ISO 13485:2016: 4.2.3, 7.1, 7.5.8, 7.5.9.2, 7.5.11;
31 shipment, and identification numbers 21 CFR 820.160
ensure installation and inspection procedures exist (if ISO 13485:2016: 7.5.3;
32 applicable); verify installation records are maintained 21 CFR 820.170
ensure servicing procedures exist (if applicable); verify ISO 13485:2016: 7.5.4;
33 servicing records are maintained 21 CFR 820.200
verify firm identifies, verifies, protects, and safeguards
34 customer property under its care ISO 13485:2016: 7.5.10
Sterilization Process Controls
5 ensure sterilization failures were handled properly 21 CFR 820.70(g)(3), 820.72(a), 820.70(g)(1)
12
© 2019 Greenlight Guru | Medical Device QMS Software
ensure suppliers are evaluated for ability to meet ISO 13485:2016: 7.4.1;
2 specified requirements 21 CFR 820.50(a)(1)
3 verify documents and records are legible and identifiable ISO 13485:2016: 4.2.4(e), 4.2.5
ensure documents of external origin are identified with
4 controlled distribution ISO 13485:2016: 4.2.4(f)
verify firm maintains a quality system record (QSR) which ISO 13485:2016: 4.2.1(c), (e)
5 includes or refers to location of procedures 21 CFR 820.20, 820.40, 820.186
confirm that documents and records are retained for ISO 13485:2016: 4.2.1, 4.2.4, 4.2.5
required length of time (this includes retention of 21 CFR 820.100(b), 820.180(b), 820.181, 820.184,
6 obsolete controlled documents and records) 820.186, 820.198(a), 820.200(d)
13
© 2019 Greenlight Guru | Medical Device QMS Software
verify change records include a description of change,
identification of affected documents, approval signatures, ISO 13485:2016: 7.3.9;
8 approval date, and effective date 21 CFR 820.40(b)
ensure documents are available at point of use and ISO 13485:2016: 4.2.4(d), (h);
9 obsolete document are not in use 21 CFR 820.40(a)
14
© 2019 Greenlight Guru | Medical Device QMS Software
confirm incoming contracts and orders are reviewed to
resolve conflicting information and that customer
2 requirements can be met ISO 13485:2016: 7.2.2
verify documentation addresses a general description of ISO 13485:2016: 7.1, 7.2, 7.3.4;
product, intended use(s), and any variants, accessories, or 21 CFR 820.30(d), 820.30(g), 820.30(f), 820.181,
4 other devices used in combination with product 820.50, 820.75
15
© 2019 Greenlight Guru | Medical Device QMS Software
ISO 13485:2016: 7.1, 7.2, 7.3.4;
ensure documentation includes instruction manual(s) and 21 CFR 820.30(d), 820.30(g), 820.30(f), 820.181,
9 labeling 820.50, 820.75
16
© 2019 Greenlight Guru | Medical Device QMS Software
ree personal demo of Greenlight Guru's Medical Device QMS Software today.
NC = Non-Conformance
OFI = Opportunity for Improvement
PP = Positive Practice
A = Acceptable
Objective NC, OFI, PP,
Auditor Notes Auditor Observation Evidence or A?
review procedure
17
© 2019 Greenlight Guru | Medical Device QMS Software
review quality plan
review procedure;
review audit records
review procedures
interview management
representative about resource
allocation
18
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures;
review training records
review procedure;
review products
review procedures
selection criteria:
-contains software
-single product focus
-risk based
-result of complaints, problems
-most recent
-cover product range
-recent 510(k), PMA, CE mark
review procedure;
assess plan's
-milestones
-phases
-responsibilities
-risk management
-interfaces
19
© 2019 Greenlight Guru | Medical Device QMS Software
review procedure;
ensure requirements address
-intended use
-functional, performance, and
safety requirements
-applicable statutory and regulatory
requirements
-user and patient needs
-other essential requirements
review procedure;
review resolutions
review procedure;
review drawings, specifications,
labeling, packaging, work
instructions, IFUs
review procedure;
review procedure;
review drawings, specifications,
labeling, packaging, work
instructions, IFUs
review procedure;
review drawings, specifications,
labeling, packaging, work
instructions, IFUs;
review verification activities
review procedure;
review verification activities
review procedure;
review validation activities
20
© 2019 Greenlight Guru | Medical Device QMS Software
review procedure;
review evaluation data
review procedure;
evaluate prototype / production
records
review procedure;
review risk management file;
ensure risk analysis, evaluation, and
control steps are addressed
review procedure;
review design changes and
documentation decisions
review procedure;
review design review
documentation
review procedure;
review DMR
review DHF
review procedures
review procedures
21
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures
review procedures;
review DHRs (of nonconforming
products)
review procedures;
review records of incoming
products, components, testing, SPC
data
review procedures;
review techniques used
review procedures;
review investigations
review procedures;
review investigations
review investigations;
review non-conformance records
review procedure;
review CAPA records
review procedure;
review CAPA records
22
© 2019 Greenlight Guru | Medical Device QMS Software
review CAPA and non-conformance
records
review procedure;
review CAPA records
review procedures
review procedures
review procedures;
review MDR files;
review complaints & returned
products
review procedures
review procedures
23
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures
determine if removal was initiated
by firm
review procedures
identify events not identified
review procedures
review procedures
review procedures;
review product realization
documents
review procedures;
review supplier records
review records
review procedures
24
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures;
review DHRs
selection criteria:
-CAPA indicators of process issues
-process for higher risk device
-degree of risk for process to cause
device failures
-lack of familiarity and experience
with process
-process used for multiple devices
-variety in process technologies
-processes not covered during
previous inspections
review procedures
review DHRs
25
© 2019 Greenlight Guru | Medical Device QMS Software
review material records;
review DHRs;
determine if
-properly handled
-result of equipment calibration
failures
-result of equipment maintenance
failures
-result of validation failures
review procedures;
identify processes that cannot be
verified;
review validation records to ensure:
-all operators have documented
qualification
-full change control of all processes
-calibration and maintenance of all
instruments
-equipment is properly installed,
adjusted, & maintained
-predetermined product
specifications are established
-test sampling and plans are
performed according to statistically
valid rationale
-process tolerance limits are
challenged
26
© 2019 Greenlight Guru | Medical Device QMS Software
review validation records
review procedures;
review key processes
review procedures;
review records
review procedures;
review records
review procedures
review procedures;
review records
review procedures
review records
review procedures
review procedures;
review packaging and shipping
containers
review procedures
27
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures;
review distribution records
review procedures;
review installation records
review procedures;
review servicing records
review procedures;
identify customer property
review procedures;
review validation records to ensure
processes are effective in:
-obtaining SAL
-product performance not
adversely affected
-packaging not adversely affected
review procedures
28
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures
review procedures
review procedures;
review supplier evaluation records
review procedures;
review acceptance records
review procedures
review procedures;
review documents and records;
review change management
records
review procedures
review procedures;
review documents and records
review procedures;
review change records
29
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures;
review change records
review procedures;
review document distribution;
review change management
records
review DMRs
review DMRs
review DHRs
review DHRs
review procedures;
review product requirements
documents
30
© 2019 Greenlight Guru | Medical Device QMS Software
review procedures;
review incoming inspection records
review procedures
review procedures
selection criteria:
-single product focus
- risk based
-result of complaints
-recent project
-covers product range
31
© 2019 Greenlight Guru | Medical Device QMS Software
review technical file records
32
© 2019 Greenlight Guru | Medical Device QMS Software