QMS AUDITING

1. Purpose

This document provides the process for Internal auditing

This document covers Internal auditing in compliance with ISO13485 

2. Approval

(Version at end of page)

Signed V15

3. Scope

The process covers all documents and process and products as defined in the SOP.

This Policy must be read-with and comply with the Protection of Personal Information Act 04 of 2013, ("POPI"), the Company POPI Policy, PAIA Manual and processing of personal information envisaged under this Policy must be done in accordance with the aforementioned.

4. Responsibilities

Approval: Author of the document, Henry Manyike

Changes: Author of the document, Simangele Zungu

5. Definitions

Audit - Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.

Conformance - in line with the QMS, process, procedures, practices

Compliance - in line / acceptable to regulations / legislative requirements

Deviations - Factual approach to decision making Effective decisions are based on the analysis of data and information.

Factual approach to decision making - Effective decisions are based on the analysis of data and information.

Follow-up on audits - An evaluation carried out in order to determine the adequacy and effectiveness of preventive/corrective action taken after an audit has been carried out.

Findings - positive or negative conformances of evidence to criteria.

6. Abbreviations

CAB - Conformity Assessment Body

PCA - Preventative and Corrective Action

SHEQ - Safety, Health, Environment and Quality

NCR – Non Conformance Record

NCCA- Non Conformance Corrective Action

IA - Internal Audit

7. References

ISO13485 clauses 8.2.4 & 5.6

PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT

8. Procedure

INTERNAL AUDIT (ISO13485 8.2.4)

8.1 General

Regular monitoring and measuring the key characteristics of operations and activities that can have significant impacts on quality and safety are performed and therefore audited for compliance to regulations and ISO13485.

Evaluation of compliance with relevant laws and regulations and applicable standards shall be done.

This procedure includes performance data, relevant operational controls, and adherence to identified objectives and targets.

8.2 Requirement

The organization conducts internal audits at planned intervals as per  Quality Audits Schedule, to determine whether the quality management system:

a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements;

b) is effectively implemented and maintained.

8.3 Responsibilities

The organization shall document a procedure to describe the responsibilities and requirements for planning and conducting audits and recording and reporting audit results refer Responsibilities point 4 above

8.4 Audit Features

An audit program is planned as a  Quality Audits Schedule, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits using a risk feature refer Schedule where  Scope / Area Risk Levels (H= "Large number of NC, can have a HIGH impact on product / system", MED = "low of NC  or low impact on product / system" " and LOW= "low of NC  or no impact on product / system" H= each IA, M= 2nd IA, and LOW - ONE (1) IA /per annum. )

The audit;

1. criteria is the SOP, ISO13485 or regulations are relevant to the process / activities,

2. scope will be as per the audit plan, 

3. intervals as per the Quality Audits Schedule, and

4. methods follow interviews, observations and testing, as relevant to the process / activities

The selection of auditors is a consultant, refer SOP Purchasing, or qualified persons (trained or experienced) competent to audit, and conduct of audits ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

8.5 Findings

Findings can be categorised as a

1. Minor nonconformity, relates to a single identified lapse, which in itself would not indicate a breakdown in the management system's ability to effectively control the processes for which it was intended. It is necessary to investigate the underlying cause of any issue to determine corrective action. 

2. Major finding is where there is a process / system omission or failure that can adversely affect the quality management system and/or the product/ service. 

The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification result 

8.6 Types of Audits

1.This procedure applies to ALL types of audits.

a)    Internal / External Supplier audits, for either supply of materials, components or products that are deemed significant as per SOP Purchasing / External providers.

b)    Internal audits, not limited to, of processes, procedures, practices, documents, products and materials within the company

c)    External / Third Party audits; for contract compliance and non-conformance reporting, if required e.g. Principal audits, Conformity assessment bodies and / or the Regulation

8.7 Audit Schedule

The Management Representative prepares an Quality Audits Schedule for Internal audits however other audits maybe logged on the schedule

The Audit Schedule may be changed because (not limited to):

•The Audit highlight a weakness in a department, process or system

•The number of corrective action reports raised against a department, process or system increases.

