Doc. Id. No.

: XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 1 of 17

Presence Conformance Notes

Requirements of the Standard
S N C NC
Presence: Presence of the requirement of the international standard in the quality management system.
Conformance: Conformance of the requirement to the conditions set out in the International Standard.
Notes: Notes taken by the LA/A.
S: The requirement of the standard has been addressed and /or is present.
N: The requirement of the standard has not been addressed and / or is not present.
C: Conformance of the described process conforms to the requirements of the standard.
NC: The described process does not adequately satisfy or does not efficiently conform to the requirements
Non-conformance. of the standard.
Presence Conform Notes
Standards requirement
S N C NC
4.0 Quality management system
4.1 General requirements
 Has the organisation established, documented, implemented and
maintained a quality system and its effectiveness in accordance
with this international standard?
 Are the necessary processes of the quality system and their
application throughout the organisation identified?
 Has the interaction and sequence of these processes being
determined?
 Have the criteria and methods needed for effective operation and
control of these processes been identified?
 Has the availability of resources and necessary information
available for monitoring these processes been defined?
 Are these processes monitored, measured and analysed?
 Are necessary actions taken to achieve planned results and
maintain the effectiveness of the processes?
 Has the organisation ensured full control of processes according to
the requirements in this international standard?
.2.1 Documentation requirements
 Does the documentation include all requirements in this
international standard?
 Are the quality policy and quality objectives documented?
 Are the documents needed by the organisation to ensure
effective planning and control of the processes available?
 Have the specified requirements been established and
documented, including, the relevant regulatory requirements?
 For each type/model of medical devices has a file been
established and maintained which identifies documents defining
product specifications and quality system requirements for
complete manufacturing and installation and service, if
appropriate, or referring to the location(s) of this information?
 The size of the organisation and type of activities performed
 Complexity and interaction of processes
 Competence of personnel
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 2 of 17

4.2.2 Quality manual

 Has the quality manual been established?
 Is the quality manual being maintained?
 Does the manual include:
 The scope of the quality management system including details of
and justification for any exclusion and/or non-applicability(see
1.2)
 The documented procedures established for the quality
management system, or reference to them and
 A description of the interaction between the processes of the
quality management system
NOTE: The quality manual shall outline the structure of the
documentation used in the quality management system.
.2.3 Control of documents
 Is there a documented procedure defining the needed controls?
 Are the documents required by the quality management system
controlled?
 Are the documents reviewed and approved for adequacy?
 Does the procedure define the needed controls for:
 Review and approval of documents for adequacy prior to issue?
 Review and update, as necessary, and re-approval of documents?
 Identification of changes and the status of the current revision of
documents?
 Ensuring relevant versions of applicable documents are available
at the point of use?
 Ensuring documents remain legible and readily identifiable?
 Ensuring that documents of external origin are identified and their
distribution controlled?
Preventing unintended use of obsolete documents and ensuring the
suitable identification of them if they are retained for any purpose?
Is the retention period defined for which at least one copy of obsolete
controlled documents shall be retained?
Does this period ensure that specifications to which medical devices
have been manufactured and tested are available for at least the
lifetime of the medical device as defined by the organisation but not
less than the retention period of any resulting record or as specified
by the relevant regulatory requirements?
.2.4 Control of records
 Are the necessary records for quality management system
administered?
 Are records maintained to provide evidence of conformity to
requirements and the effective operation of the quality
management system?
 Are the records legible, readily identifiable and retrievable?
 Does a documented procedure exist defining the controls needed
for identification, storage, protection, retrieval, retention time and
disposition of records?
The organisation shall retain the records for a period of time at least
equal to the lifetime of the medical device as defined by the
organisation, but not less than two years from the product release by
the organisation or as specified by regulatory requirements.
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 3 of 17

5.0 Management responsibility

5.1 Management commitment
Has top management provided evidence of its commitment to the
development and implementation of the quality management system
as well as maintained its effectiveness by :
 Communicating to the organisation the importance of meeting
customer as well as statutory and regulatory requirements?
 Establishing the quality policy?
 Ensuring that quality objectives are established?
 Conducting management reviews?
 Ensuring the availability of resources?
Note: for the purpose of this international standard statuary
requirements are limited to the safety and performance of the
medical device only.

