This document provides the process for Internal auditing
This document covers Internal auditing in compliance with ISO13485
(Version at end of page)
Signed V25 ML 29.10.2024
The process covers all documents and process and products as defined in the SOP
This Policy must be read-with and comply with the Protection of Personal Information Act 04 of 2013, (“POPI”), the Company POPI Policy, PAIA Manual. And processing of personal information envisaged under this Policy must be done in accordance with the aforementioned.
Approval: Author of the document, Monica Lucas
Changes: General Manager
Audit - Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.
Conformance - in line with the QMS, process, procedures, practices
Compliance - in line / acceptable to regulations / legislative requirements
Factual approach to decision making - Effective decisions are based on the analysis of data and information.
Follow-up on audits - An evaluation carried out in order to determine the adequacy and effectiveness of preventive/corrective action taken after an audit has been carried out.
Findings - positive or negative conformances of evidence to criteria
PCA - Preventative and Corrective Action
QMS - Quality Management System
SHEQ - Safety, Health, Environment and Quality
NCR – Non Conformance Record
NCCA- Non Conformance Corrective Action
ISO13485 clauses 8.2.4 & 5.6
PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT
INTERNAL AUDIT (ISO13485 8.2.4)
Regular monitoring and measuring the key characteristics of operations and activities that can have significant impacts on quality and safety are performed and therefore audited for compliance to regulations and ISO13485.
Evaluation of compliance with relevant laws and regulations and applicable standards shall be done.
This procedure includes performance data, relevant operational controls, and adherence to identified objectives and targets.
The organization conducts internal audits at planned intervals as per Quality Audit Schedule, to determine whether the quality management system:
a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements;
b) is effectively implemented and maintained.
The organization shall document a procedure to describe the responsibilities and requirements for planning and conducting audits and recording and reporting audit results refer Responsibilities point 4 above
An audit program is planned as a Quality Audit Schedule, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits using a risk feature refer Schedule where Scope / Area Risk Levels (H= "Large number of NC, can have a HIGH impact on product / system", MED = "low of NC or low impact on product / system" " and LOW= "low of NC or no impact on product / system" H= each IA, M= 2nd IA, and LOW - ONE (1) IA /per annum. )
The audit;
criteria is the SOP, ISO13485 or regulations are relevant to the process / activities,
scope will be as per the audit plan,
intervals as per the Quality Audit Schedule, and
methods follow interviews, observations and testings, as relevant to the process / activities
The selection of auditors is a consultant , refer SOP Purchasing, or qualified persons (trained or experienced) competent to audit, and conduct of audits ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
Findings are categorised as a
1. Minor nonconformity, relates to a single identified lapse, which in itself would not indicate a breakdown in the management system's ability to effectively control the processes for which it was intended. It is necessary to investigate the underlying cause of any issue to determine corrective action.
2. Major finding is where there is a process / system omission or failure that can adversely affect the quality management system and/or the product/ service.
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification result
This procedure is followed for ALL types of audits.
a) Internal / External Supplier audits, for either supply of materials, components or products that are deemed significant as per SOP Purchasing / External providers.
b) Internal audits, not limited to, of processes, procedures, practices, documents, products and materials within the company
c) External / Third Party audits; for contract compliance and non-conformance reporting, if required e.g. Principal audits, Conformity assessment bodies and / or the Regulation
The Management Representative prepares an Quality Audit Schedule
The Audit Schedule may be changed because (not limited to):
•The Audit highlight a weakness in a department, process or system
•The number of corrective action reports raised against a department, process or system increases.
•No Auditors are available
The Management Representative on preparation of the audit, records the findings on the Audit Schedule under Comments and Reports, which is saved in the DRIVE - in the QARA folder.
Then goes to the the Google drive Audit Schedule to >File >email collaborators and emails link to the Audit plan as a notice of the audit via email not less than within 2 days of the audit to the Auditor and Auditee (supplier / department manager)
The Management Representative and/or Consultant can conduct the audits with any trainee auditor present. The team will also include the department manager or any other necessary person.
The Management Representative appoints qualified Auditors who are:
•Free from bias.
•Not auditing their own work or Department
•Free of influences that could affect objectivity.
The Management Representative and/or Consultant agree with the Auditee the Audit Schedule (agenda) containing the date for and scope of the audit. Any relevant documentation for preparation maybe requested
Prior to the audit the Auditor prepares for the audit and ensures that all documentation needed is available; documentation can include and not limited to; Procedures, Work Instructions, Previous audit reports, etc.
The Auditor may prepare an audit checklist, if required, which may be a procedure, work instruction, etc. and a copy is filed with the Management Representative.
The Auditor determines, using the prepared checklist or following the Quality Audit Schedule requirements:
•The conformance with specified requirements
•The effectiveness of the Quality System
The Auditor looks for evidence of conformity or nonconformity to the system and records the findings. The Auditor records all findings in the Audit Report and categorizes them as follows:
•Opportunities for improvement (OFI)
•Non-conformance (NCR) findings recorded for a NON CONFORMANCE CORRECTIVE ACTION
At the end of the audit, the Auditor completes the Audit Report (Link) , issues any necessary NCR following SOP Non Conformance Corrective Action and discusses the contents with the Auditee.
Both the Auditor and Auditee decide on NCR closure dates
If necessary the Management Representative schedules the re-audit date.
The results of all Internal Quality Audits are analyzed and discussed at the Monthly Meetings and Management Review Meeting.
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes
Internal Audits; follow records in the google drive Audit Report (Link)
External Audits; can be filed in a secure folder or on the server or in the Google Drive Folder
Follow-up activities include the verification of the actions taken and the reporting of verification results, which may occur at an agreed time, follow-up audit or any other means with a record as evidence
The follow up can be:
a new audit within 30 days
audit at next schedule date
email confirmation with evidence e.g. copy of document or picture
In the event of non compliance follow SOP NON CONFORMANCE CORRECTIVE ACTION
The Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT refer Document
The analytical reviews with data analysis of internal audits, and any other quality related matters, are reported to management and as part of the input to management review
The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.
Audit Schedule , to be monitored monthly as per risk assessment
Revision 25; 29.10.2024 - PM - Checked and Confirmed. Digitally signed by ML
Revision 24; 8.10.2024 - PM - Changed the wording at 8.8.1 as the Audit Plan is no longer being used. Corrected hyperlinks to 8.10, 8.11, 8.12 & 8.13.
Revision 23; 27.11.2023 - ML - Updated 8.9 and Confirmed. Digitally signed by ML
Revision 22; 21.11.2023 - ML - Checked and Confirmed. Digitally signed by ML
Revision 21; 17.10.2022 - ML - Checked and Confirmed. Digitally signed by ML
Revision 20; 02.08.2021 - ML - POPI information included. Digitally signed by ML
Revision 1; 10.05.2021 - ML - Digitally signed by ML
Revision 18, 06.5.2021 - TNA - New format with Approval, Scope, Responsibilities, Risk based approach and Records added. Amending links and Forms and numbering. Addition of Items to 5 and new items from 8.2 to 8.5.
Revision 17, Digitally signed on 11.02.2020 by ML
Revision 1-16, unknown due to googlesite change to new googlesite
Name Retained by/ in Retention period Hard copies Destroyed by
Quality Audit Schedule Google Site indefinite n/a