Embedded Files
1. Purpose
1. Purpose
This document provides the process for Internal auditing
This document covers Internal auditing in compliance with ISO13485
2. Approval
2. Approval
(Version at end of page)
Signed V4 NJG 16.10.2025
3. Scope
3. Scope
The process covers all documents and process and products as defined in the SOP
4. Responsibilities
4. Responsibilities
Approval: Bruce Manuel
Changes: Nicholas Gilbert
5. Definitions
5. Definitions
Deviations - Factual approach to decision making Effective decisions are based on the analysis of data and information.
Audit - Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.
Follow-up on audits - An evaluation carried out in order to determine the adequacy and effectiveness of preventive/corrective action taken after an audit has been carried out.
6. Abbreviations
6. Abbreviations
PCA - Preventative and Corrective Action
SHEQ - Safety, Health, Environment and Quality
NCR – Non Conformance Record
NCCA- Non Conformance Corrective Action
7. References
7. References
ISO13485 clauses 8.2.4 & 5.6
PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT
8. Procedure
8. Procedure
INTERNAL AUDIT (ISO13485 8.2.4)
8.1 General
8.1 General
Regular monitoring and measuring are the key characteristics of processes and activities that can have significant impact on quality and safety of products and are performed and therefore audited for compliance to regulations and conformance to a quality management system - ISO13485.
Evaluation of compliance with relevant laws and regulations and applicable standards are included.
This procedure includes the planning, conducting and reporting of audits.
A quality audit is a systematic, independent examination to assess if a company's processes, systems, or products meet established standards, customer expectations, and regulatory requirements. It identifies strengths, weaknesses, and opportunities for improvement within a company's quality management system, helping ensure consistent quality and compliance.
8.2 Types of Audits
8.2 Types of Audits
1.This procedure is followed for ALL types of audits.
a) External Supplier audits, for either supply of materials, components or products that are deemed significant as per SOP Purchasing / External providers.
b) Internal audits, ie: within the Company's establishment, not limited to, of processes, procedures, practices, documents, products and materials.
c) External / Third Party audits; for contract compliance and non-conformance reporting, if required e.g. Principal audits, Conformity assessment bodies and / or the Regulation
8.3 Requirement
8.3 Requirement
The organization conducts internal audits at planned intervals as per Quality Audits Schedule, which may also record External Audits, to determine whether the quality management system:
a) conforms to planned and documented arrangements, requirements of ISO13485 International Standard, and the organisations quality management system established by the organization, and any applicable regulatory requirements
b) the requirements of a) above are effectively implemented and maintained.
8.4 Responsibilities
8.4 Responsibilities
The selection of auditors is a consultant , refer SOP Purchasing, or qualified persons (trained or experienced) competent to audit, and conduct of audits ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
The Management Representative and/or Consultant can conduct the audits with any trainee auditor present. The team will also include the department manager or any other necessary person.
8.5 Audit Schedule
8.5 Audit Schedule
An audit program is planned in the Quality Audits Schedule, with any external audits added as necessary, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits using a risk feature refer Quality Audits Schedule where Scope / Area Risk Levels are
H high = "Large number of NC, can have a HIGH impact on product / system" and to be done at each audit scheduled,
M medium = "low number of NC or low impact on product / system" and can be done at least twice a year
L - low= "low number of NC or no impact on product / system" and done at least once a year
The audit;
criteria is the process, procedure of ISO13485 or regulations as relevant to the process / activities,
scope will be as per the audit plan,
intervals as per the Quality Audits Schedule, and
methods follow interviews, observations and testings, as relevant to the process / activities
8.6 Audit Plan
8.6 Audit Plan
The auditor on preparation of the audit, completes an Audit Plan which features the Audit Scheduled processes or an email to suppliers or oter parties detailing the scope of the audit
As a notice of the audit a email not less than within 2 days of the audit is sent to the auditee
8.7 Findings
8.7 Findings
Negative findings can be categorised as a
1. Minor nonconformity, relates to a single identified lapse, which in itself would not indicate a breakdown in the management system's ability to effectively control the processes for which it was intended. It is necessary to investigate the underlying cause of any issue to determine corrective action.
2. Major finding is where there is a process / system omission or failure that can adversely affect the quality management system and/or the product/ service.
3. OFI - Opportunities for Improvement or
4. Observations - a recommendation for improvement
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification result.
Positive findings should also be reported as evidence of compliance / conformance.
8.8 Audit Preparation
8.8 Audit Preparation
The Management Representative, auditee and/or Consultant agree verbally or by email with the Auditee the Audit Plan (agenda) containing the date for and scope of the audit. Any relevant documentation for preparation maybe requested
Prior to the audit the Auditor prepares for the audit and the auditee ensures that all documentation needed is available; documentation can include and not limited to; Procedures, Work Instructions, Previous audit reports, etc.
The Auditor may prepare an audit checklist, if required, which may be a procedure, work instruction, etc. and a copy is part of the records.
8.9 Audit Process
8.9 Audit Process
The Auditor determines,
•The conformance with specified requirements
•The effectiveness of the Quality System
The Auditor looks for evidence of conformity or nonconformity to the system and records the findings.
The Auditor records all findings in the Audit Report and categorizes them as follows:
•Opportunities for improvement (OFI)
•Non-conformance (NCR) findings as detailed in point 8.5 recorded and a decision is made whether a NON CONFORMANCE CORRECTIVE ACTION is followed.
8.10 Audit Report
8.10 Audit Report
At the end of the audit, the Auditor completes the Audits Report (Link) and links the report to the audit schedule sheet, and discusses the contents with the Auditee.
Both the Auditor and Auditee decide on NCR closure dates
If necessary the Management Representative schedules a re-audit date.
The results of all Internal Quality Audits are analyzed and discussed at any Management Meetings at the discretion of management and as input to the Management Review Meeting.
8.11 Records
8.11 Records
Internal Audits; follow records in the google drive Audits Report Link
External Audits; can be filed in a secure folder or on the server or in the Google Drive Folder
8.12 Follow-up
8.12 Follow-up
Follow-up activities include the verification of the actions taken and the reporting of verification results, which may occur at an agreed time, follow-up audit or any other means with a record as evidence
The follow up can be:
a new audit within 30 days
audit at next schedule date
email confirmation with evidence e.g. copy of document or picture
9. Risk Based Approach
9. Risk Based Approach
In the event of non compliance follow SOP NON CONFORMANCE CORRECTIVE ACTION
[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT refer Document]
9.1 Trend Analysis and Continual Improvement
9.1 Trend Analysis and Continual Improvement
The analytical reviews with data analysis of internal audits, and any other quality related matters, are reported to management and as part of the input to management review
The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.
Quality Audits Schedule, to be monitored monthly as per risk assessment
10. Revision History
10. Revision History
Revision 4 NJG 16.10.2025 Change of Ownership
Revision 3 HJM 15.10.2025 - Restructure of the QMS Auditing SOP and renumbering of paragraphs.
Revision 2 NG 18.02.2025 Change of Ownership.
Revision 1 New HJM 5.09.2024
11. Records
11. Records
Name Retained by/ in Retention period Hard copies Destroyed by
Quality Audits Schedule Google Site indefinite n/a
Audit Report Google Site indefinite n/a
Audit Plan Google Site indefinite n/a
Page updated
Google Sites
Report abuse