5.2 Customer focus

Has top management ensured that:
Customer requirements are determined and met Determination of
requirements related to the product
5.3 Quality policy
 Has top management ensured that the quality policy :
 Is appropriate to the purpose of the organization?
 Includes a commitment to comply with requirements and to
maintain the effectiveness of the quality management system?
 Provides a framework for establishing and reviewing quality
objectives?
 Is communicated and understood within the organisation?
Is reviewed for continuing suitability?
5.4 Planning
 Has top management ensured that the resources needed to
achieve the quality objectives are identified and planned?
 Is the output of the planning documented? (e.g., quality manual,
procedures, work instructions, quality plans, etc.)
Does top management ensure that the integrity of the quality
management system is maintained when changes are planned and
implemented?
5.4.1 Quality objectives
.4.2 Quality management system planning
5.5 Responsibility, authority and communication
.5.1 Responsibility and authority.
 Are the responsibilities and authorities documented and defined
within the organization?
 Are they communicated to make the system more effective?
Note: National or regional regulations might require the nomination of
specific persons as responsible for activities related to monitoring
experiences from the post production stage and reporting adverse
events.
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 4 of 17

.5.2 Management representative

 Has top management appointed a member of management who,
irrespective of other responsibilities, shall have responsibility and
authority that includes:
 Ensuring that processes needed for the quality management
system are established, implemented and maintained?
 Reporting to top management on the performance of the quality
management system and any need for improvement? (see 8.5);
 Ensuring the promotion of awareness of regulatory and customer
requirements throughout the organisation?
NOTE: The responsibility of the management representative can
include liaison with external parties on matters related to the quality
management system
.5.3 Has top management ensured that appropriate communication
processes have been established within the organization?
Does communication take place regarding the effectiveness of the
quality management system?
5.6 Management review
.6.1 General
Does the top management review the quality management system, at
planned intervals, to ensure its continuing suitability, adequacy and
effectiveness?
Are opportunities for improvement and the need for changes to the
quality management system, including quality policy and objectives,
reviewed during the review?
Are records of management reviews maintained as quality records?
.6.2 Review input
 Does the input to management review include information on:
 Result of audits?
 Customer feedback?
 Process performance and product conformity?
 Status of preventive and corrective actions?
 Follow up actions from previous management reviews?
 Changes that could affect the quality management system?
 Recommendations for improvements?
 New or revised regulatory requirements?
.6.3 Review output
 Does the output from the management review include decisions
and actions related to:
 Improvements needed to maintain the effectiveness of the quality
management system and its processes?
 Improvement of product related to customer?
The needed resources?
6.0 Resource management
6.1 Provision of resources
 Has the organisation determined and provided the needed
resources:
 To implement the quality management system and maintain its
effectiveness?
To meet regulatory and customer requirements?
6.2 Human resources.
6.2.1 General
Is competency for personnel who perform work affecting product
quality based on appropriate education, training, skills, and
experience?
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 5 of 17

