Ways of conducting a hassle-free internal and supplier audit for medical devices

Carrying out efficient and effective internal and supplier audits that meet all the requirements of external auditors is a must for medical device manufacturers. These audits should not only serve this purpose; they should also add value to the medical device organization.

Part of both ISO 13485 and QMS

Internal audits are required as part of ISO 13485 and the FDA’s Quality System Regulation (QMS). However, these procedures are quite complicated for many professionals in the medical device industry.  They are often confusing and cumbersome, mainly because of the jargon and regulatory language they contain. Many organizations find it difficult to get the import of these words while wading through them all the way to a successful internal audit.


A tad complicated

Another couple of complicating factors come into play: Since the FDA does not look at the content of internal audits; many medical device organizations do not get feedback on the true effectiveness of their internal audit system from the FDA during the time of FDA inspections.


Secondly, while on the other hand ISO 13485 auditors do look at internal audits; they are most concerned with the process. For them, a proper definition of a process that meets the requirements of the standard and the assurance that the company is following these are more important than anything else.

Auditor training is necessary

Both these regulations require that the medical device manufacturer define Auditor training. But there is a catch, because auditor training sometimes just requires reading the company’s procedure, while most external auditors will look for more than this.


How does a medical device company extricate itself out of this quagmire? The solution to all these vexing questions will be offered at a two-day seminar from GlobalCompliancePanel, a globally known provider of regulatory compliance trainings.

At this seminar to enroll for which you need to just log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900601SEMINAR; the Director, Betty Lane, who is Founder and President, Be Quality Associates, LLC, will explain all the issues relating to these aspects of external and internal supplier audits, in a way that is comprehensible and easy to implement.

In the process of explaining what makes for efficient and effective internal and supplier quality systems auditing for medical devices; she will also offer an explanation of best practices for creating and managing a value-added auditing process that will meet both company business needs and regulatory requirements.

At this seminar, which has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion; Betty will get participants to review all the quality management system requirements of FDA and ISO 13485 and then allow them to learn how to set up and manage an audit system that complies with these requirements, yet is risk-based so that their organization makes the most efficient use of auditing resources for both internal and supplier audits.


She will also include interactive exercises at this two-day session, which will help to strengthen the fundamentals of conducting and documenting quality system audits. The auditing principles taught in this seminar will be based on ISO 19011:2011 Guidelines for auditing management systems.

Preparing for an ISO 13485 audit

Being the current standard for medical devices; the ISO 13485 prescribes a set of standards that are to be implemented by manufacturers of medical devices. The aim of ISO 13485 is to ensure that medical devices meet the prescribed quality standards. This standard was conceived with the intention of making medical device manufacturers understand ways by which to establish a medical device risk management process.

Implementation needs proper training

Implementation of the ISO 13485 needs expert knowledge. Medical device organizations that need to implement it need to have trained staff, which needs to be aware of what to do when they are approached by an auditor. They should also know what documentation must be completed, kept up-to-date, and be made available, so that the organization can avoid major and minor findings. In addition, they should also be thoroughly aware of the issues that auditors constantly look for. They need to also be knowledgeable about the new updated standard.


Get trained on how to prepare

To make medical device professionals that face an ISO audit familiar with the dynamics of an ISO audit and to acquaint them with what it takes to be prepared for one when it happens, GlobalCompliancePanel, a globally known provider of professional trainings for the areas of regulatory compliance, will be organizing a two-day, in person seminar.


To enroll for this seminar and to get a thorough understanding of the ways by which to implement ISO 13485, just log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900708.

The Director at this seminar, Jason Teliszczak, who is CEO/Founder, JT Environmental Consulting, will give a complete understanding of how to prepare for an ISO audit in a manner that helps organizations defend their actions with the auditors and to avoid a number of errors and goof-ups that could result in harsh actions. In taking a detailed look at each section of the standard; Jason will let participants understand the core elements of an ISO audit.

He will offer real world examples of what to expect, and what to prepare and repeal within the audit guidelines, the ways of ensuring a compliant documentation system, infrastructure maintenance, PPE, ensuring quality by the judicious use of materials, ways of choosing suppliers and vendors, ways of going about an internal audit, and the role of management in certification.

