The 4 best ISO 13485 audit checklists
An ISO 13485 audit can make even the most seasoned medical device quality managers bite their nails. The standard includes 77 clauses, so there are a lot of ways to fall short—even if you're working with the most comprehensive of ISO 13485 audit checklists.
Too many organizations fail their ISO 13485 audits because the quality team wasn’t careful to prepare with assessments. Recently, a Kentucky-based company made headlines for a failed audit. The company wasn’t following protocol for CAPA, complaint handling, acceptance activity, or purchasing controls.
Nevertheless, you don’t need to fear ISO 13485 compliance. With a solid ISO 13485 audit checklist, you can make sure you’re ticking off all the right boxes and preparing yourself for a successful audit.
Ensure readiness with the right ISO 13485 audit checklist
ISO 13485: 2016 requires Stage 1 and Stage 2 audits. The best ISO 13485 audit checklists can help you prepare for both stages or an internal audit prior to certification or recertification. Stage 1 and Stage 2 audits differ in duration, depth, and scope.
Stage 1 audits typically last one day. An ISO auditor from your certifying body will provide a report of positive and negative findings to determine whether your company is ready to proceed to stage 2.
Stage 2 audits typically last several days. This is a comprehensive evaluation of your organization’s compliance with ISO 13485:2016 standards. The auditor will review documentation, controls, internal audits and management review, and all relevant processes. The auditor may produce a list of non-conformances which have to be corrected before you can be certified or receive recertification.
ISO 13485 audits don’t technically result in a “pass” or “fail” grade. Your organization can only really fail if you ignore the auditor’s suggestions for fixing non-conformances. This would result in failing to get certified or losing your ISO 13485 certification. However, non-conformances can have a real impact on product quality, waste, and compliance. Preparing to pass an ISO audit with minimal recommendations is clearly a smart move.
4 best checklists for ISO 13485 audits
The best ISO 13485 audit checklist for you will depend on your unique organization’s processes and systems. However, some of the most comprehensive checklists are listed below.
1. NSF ISR: ISO 13485 (Downloads as a doc.x file)
This planner and delta checklist is designed for clients to complete prior to on-site review from an ISO auditor. It includes highly detailed fields that can guide internal improvement efforts, including the ability to score your company on a scale of 1-10 and assign responsibility and completion dates. This free, Microsoft Word-based resource also includes an Appendix which details the differences between ISO 13485:2016 and 13485:2003. The NSF-ISR is a US-based certification and standards entity.
This PDF checklist is designed to serve as a guideline for internal audit activities. The document contains room for observations and comments, and results--or internal corrective actions taken prior to a Stage 1 or 2 audit. ISO requirements that align with FDA QSR are highlighted in yellow for easy reference. While this checklist offers many helpful features, it’s best used in conjunction with other resources since it’s designed for ISO 13485:2003 instead of the most recent version of the standard. Compliance Online is an online information portal with resources for quality practitioners.
3. ISO 13485 Technical Questionnaire (Downloads as a doc.x file)
This Microsoft Word document is a comprehensive preparation overview which was built for medical device manufacturers in Ireland to complete and submit to their auditor prior to on-site evaluations. NSAI is an Irish certifying body. It contains fields for organizations to document their response and evidence for each component of the ISO 13485:2016 standard, and the auditor’s verification of the internal audit. This document is a comprehensive, in-depth guideline for internal audits and understanding how certifying auditors may review your quality management system.
This comprehensive, printable checklist is offered by the team here at Qualio. It contains detailed guidelines for activities and processes relevant to ISO 13485:2016 audits; use this checklist to ensure compliance with the particular and unique areas of the standard: Clauses 4 to 8. It’s a great all-in-one resource to prepare your company for an audit or improve internal processes with the standard in mind. Qualio is a cloud-based quality management software company focused on helping medical device companies achieve ISO 13485 certification with ease.
RELATED READING: An ISO 13485 Risk Management Plan example
ISO 13485 compliance challenges
An ISO audit shouldn’t be cause for losing sleep. Ideally, your organization should understand how your quality system stacks up against the standard for medical device manufacturers and opportunities for improvement. Checklists are high-value tools when they’re used on an ongoing basis to internally audit your QMS. They let you know what to expect.
