If you are a small business trying to establish or maintain ISO or FDA compliance, performing internal audits in a timely manner according to the requirements of the applicable standard(s) can be extremely challenging.
In this blog we are going to look at the language of section 8.2.4 in ISO 13485 and develop a streamlined risk appropriate approach using audit management software to conduct internal ISO audits that will make a huge difference getting your people to perform this important task that is all too easy to kick down the road when other business needs seem to be a higher priority.
The ISO Requirements for Internal Audits
The ISO standard wants you to conduct internal audits at planned intervals to determine whether the quality management system (QMS) accomplishes the following:
1. The QMS conforms to planned and documented arrangements.
2. The requirements of this International Standard.
3. Quality management system requirements established by the organization, and
4. Applicable regulatory requirements
5. Is effectively implemented and maintained.
Conforming to Planned and Documented Arrangements (A.K.A “Process Audits”)
If your registrar has not already put pressure on your company to conduct process audits, they soon will be. While everyone has been conducting audits oriented around meeting the requirements of the standard, No 2 above, planning and conducting internal ISO audits that address No 1 has often been ignored at many companies.
The reason for this is essentially a lack of QMS Integration available in their audit management software or lack of audit management software altogether. In order to effectively audit a process in your company you need some mechanism to identify the process.
Linking Audit Checklist to Released Documents
While it may seem obvious after we say it out loud, your controlled documents are an obvious choice for establishing the scope of internal audits, right? However, we need one more concept to address the next section of the ISO standard which says, the
“audit program shall be planned, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits.“
This statement acknowledges one of the foundational principles that is true throughout your quality management system, which is resources for quality management are not unlimited, so companies can take a risk appropriate approach to how their quality management system is designed.
But how? Your auditor is not going to let you neglect certain parts of the QMS, the entire QMS has to be audited, so how can we take a risk appropriate approach and still audit the entire quality management system?
To pull this off you will need highly integrated QMS software that can leverage the integration between your documents and other aspects of the QMS. For example, here are a few integration categories you will need that establish links between your controlled documents and:
- Sections of the ISO standard they address.
- Other controlled documents or forms.
- Work centers or categories of top level business processes.
- Custom Field controlled categories to further organize documents.
Once these links have been set up we can now create internal audit records that do both, allow a risk appropriate amount of administrative effort, while not neglecting any area of the QMS. This will only be possible if your QMS integration has been designed to both set up these relationship, and produce audit results that allow administrative effort flexibility so that this effort can be risk appropriate.
To see an example of how QMS software can be integrated to allow risk appropriate process audits that can administratively create a robust audit report in about 5 min, head on over the the TLM Training Center and watch the training video on this subject.
Demos