The ISO 13485:2003 Standard has quality management systems at its heart

The ISO 13485:2003 Standard has quality management systems at its heart.

The ISO 13485:2003 Standard relates to quality management systems in the field of Medical Devices. Its requirements ISO 13485:2003 specifically relate to organizations that are in the business of medical devices, no matter what its size or type. At its core, ISO 13485:2003 is all about quality management systems in medical devices.

This standard specifies requirements for a quality management system. Accordingly, it requires an organization to demonstrate the ability to produce medical devices and related services that have to consistently meet both –a) customer requirements and b) regulatory requirements –that are applicable to the file of medical devices and related services.

Harmonization at the core

It thus becomes clear that quality management systems, which are the means to ensuring these requirements, constitute the heart of ISO 13485:2003. This Standard’s essential objective is to foster and bring about harmonization among medical device regulatory requirements for meeting quality management systems. This Standard superseded the earlier version, the ISO 9001. It did away with some of the requirements of that Standard.

When a medical device company deals with medical devices it may not manufacture; it is its responsibility to ensure that processes applicable to the medical device(s) required by ISO 13485:2003, are accounted for in the organization’s quality management system.

In a nutshell, these are some of the requirements set out from Part 4 of ISO 13485:2003 onwards, the Part at which quality requirements begin:

4.1: Establish a quality system for medical devices;

4.2: Document your medical device quality system;

5.1: Support Quality;

5.2: Focus on customers;

5.3: Establish a Quality Policy;

5.4: Perform Quality Planning;

5.5: Control your Quality Management System;

5.6: Carry out management reviews;

6.1: Provide quality resources;

6.2: Provide Quality personnel;

6.3: Provide quality infrastructure;

6.4: Provide quality environment

8.2: Monitor and measure quality;

8.3: Control your nonconforming products;

8.5: Take required remedial actions


Thanks & Best Regards,
John Robinson
161 Mission Falls Lane, Suite 216, Fremont, CA 94539, USA.
Web: www.globalcompliancepanel.com
Email: john.robinson@globalcompliancepanel.com

Design History File content

Design History File content

The design history file (DHF) is a very important document for a medical device, because it is what may be called the route map for the product’s design. It is proof that the device followed the right method on the way to arriving as the final product.

What is DHF?

It is defined, rather broadly, in ISO 13485 as being the record needed to provide evidence that the realization processes and the resulting product meet their specified requirements. 21 CFR 820.3 (e) of the FDA also describes DHF broadly as a compilation of records which describe the design history of the finished medical device.

Design history file content

Design history file content is described by both the FDA and ISO 13485.

Design history file content according to the FDA

  • General: A few Class I, Class II and Class III devices are listed here. These are the devices for which design controls apply
  • Design and development planning
  • Design input
  • Design output
  • Design review
  • Design verification
  • Design validation
  • Design transfer
  • Design changes
  • Design history file

ISO 13485

According to ISO 13485, design history file content should consist of the following rules:

  • The manufacturer shall establish plans thatdescribe the design and development activities
  • The plans shall identify and describe theinterfaces with different groups or activities thatprovide input to the design and developmentprocess
  • The plans shall be reviewed, updated and, andapproved as design evolves




Contact Detail


Phone: 800-447-9407
Fax: 302-288-6884

1000 N West Street | Suite 1200 | Wilmington | DE | USA | 19801


ISO 13485 vs. ISO 9001

ISO 13485 vs. ISO 9001

One of the most commonly countered questions in the medical device industry is: ISO 13485 vs. ISO 9001. They are often confused for each other. But they are never the same, although they have many common requirements.

ISO 13485 is part of ISO 9001 family of regulations

When understanding ISO 13485 vs. ISO 9001, we have to understand that both standards are part of the ISO QMS, and must meet general requirements. These general requirements merely state that “the organization shall establish, document, implement and maintain a quality management system and maintain its effectiveness in accordance with the requirements of this International Standard”.