6.2.2 Competence, awareness and training

 Has the organisation:
 Determined the necessary competence for personnel performing
work affecting product quality?
 Provided training or taken other actions to satisfy these needs?
 Evaluated the effectiveness of the actions taken?
 Ensured that all personnel are aware of the relevance and
importance of their activities and how they contribute to the
achievement of the quality objectives?
Maintained appropriate records of education, training skills and
experience?
Note: National or regional regulations might require the organization
to establish documented procedures for identifying training needs.
6.3 Infrastructure
 Has the organisation determined, provided and maintained the
infrastructure needed to achieve conformity to product
requirements?
Infrastructure includes as applicable:
 Buildings, workspace and associated utilities
 Process equipment both hardware and software and
 Supporting services (such as transport or communication)
The organization shall establish documented requirements for
maintenance activities, including their frequency, when such activities
or lack of can affect the product quality.
Records of such maintenance shall be maintained
6.4 Work environment
 Has the organization determined and managed the needed work
environment to achieve conformity to product requirements?
 Where microbiological and/or particulate cleanliness or other
environmental conditions are of significance in the use and/or
manufacture of the medical device: Has the supplier established
and documented requirements for the environment to which the
medical device is exposed? Are the environmental conditions being
controlled and monitored?
 Have requirements for health, cleanliness and clothing of personnel
been established, documented and maintained if contact between
personnel and the product or the environment could adversely
affect the quality of the product?
 Has the supplier ensured that all personnel who are required to work
temporarily under special environmental conditions are appropriately
trained or supervised by a trained person?
If appropriate, have special arrangements been established,
documented and maintained for the control of contaminated or
potentially contaminated products in order to prevent contamination
of other products, the manufacturing environment or personnel?
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 6 of 17

7.0 Product realization

7.1 Planning of product realization
Is the planning and development of the production process consistent
with the requirements of the other processes in the quality
management system?
 Has the organisation determined the following (if appropriate):
 Quality objectives and requirements for the products?
 The need for establishing processes and documentation?
 Provided resources specific to the product?
 Required verification, validation, monitoring inspection and test
activities specific to the product and the criteria for product
acceptance?
 Records needed to provide evidence that the realisation processes
and resulting product meet the requirements?
The organisation shall establish documented requirements for risk
management throughout product realization. Records arising from risk
management shall be maintained.
NOTE: The output of this plan shall be in a form suitable for the
organisation’s method of operation
A document describing the process of the quality management system
(including the product realisation process) and the resources to be
applied to a specific product or contract can be referred to as a quality
plan
7.2 Customer-related processes
7.2.1 Determination of requirements related to the product
 Requirements specified by the customer, including the
requirements for delivery and post-delivery activities?
 Requirements not stated by the customer but necessary for
specified or intended use, where known?
 Statutory and regulatory requirements related to the product?
Any additional requirements determined by the organization?
7.2.2 Review of requirements related to the product
 Has the management reviewed the requirements related to the
product and process for efficient communication with customers
and other related parties? Has the review taken place prior to
submission of tenders, acceptance of contracts or orders
(acceptance of changes to contracts or orders) ?
 Does the review ensure:
 Product requirements are defined and documented?
 Contract or order requirements differing from those previously
expressed are resolved?
 The organization has the ability to meet the defined
requirements?
 Are the records from the result of reviews and actions resulting
from the reviews maintained?
 Are relevant personnel made aware of any changed
requirements?
NOTE: In some situations such as internet sales, a formal review is
impractical for each order. Instead the review can cover relevant
product information such as catalogues or advertising material.
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 7 of 17

.2.3 Customer Communication

 Has the organisation determined and implemented effective
arrangements for communicating with customers in relation to:
 Product information?
 Enquiries, contracts, or order handling, including amendments?
 Customer feedback, including customer complaints?
 Advisory notices?

7.3 Design and Development

.3.1 Design and development planning
 Has the organisation established documented procedures for
design and development?
 Does the organisation plan control the design and development of
product?
 Does the organisation, during design and development planning,
determine the following:
 Design and development stages?
 The review,- verification, validation and design transfer activities
(see note) appropriate at each design and development stage?
 The responsibilities and authorities for design and development?
 Is the interface between different groups involved in design and
development managed to ensure effective communication and
clear assignment for responsibility?
 Is the planning output documented and updated as appropriate
as the design and development progresses? (see 4.2.3)
 NOTE: Design transfer activities during the design and
development process ensure that design and development
outputs are verified as suitable for manufacturing before
becoming final production specifications

