CQI and IRCA Certified Medical Devices-Quality Management Systems Auditor/Lead

Auditor Training Course (ISO13485:2016)

Assignment Day 1 – 24th January 2022, Monday

Team Members: 1. Subramaniasarma A/L Sreenivasan

2. Lee Mei Ping
Question 1
What are the clauses (activities) which require you to have documented procedures on a
mandatory basis?

ISO13485:2016 Details
Clause No.
4.1.6 , 7.5.6 Procedure for the validation of the application of a computer software
and 7.6 used in the quality management system.
4.2.4 Procedure for document control
4.2.5 Procedure for record control
5.6.1 Procedure for management review
6.4.1 Procedure for control of the working environment
7.3.1 Procedure for design and development
7.3.8 Procedure for design and development transfer
7.3.9 Procedure for control of design and development changes
7.3.10 Design and development file
7.4.1 Procedure for purchasing
7.5.1 Procedure and methods for the control of production
7.5.4 Procedure for servicing activities of medical devices
7.5.6 Procedures for validation of processes
7.5.7 Procedure for the validation of processes for sterilization
7.5.8 Procedure for product identification
7.5.9.1 Procedure for traceability
7.5.11 Procedure for preserving the conformity of product
7.6 Procedure for monitoring and measuring equipment
8.2.1 Procedure for customer feedback gathering
8.2.2 Procedure for complaint handling
8.2.4 Procedure for internal audit
8.3.1 Procedure for control of nonconforming product
8.3.3 Procedure for issuing advisory notices
8.3.4 Procedure for rework
8.4 Procedure for analysis of data
8.5.2 Procedure for corrective actions
8.5.3 Procedure for preventive actions
CQI and IRCA Certified Medical Devices-Quality Management Systems Auditor/Lead
Auditor Training Course (ISO13485:2016)
Assignment Day 1 – 24th January 2022, Monday

Question 2
What are the clauses (activities) which require you to maintain quality records (4.2.5)?

ISO13485:2016 Details
Clause No.
4.1.1 Roles of the organization
4.1.3 e), 4.2.1 d) Process Control
4.1.6, 7.6 Records of software validation activities
4.2.1 General QMS documentation
4.2.1 e) Regulatory requirements
4.2.3 Medical device file
4.2.4 Control of records
5.5.1 Responsibilities, authorities and independence
5.6.1 Records of management review
6.2 e) Records of education, training, skills and experience
6.3 Records of maintenance activities
6.4.1 Working environment
6.4.2 Control of contamination
7.1 Records of risk management activities
7.1 Outputs of product realization planning
7.1 d) Compliance of processes and product
7.2.2 Records of the results and actions arising from review of requirements
related to product
7.2.2 Records of product requirements changes
7.2.3 Communication with the customer
7.3.2 Design and development planning documents
7.3.3 Design and development inputs
7.3.4 Design and development outputs
7.3.5 Records of design and development review
7.3.6 Records of the results and conclusions of the design and development
verification
7.3.7 Design and development validation plans
7.3.7 Records of the results and conclusion of design and development
validation
7.3.8 Results and conclusions of the design and development transfer
7.3.9 Records of design and development changes
7.3.10 Design and development file
7.4.1 Records of the results of evaluation, selection, monitoring and re-
evaluation of supplier
7.4.2 Purchasing information
7.4.3 Records of purchased product verification
7.5.1 Records for each medical device or batch of medical devices
7.5.2 Cleanliness of the product
7.5.3 Records of medical device installation and verification of installation
7.5.4 Records of servicing activities
7.5.5 Records of the sterilization process parameters
7.5.6 Records of the results and conclusions of validation
7.5.7 Records of the results and conclusions of sterile medical device
validation
7.5.8 Unique identification
7.5.9.1 Records of traceability
CQI and IRCA Certified Medical Devices-Quality Management Systems Auditor/Lead
Auditor Training Course (ISO13485:2016)
Assignment Day 1 – 24th January 2022, Monday

7.5.9.2 Records of the name and address of the shipping package consignee
7.5.10 Report to the customer about changes on his property
7.5.11 Preservation of product
7.6 Records of the results of calibration and verification of monitoring and
measuring equipment
8.2.1 Customer feedback report
8.2.1 Complaint handling records
8.2.3 Records of reporting to regulatory authorities
8.2.4 Internal audit plan
8.2.4 Internal audit report
8.2.6 Evidence of conformity of products with the acceptance criteria
8.2.6 Identity of the person authorizing release of product
8.2.6 Identity of the personnel performing any inspection or testing of
implantable medical devices
8.3.1 Records of nonconformity
8.3.2 Records of the product acceptance by concession and the identity of
the person authorizing the concession
8.3.3 Records of actions relating to the issuance of advisory notices
8.3.4 Records of rework
8.4 Records of the results of data analyses
8.5.2 Records of corrective actions undertaken
8.5.3 Records of preventive actions undertaken
CQI and IRCA Certified Medical Devices-Quality Management Systems Auditor/Lead
Auditor Training Course (ISO13485:2016)
Assignment Day 1 – 24th January 2022, Monday

Question 3
Activity 1: What are the similarities and differences between first party, second party and
third party audits?

Details First Party Audit Second Party Audit Third Party Audit
Similarities 1. Same objectives in auditing a management system
- Evaluate effectiveness of implementation
- Gauge gap, if any
- Establish compliance status

2. Can follow the best conventions and procedures in auditing

- Auditors follow the same standard guideline for auditing
management systems (ISO19011)
Differences
Formality Less formal Casual / Formal Most formal
Duration Few hours to day(s) Day to days Day to week(s)
Approach Management Auditor is customer. Limitation on how
instrument in much help/advice
developing Can assist suppliers they can provide to
procedures and in the development auditee.
systems. of their procedures -Advice given might
(if the organization’s be as a result of
May have some policy permits). knowledge gained
freedom to help with from another client,
suggestions about and as such a
what sort of serious breach of
corrective action is confidentiality could
necessary. be made.
Limited ‘power’ Apparent ‘power’ as Most ‘power’ – can
acting on behalf of certify/re-certify/
organization as a revoke/suspend/
customer / potential withdraw
customer certification or
license
Knowledge and role More knowledgeable Normally play the Internal auditor
than most other role as internal interface between
people in the auditor of company. organization and
organization. Able to Bridge between certifying body /
gel operations 1) Management and Regulatory Authority
operation
department
2) Between
organization and
supplier
CQI and IRCA Certified Medical Devices-Quality Management Systems Auditor/Lead
Auditor Training Course (ISO13485:2016)
Assignment Day 1 – 24th January 2022, Monday

Question 4
What are the typical audit activities? (In accordance to ISO19011)

•General (Audit Team Leader responsibility)

•Establishing contact with auditee
Initiating Audit •Determining feasibility of audit

•Performing review of documented information

•Audit Planning - Risk-based approach to planning, audit planning details
Preparing Audit
•Assisgning work to audit team
Activites •Preparing documented information for audit

• Assigning roles and responsibilities of guides and observers

• Conducting opening meeting
• Communicating during audit
• Audit information availability and access
• Reviewing documented information while conducting audit
Conducting Audit • Collecting and verifying information
Activities
• Generating audit findings
• Determining audit conclusions
• Preparation for closing matting
• Content of audit conclusions
• Conducting closing meeting

• Preparing audit report

Preparing and
distributing audit • Distributing audit report
report

Compleitng audit
• Completing the audit

• Follow-up on Audit
Conducting Audit
Follow-up