ISO 13485 flows from ISO 9001. While ISO 9001 is a general standard for third party assessment, ISO 13485 is that part of this standard that is specific to the medical devices industry.

Critical differences

The crux of ISO 13485 vs. ISO 9001 lies in the application. ISO 13485 includes some specific requirements for medical devices and excludes those requirements of ISO 9001 that are not appropriate for regulatory requirements. So, although similar on the surface, these two standards work in tandem, but are yet exclusive to each other in many respects.  Organizations which claim that their medical devices meet ISO 13485 requirements cannot claim that their organization automatically meet ISO 9001 as well.

The ISO wanted to make the 13485 specific to the medical devices industry. It wanted to remove the complexity associated with the 9001 and make a standard that was usable by organizations of varying sizes, was easily comprehended, was compatible with management systems such as ISO 14001, and had a direct relationship with the activities that went into running a business. The ISO 13485 standard has achieved all this, and thus is a continuum of the ISO 9001 standard with the necessary refinements.

Difference in terms of operation

ISO 13485 must define document retention times based on organizational and regulatory requirements, while 9001 must record retention times based on organizational and regulatory requirements.




Contact Detail


Phone: 800-447-9407
Fax: 302-288-6884

1000 N West Street | Suite 1200 | Wilmington | DE | USA | 19801

ISO 13485 internal audit

ISO 13485 internal audit

So, you are in the medical devices industry, and one of the first items you would come across in your profession is having to deal with an ISO 13485 audit. What is the ISO 13485, and what does it take to audit it?

Understanding the ISO 13485

First things first. Let us get to the root of the matter: What is ISO 13485? The ISO describes the ISO 13485 thus:

“ISO 13485:2003 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services”.Thus, it is clear that ISO 13485 concerns itself with regulatory requirements for QMS.

Does my organization need an independent auditor for ISO 13485?

ISO 13485 requires many important parts. Some of these are:

  • Compliance Audit Program
  • Policy Audit Program
  • Procedures Audit Program
  • Process Audit Program
  • Records Audit Program

What is given here is only a small sample of the parts required to be audited. Come to think of it: Would your organization have the time or resources to implement these complex audits? Being in the medical device industry is strenuous to say the least. On top of it, apart from having to work on your core business, do you think it is wise to allocate resources for intricate tasks such as audits?

Think of having an independent organization/auditing company/individual who will be dedicated for this exclusive task. Does it not make your task easy and efficient?




ISO 13485 Gap Analysis

ISO 13485 Gap Analysis

Gap analysis is an important aspect of the ISO 13485 audit. The ISO 13485 standard lists out requirements for a wide-ranging management system for the manufacture and design of medical devices. When a medical device organization performs a gap analysis, it is analyzing the gaps that exist in its QMS vis-à-vis that prescribed in ISO 13485.

Why do the gap analysis?

Performing the gap analysis is obviously of very high importance to a medical device company. It helps the business understand the shortfall it has in relation to meeting regulatory requirements set out by ISO 13485. It helps it identify areas of insufficiency.

When should it be done?

It is best advised that organizations carry out the gap analysis before its final QMS is put in place, because identifying gaps at this stage is prudent. When carried out at this stage, it saves resources and time by nipping in the bud issues that could pile up later on. When gap analysis is not done at this stage, it becomes difficult to implement a QMS. As the old saying goes, a stitch in time saves nine!

How to do it?

It is always a great idea to get an ISO consultant to perform your organization’s gap analysis, because the professional knows best. By dedicating that person for this task, you could not only get a neat job done; you could also save on time and your own company resources.

Performing the gap analysis requires answering a set of questions relating to the QMS. The consultant will frame a set of questions that he/she will get you to answer. Some of these questions typically are of this nature:

  • Has the requirement been met?
  • Has the gap been identified?
  • Has remedial action been taken, or is it not necessary?

If the answer is “no” to any of these, it means that further action is necessitated. Leaving your ISO 1385 gap analysis to an expert requires your active support and cooperation.

Contact Detail


Phone: 800-447-9407
Fax: 302-288-6884

1000 N West Street | Suite 1200 | Wilmington | DE | USA | 19801