.3.2 Design and development inputs

 Are the inputs related to product requirements being determined
and records maintained? (see 4.2.4)
 Does the input include:
 Functional performance and safety requirements, according
to the intended use?
 Applicable statutory and regulatory requirements?
 Where applicable, information derived from previous similar
designs?
 Other requirements essential for design and development?
 Output of risk management? (see7.1)
 Are these inputs reviewed for adequacy and approved?
Are requirements complete, unambiguous and not in conflict with
each other?
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 8 of 17

.3.3 Design and development outputs

 Do the results from design and development:
 Meet the input requirements for design and development?
 Provide appropriate information for purchasing, production
and for service provision?
 Contain or reference product acceptance criteria?
 Specify the characteristics of the product that are essential
for its safe and proper use?
 Are records of the design and development maintained?
NOTE: Records of design and development outputs can include
specifications, manufacturing procedures, engineering drawings, and
engineering or research logbooks
.3.4 Design and development review
 Is a systematic review of design and development, in accordance
with planned arrangements, conducted at suitable stages?
Evaluating the ability of the results of design and development to
meet requirements?
 Do the participants doing the review include representatives of
functions concerned with the different stages being reviewed as
well as other specialist personnel?
 Are the results from reviews and any necessary actions being
maintained?

7.3.5 Design and development verification

 Is design and development verification performed in accordance
with planned arrangements to ensure that the design outputs
have met the design and development input requirements?
Are results of the verification and actions maintained as records?

Design and development validation.

 Is the design and development validation performed in
accordance with planned arrangements ensuring that
resulting product is capable of meeting the requirements for
the specified application or intended use? Is the validation
completed prior to delivery or implementation of the
product?
 Are records of validation and any necessary action
maintained?
 Are clinical evaluation and/or evaluation of performance of
the medical device made as required by national or regional
regulations?
NOTE 1: If a medical device can only be validated following
assembly and installation at point of use, delivery is not
considered to be complete until the product has been formally
transferred to the customer.
NOTE 2: Provision of the medical device for the purpose of clinical
evaluations and/or evaluation of performance is not considered
to be delivery.
7.3.7 Are design and/or development changes identified and recorded?
Do reviews of design and development changes include
evaluation of the effect of the changes on constituent parts and
product already delivered?
Are design and development changes reviewed, verified,
validated as appropriate and approved before implementation?
Are results of the review of changes and necessary actions
maintained as records?
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 9 of 17

7.4 Purchasing
7.4.1 Purchasing process
 Has the organisation established and documented
procedures ensuring that purchased products conform to
specified purchased requirements?
 Is the type and extent of control dependent upon the effect
of the purchased product on subsequent product realisation
or the final product?
 Does the organisation evaluate the supplier’s ability to supply
products in accordance with the organisations requirements?
 Are the records of this evaluation and any action arising from
this maintained?
7.4.2 Purchasing information
 Does the purchasing information describe the purchased
product including when appropriate:
 Requirements for approval of product, procedures, processes
and equipment?
 Requirements for qualification of personnel?
 Quality management system requirements?
To the extent required for traceability given in the supplier
established documented and maintained procedures for
traceability, the organisation shall maintain relevant purchasing
information i.e. documents and records.

7.4.3 Verification of purchased product

 Has the organisation established and implemented the
inspection or other activities necessary to ensure that
purchased products meet specified purchase requirements?
 Where the organization or its customer intends to perform
verification at the supplier’s premises, has the organization
stated the intended verification arrangements and method
of product release in the purchasing information?
 Record of the verification shall be maintained.
7.5 Production and service provision
7.5.1 Control of production and service provision
7.5.1.1
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 10 of 17