Knowing what to expect is an advantage when it comes to an inspection from an ISO or FDA auditor. You shouldn’t raise the alarm when an inspector walks on site and worry about how to disguise weaknesses in your QMS. Devoting the resources in advance to make sure you meet standards for quality management can ensure your quality management system is helping you operate efficiently and with minimal risk.
There's no public database of feedback that companies receive during an ISO audit. However, ISO 13485 has many areas of alignment with FDA QSR. Based on 483 observation data, you can identify which areas are the one companies struggle with and focus on the common pitfalls of ISO 13485 compliance.
Insufficient CAPA is the number one trigger for FDA citations in the medical device industry. Rely on ISO 8.5.2 (correction) and 8.5.3 (prevention) and the FDA’s own inspection guidelines to make sure your CAPA meets standards.
The second-most-common reason organizations received a 483 observation was due to a lack of standard procedures for complaint-handling or evidence that the procedures weren’t followed. Complaints are addressed in FDA CFR 820.198 and ISO 8.2.2.
Failure to create and follow a written procedure for the supply chain can mean non-compliance and supplier risks that compromise device quality.
Process validation is worth the investment the first time around to avoid potential ISO or FDA inspection or quality issues.
Your organization needs written procedures and systems for medical device reporting (MDR), including events and annual reports. This is detailed under FDA CFR 803.17 and ISO 13485:2016 guidance for records keeping.
RELATED READING: What is the best ISO 13485 quality management system software
Tips for ISO 13485 compliance
It’s important to remember that the result of ISO 13485 compliance isn’t just certification—it should be a continual process of improvement. After you've reviewed the above ISO 13485 checklists, consider implementing these strategies to pass your audit with flying colors.
Develop a process for the audit
Your efforts to prepare for your audit will be most effective if they follow a process, specifically a careful schedule for internal audit activities. You should perform an in-depth review of internal quality systems continually and avoid putting off internal audits until the last minute. You may choose to review three areas each month to spread out the workload, reviewing each system at least twice per year. A partial schedule is outlined below:
- Design: February, June, October
- Purchasing: March, July, November
- Training: April, August
- Quality Assurance: January, May, September
Focus on upstream quality
Medical device quality is a complex concept. That’s why ISO 13485:2016 has 77 sections that address every component of the device lifecycle, from design to process validation, sales, and complaint handling. Upstream quality (UQA) is a manufacturing concept which relates to “quality from the start,” or the idea that putting in proper effort in the early stages can avoid quality issues later, or downstream.
Upstream quality is also frequently used to focus on process inputs, or supply chain management. UQA starts with the quality management unit and leadership team. Proper documentation and a strong quality management system can ensure you’ve formed a solid baseline.
Prepare for the conversation
While it’s always important to be professional and careful when you’re dealing with any type of inspector, ISO inspections for certification have a much different tone than interactions with the FDA.
An ISO inspector isn’t going to fail or cite your company on-the-spot. These interactions are generally much more conversational and lower-pressure than an on-site audit from an FDA inspector. Employees should be prepared for a productive conversation and avoid giving out info they’re unsure of, but it’s much harder to get into trouble by saying the wrong thing.
An eQMS can help you pass an ISO 13485 audit
No one wants to feel clueless when they’re facing down an ISO audit. The worst feeling in the world is being unsure of how your QMS stacks up against standards. It’s even worse when you find yourself scrambling to locate documents or records requested by the auditor, or you learn that you’re missing entire quality processes.
Medical device companies don’t have to build an ISO 1345-compliant QMS from the ground up. You can streamline ISO certification with an enterprise quality management system (eQMS) built specifically in accordance with ISO 13485:2016, FDA QSR, and other relevant standards.
Qualio is a cloud-based QMS that simplifies internal audits and improves visibility, helping you maintain compliance year-round and pass audits with ease. Want to learn more about how Qualio can help your team? Get a demo here.
And don't forget, you can download our free ISO 13485 checklist PDF.