•No Auditors are available

8.8 Audit Plan

• 1. The Management Representative on preparation of and Internal audit, completes an Audit Plan or sends am email as required

  2. Then goes to the the Google drive  Audits Schedule to >File >email collaborators and emails link to the Audit plan as a notice of the audit via email within 2 days of the audit to the Auditor and Auditee (supplier / department manager)

8.9 Auditor Team / Selection

The Management Representative and/or Consultant can conduct the audits with any trainee auditor present. The team will also include the department manager or any other necessary person.

The Management Representative appoints qualified Auditors who are:

•Free from bias.

•Not auditing their own work or Department

•Free of influences that could affect objectivity.

8.10 Audit Preparation

The Management Representative and/or Consultant agree with the Auditee the Audit Plan (agenda) containing the date for and scope of the audit. Any relevant documentation for preparation maybe requested

Prior to the audit the Auditor prepares for the audit and ensures that all documentation needed is available; documentation can includes and not limited to; Procedures, Work Instructions, Previous audit reports, etc.

The Auditor may prepare an audit checklist, if required, which may be a procedure, work instruction, etc. and a copy is filed with the Management Representative.

8.11 Audit Process

The Auditor determines, using the prepared checklist or following the Quality Audits Schedule requirements:

•The conformance with specified requirements

•The effectiveness of the Quality System

The Auditor looks for evidence of conformity or nonconformity to the system and records the findings. The Auditor records all findings in the Audits Report and categorizes them as follows:

•Opportunities for improvement (OFI)

•Non-conformance (NCR) findings recorded for a NON CONFORMANCE CORRECTIVE ACTION  or the CAB , Regulator or an other third part report is followed and as a word .docx or google do Corrective Action report

8.12 Audit Report

• 1. At the end of the audit, the Auditor completes the Audits Report (Link), issues any necessary NCR following SOP Non Conformance Corrective Action and discusses the contents with the Auditee. 

  2. Both the Auditor and Auditee decide on NCR closure dates

  3. If necessary the Management Representative schedules the re-audit date.

  4. The results of all Internal Quality Audits are analyzed and discussed at the Monthly Meetings and Management Review Meeting.

  5. The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes

8.13 Records

• 1. Internal Audits;  refer  Audits Report folder.  A word .docx or google doc medium can be used

  2. External Audits;  the CAB , Regulator or an other third part report is followed and a A word .docx or google do Corrective Action report can be filed in a secure folder or the server or in the Google Drive Folder Audits Report.

8.14 Follow-up

Follow-up activities include the verification of the actions taken and the reporting of verification results, which may occur at an agreed time, follow-up audit or any other means with a record as evidence

The follow up can be:

• 1. a new audit within 30 days

  2. audit at next schedule date

  3. email confirmation with evidence e.g. copy of document or picture if even

9. Risk Based Approach

In the event of non compliance follow SOP  NON CONFORMANCE CORRECTIVE ACTION

Risk Based Approach Report

[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT   refer Document]

9.1 Trend Analysis and Continual Improvement

The analytical reviews with data analysis of internal audits, and any other quality related matters, are reported to management and as part of the input to management review

The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.

Quality Audits Schedule, to be monitored monthly as per risk assessment

10. Revision History

Revision 15       - 8. 11 & .12 to cover word doc or google doc medium used to record Corrective Actions

Revision 14, 22.07.2024 - SZ - Added abbreviation of IA (Internal Audit) to Pt 6

Revision 13, 06.05.2024 - SZ - approved by HM

Revision 12, 18.05.2022 - NT - approved by HM

Revision 11, 17.11.2021 - NT - signed off from TNA

Revision 10, 10.06.2021- TNA - amendment to Item 5 / addition of items 8.2 to 8.5 and amending links

Revision 9, 05.02.2021 - TNA - New format with Responsibilities, Risk based approach, Approval and Records added and new google site format.   Amending links and forms

Revision 8, Digitally signed on 15.10.2020 by NT

Revision 1-7, unknown due to google site change to new google site

11. Records

Name                 Retained by/ in Retention period Hard copies Destroyed by

Quality Audit Schedule             Google Site               indefinite                 n/a

Audit Report             Google Site               indefinite                 n/a

Audit Plan           Google Site               indefinite                 n/a