 General requirements
 Does the organization plan and carry out production and
service control under controlled conditions?
 Does the controlled conditions include as applicable:
 The availability of information describing the characteristics
of the product?
 The availability of documented procedures, documented
requirements, work instructions and reference materials and
reference measurement procedures as necessary?
 The use of suitable equipment?
 The availability and use of monitoring and measuring
devices?
 The implementation of monitoring and measurement?
 The implementation of release, delivery, and post delivery
activities?
 The implementation of defined operations for labelling and
packaging?
 Is a record of each batch of medical device that provides
traceability to the extent specified in 7.5.3 and identifies the
quantity manufactured and quantity approved for
distribution established and maintained? Is the batch record
verified and approved?
 NOTE: A batch can be a single medical device
7.5.1.2 Control of production and service provision – Specific
requirements
7.5.1.2.1 Cleanliness of product and contamination control
Has the organisation established and maintained documented
cleanliness requirements of the product if:
a) The product is cleaned by the organization prior to
sterilisation and/ or its use, or
b) Product is supplied non-sterile to be subjected to a cleaning
process prior to sterilisation and/or its us, or
c) Product is supplied to be used non-sterile and its cleanliness
is of significance in use, or
d) Process agents are to be removed from the product during
manufacture
If the product is cleaned in accordance with a) or b) above, the
requirements contained do not apply to the cleaning process

7.5.1.2.2 Installation activities

If appropriate, have instructions and acceptance criteria for

installation and verification of medical devices been established
and documented?
If other personnel are allowed to perform installation, are they
given written instructions for the installation and the checking?
Have records of both installation and the verification performed
by the organization or its authorised agent been maintained?
7.5.1.2.3 Servicing activities

For each type/model of medical devices has a file been

established and maintained containing documented procedures,
as necessary, for performing servicing activities and verification
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 11 of 17

that they meet the specified requirements?

Are records of servicing being maintained?
NOTE: service can include repair and maintenance

7.5.1.3 Particular requirements for sterile medical devices

Are the medical devices subjected to a validated sterilization
process and are records kept of all the control parameters of the
sterilization process used for each sterilisation batch?
Are the sterilisation records traceable to each production batch
of medical devices?
Validation of processes for production and service provision
7.5.2 General requirements
Has the supplier established validation procedures of any
7.5.2.1
process for production and service provision to define
a) Criteria for review and approval of the processes
b) Approval of equipment and qualification of personnel
c) Use of specific methods and procedures
d) Requirements for records
e) Revalidation
Are there established documented procedures for the
validation of the application of computer software (and changes
to such software and/or its application) for production and
service provision that affect the ability of the product to
conform to specific requirements. Such software applications
shall be validated prior to initial use. Are these records
maintained?
Particular requirements for sterile medical devices
Has the organization established documented procedures for
7.5.2.2 the validation of sterilization processes?
Are these processes validated prior to initial use?
Are these records maintained?
7.5.3 Identification and traceability
7.5.3.1 Identification
The organization shall identify the product by suitable means
throughout product realization and shall establish documented
procedures for such product identification.
If appropriate, have special arrangements been established,
documented and maintained for the control of medical devices
returned to the organization in order to prevent contamination
of conforming products?
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 12 of 17

7.5.3.2 Traceability
7.5.3.2.1 General
Has the supplier established documented and maintained
procedures for traceability? Do the procedures define the extent
of product traceability and the records required?
Where traceability is a requirement, has the organization
controlled and recorded the unique identification of the
product?
NOTE: Configuration management is a means by which
identification and traceability can be maintained
7.5.3.2.2 Particular requirements for active medical devices and
implantable medical devices
Does the organization include records of all components,
materials and work environment conditions if these could cause
the medical device not to satisfy the specified requirements?
Does the organization require that its agents or distributors
maintain records of the distribution of medical devices with
regard to traceability and that such records are available for
inspection ?
Are records of the name and address of the shipping package
consignee maintained ?
Status identification
7.5.3.3 Has the organization identified the product status with respect to
monitoring and measurement requirements?
Is the identification of product status maintained throughout
production, storage, installation and servicing the product to
ensure that only product that has passed the required
inspections and tests (or released under an authorized
concession) is dispatched, used or installed?
7.5.4 Customer property
Does the organization exercise care with customer property
while it is under the organization’s control or being used by the
organization? Has the organization:
Identified, verified, protected and safeguarded customer
property provided for use or incorporation into the product? If
any customer property is lost, damaged or otherwise found to be
unsuitable for use, is this reported to the customer and are
records maintained?
NOTE: Customer property can include intellectual property or
confidential health information
7.5.5 Preservation of property
 Has the organization established documented procedures or
documented work instructions for preserving the conformity
of product during internal processing and delivery to the
intended destination?
 Does this preservation include identification, handling,
packaging, storage and protection?
 Does the preservation include the constituent parts of the
product?
 Has the organization established documented procedures or
documented work instructions for the control of product
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 13 of 17

with a limited shelf-life or requiring special storage

conditions?

7.6 Control of monitoring and measuring devices

 Has the organization determined the monitoring and
measurement to be undertaken and the monitoring and
measuring devices needed to provide evidence of
conformity of product to determined requirements?
 Has the organization established and documented
procedures to ensure that monitoring and measurement
can be carried out in a manner that is consistent with the
monitoring and measurement requirements?
 When necessary to ensure valid results is measuring
equipment:
 Calibrated or verified at specific intervals, or prior to use
against international or national measurement standards;
where such standard exist, the basis used for calibration or
verification shall be recorded?
 Adjusted or readjusted as necessary?
 Identified to enable the calibration status to be determined?
 Safeguarded from adjustments that would invalidate the
measurement results?
 Protected from damage and deterioration during handling,
maintenance and storage?
 In addition the organization shall assess and record the
validity of the previous measuring results when the
equipment is found not to conform to requirements. The
organization shall take appropriate action on any product
affected. Are records of the results of calibration and
verification being maintained?
NOTE: See ISO 10012 for guidance related to measurement
management system
8.0 Measurement, analysis and improvement
8.1 General
 Has the organization planned and implemented the
monitoring, measurement, analysis and improvement
processes needed to:
a) Demonstrate conformity of product?
b) Ensure conformity of the quality management system?
c) Maintain the effectiveness of the quality management system
Does this include determination of applicable methods, including
statistical techniques, and the extent of their use ?
Note: National or regional regulations might require
documented procedures for implementation and control of the
application of statistical techniques
8.2 Monitoring and measurement
8.2.1 Feedback
 Does the organization monitor information relating to
whether the organization has met customer requirements
as one of the measurements of the performance of quality
management system?
 Are the methods for obtaining and using the information
determined?
 Has there been established and maintained a documented
feedback system to provide early warning of quality
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 14 of 17

problems? and input to the corrective and preventive action

processes .
 Does the review of experience from the post-production
phase form part of the feedback system - if so is it required
by regulatory requirements?

8.2.2 Internal audit

 NOTE: See ISO 19011 for guidance related to quality
auditing.
 Are internal audits conducted at planned intervals to
determine whether the quality management system:
a) Conforms to planned arrangements, requirements of ISO 9001
and the quality management system?
b) Is effectively implemented and maintained?
 Are the audit programs planned taking into consideration
the status and importance of the processes and areas to be
audited, as well as the results of previous audits?
 Is the audit criteria, scope, frequency and method defined?
 Do auditor selection and conduct of audits ensure
objectivity and impartiality of the audit process?
 Is it ensured that auditors do not audit their own work?
 Has a documented procedure been established to define
responsibilities and requirements for planning and
conducting audits, reporting results, and maintaining
records?
8.2.3 Monitoring and measurement of processes
 Are suitable methods applied for monitoring and where
applicable, measurement of the quality management
system processes necessary to meet customer
requirements?
 Do these methods demonstrate the ability of the processes
to achieve planned results?
 Are corrections and corrective actions taken when planned
results are not achieved?
8.2.4 Monitoring and measurement of product
8.2.4.1 General requirements
 Does the organization measure and monitor the
characteristics of the product to verify that product
requirements have been met? Is this carried out at
appropriate stages of the product realization process in
accordance with the planned arrangements and
documented procedures?
 Is the evidence of conformity with acceptance criteria
maintained? Do records indicate the person(s) authorizing
release of product.
 Product release and service delivery shall not proceed until
the planned arrangements have been satisfactorily
completed.
8.2.4.2 Particular requirements for active implantable devices and
implantable devices
 Are records kept to identify personnel performing any
inspection or testing?
8.3 Control of nonconforming product
 Does the organization ensure that product which does not
conform to product requirements is identified and
controlled to prevent its unintended use or delivery? Are the
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 15 of 17

controls and related responsibilities and authorities dealing

with nonconforming product defined in documented
procedures?
 Does the organization deal with nonconforming product by
one ore more of the following:
 By taking action to eliminate the detected nonconformity
 Have the identity of the person authorizing its use, release
or acceptance under concession been put on record?
 Have they taken action to preclude its original intended use
or application?
 Does the organization ensure that nonconforming product is
accepted with concession only if the regulatory
requirements are met?
 Is there a procedure describing this and is it recorded?
8.4 Analysis of data
 Has the organization established a documented procedure
to determine, collect and analyse appropriate data to
demonstrate the suitability and effectiveness of the quality
management system and to evaluate if improvement in the
effectiveness of the quality management system can be
made? Is data generated from the results of monitoring and
measurements as well as other relevant sources?
 Does the analysis of data provide information relating to:
 Feedback?
 Conformity to product requirements?
 Characteristics and trends of processes and products
including opportunities for preventive action?
 Suppliers?
Records of the results of the analysis of data shall be maintained.
8.5 Improvement
8.5.1 General
 Has the organization identified and implemented any
necessary changes to ensure and maintain the continued
suitability and effectiveness of the quality management
system through :
 Quality policy?
 Quality objectives?
 Audit results?
 Analysis of data?
 Corrective and preventive actions?
 Management review?
 Has the organization established and maintained a
documented feedback system to provide early warning of
quality problems?
 Are these procedures capable of being implemented at any
time?
 Is all feedback information including customer complaints
and returned products documented?
 Does this feedback include activities outside the
organization which contributed to the customer complaint
and is this information exchanged between the involved
organization ?
Have procedures to notify the authorities - if so is required by
regulatory requirements - been established and documented?
8.5.2 Corrective action
 Does the organization take actions eliminating the cause of
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 16 of 17

nonconformities in order to prevent recurrence?

 Are these corrective actions appropriate to the effects of the
nonconformities encountered?
 Does the documented procedure define requirements for :
 Reviewing nonconformities (including customer
complaints)?
 Determining the causes of nonconformities?
 Evaluating the need for action to ensure that
nonconformities do not recur?
 Determining and implementing action needed, including, if
appropriate, updating documentation?
 Recording of the results of any investigation and of actions
taken?
 Reviewing the corrective action taken and its effectiveness?
8.5.3 Preventive action
 Does the organization determine action to eliminate the
causes of potential nonconformities in order to prevent
their occurrence?
 Are the preventive actions appropriate to the effects of the
potential problems?
 Is a documented procedure established defining the
requirements for :
 Determining potential nonconformities and their causes?
 Evaluating the need for action to prevent occurrence of
nonconformities?
 Determining and implementing action needed?
 Recording of the results of any investigations and of action
taken?
 Reviewing preventive action taken and its effectiveness?

Documents Reviewed
Title Document No Version / Date
QA Manual
QA Procedures:
Control of documents
Control of records
Design Control
Purchase
Identification & Traceability
Sterilisation (Special process)
Preservation of products
Control of measuring devices
Customer feedback
Internal Audits
Control of NC products
W.I for product rework, if not covered in abobve
procedure
Analysis of data
Advisory notices
Corrective action
Preventive action
Device master files (Technical files) As below

Sr. Product Group Technical File No. Model #

No.
 Doc. Id. No. : XYZ
COMPANY NAME & ADDRESS Revision No. XYZ
LOGO Issue No. XYZ
Revision Date: XYZ
Internal Audit Checklist as per ISO 13485:2003/13485:2003 Page No. 17 of 17

1
2
3
4
5
6
7
8