QMS AUDITING

1. Purpose

This document provides the process for Internal auditing

This document covers Internal auditing in compliance with ISO13485 

2. Approval

(Version at end of page)

Signed V10 AA  19.08.2021 Approved 25.05.2022 SCR (RP)

3. Scope

The process covers all documents, process and products as defined in the SOP

4. Responsibilities

Author of the document, Alexis Arhondonis, medicines; RP SC Rudolph-Shortt

5. Definitions

Audit - Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.

Internal - processes defined in QMS

External - suppliers, regulators, Conformity Assessment Bodies (CAB) and customers; including other interested parties

Self-Inspection - an inspection of system, processes and product and their state of compliance with the GMP, In-house procedures and various National and International Guidelines as applicable. The inspection team consists of personnel identified from the same site

Conformance - in line with the QMS, process, procedures, practices

Compliance - in line / acceptable to regulations / legislative requirements

Factual approach to decision making - Effective decisions are based on the analysis of data and information.

Follow-up on audits - An evaluation carried out in order to determine the adequacy and effectiveness of preventive/corrective action taken after an audit has been carried out.

Findings - positive or negative conformances of evidence to criteria

6. Abbreviations

PCA - Preventative and Corrective Action

QMS - Quality Management System 

SHEQ - Safety, Health, Environment and Quality

NCR – Non Conformance Record

NCCA- Non Conformance Corrective Action

7. References

ISO13485 clauses 8.2.4 & 5.6

PROCEDURE FOR PREVENTIVE AND CORRECTIVE ACTION AND HANDLING OF NONCONFORMING PRODUCT

8. Procedure

INTERNAL AUDIT (ISO13485 8.2.4) including External and medicines Self-Inspection

8.1 General

Regular monitoring and measuring the key characteristics of operations and activities that can have significant impacts on quality and safety are performed and therefore audited for compliance to regulations and ISO13485.

Evaluation of compliance with relevant laws and regulations and applicable standards shall be done.

This procedure includes performance data, relevant operational controls, and adherence to identified objectives and targets.

8.2 Requirement

The organization conducts internal audits at planned intervals as per  Quality Audits Schedule, to determine whether the quality management system:

a) conforms to planned and documented arrangements, requirements of this International Standard, quality management system requirements established by the organization, and applicable regulatory requirements;

b) is effectively implemented and maintained.

8.3 Responsibilities

The organization shall document a procedure to describe the responsibilities and requirements for planning and conducting audits and recording and reporting audit results refer Responsibilities point 4 above

8.4 Audit Features

An audit program is planned as a  Quality Audits Schedule, taking into consideration the status and importance of the processes and area to be audited, as well as the results of previous audits using a risk feature refer Schedule where  Scope / Area Risk Levels (H= "Large number of NC, can have a HIGH impact on product / system", MED = "low of NC  or low impact on product / system" " and LOW= "low of NC  or no impact on product / system" H= each IA, M= 2nd IA, and LOW - ONE (1) IA /per annum. )

The audit;

1. criteria is the SOP, ISO13485 or regulations are relevant to the process / activities,

2. scope will be as per the audit plan, 

3. intervals as per the Quality Audits Schedule, and

4. methods follow interviews, observations and testings, as relevant to the process / activities

The selection of auditors is a consultant , refer SOP Purchasing, or qualified persons (trained or experienced) competent to audit, and conduct of audits ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

8.5 Findings

Findings are categorised as a

1. Minor nonconformity, relates to a single identified lapse, which in itself would not indicate a breakdown in the management system's ability to effectively control the processes for which it was intended. It is necessary to investigate the underlying cause of any issue to determine corrective action. 

2. Major finding is where there is a process / system omission or failure that can adversely affect the quality management system and/or the product/ service. 

The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification result

8.6 Types of Audits

This procedure is followed for ALL types of audits.

a)    Internal / External Supplier audits, for either supply of materials, components or products that are deemed significant as per SOP Purchasing / External providers.

b)    Internal audits, not limited to, of processes, procedures, practices, documents, products and materials within the company

c)    External / Third Party audits; for contract compliance and non-conformance reporting, if required e.g. Principal audits, Conformity assessment bodies and / or the Regulation

d) Medicines self inspection

8.7 Audit Schedule

The Management Representative prepares an Quality Audits Schedule.

The Audit Schedule may be changed because (not limited to):

•The Audit highlight a weakness in a department, process or system

•The number of corrective action reports raised against a department, process or system increases.

•No Auditors are available

8.8 Audit Plan

• 1. The Management Representative on preparation of the audit, completes an Audit Plan  

  2. Then goes to the the Google drive  Quality Audits Schedule to >File >email collaborators and emails link to the Audit plan as a notice of the audit via email not less than within 2 days of the audit to the Auditor and Auditee (supplier / department manager)

8.9 Auditor Team / Selection

The Management Representative and/or Consultant can conduct the audits with any trainee auditor present. The team will also include the department manager or any other necessary person.

The Management Representative appoints qualified Auditors who are:

•Free from bias.

•Not auditing their own work or Department

•Free of influences that could affect objectivity.

8.10 Audit Preparation

The Management Representative and/or Consultant agree with the Auditee the Audit Plan (agenda) containing the date for and scope of the audit. Any relevant documentation for preparation maybe requested

Prior to the audit the Auditor prepares for the audit and ensures that all documentation needed is available; documentation can include and not limited to; Procedures, Work Instructions, Previous audit reports, etc.

The Auditor may prepare an audit checklist, if required, which may be a procedure, work instruction, etc. and a copy is filed with the Management Representative.

8.11 Audit Process

The Auditor determines, using the prepared checklist or following the Quality Audits Schedule requirements:

•The conformance with specified requirements

•The effectiveness of the Quality System

The Auditor looks for evidence of conformity or nonconformity to the system and records the findings. The Auditor records all findings in the  Audits Report  and categorizes them as follows:

•Opportunities for improvement (OFI)

•Non-conformance (NCR) findings recorded for a NON CONFORMANCE CORRECTIVE ACTION

8.12 Audit Report

• 1. At the end of the audit, the Auditor completes the Audits Report  (Link), issues any necessary NCR following SOP Non Conformance Corrective Action and discusses the contents with the Auditee. 

  2. Both the Auditor and Auditee decide on NCR closure dates

  3. If necessary the Management Representative schedules the re-audit date.

  4. The results of all Internal Quality Audits are analyzed and discussed at the Monthly Meetings and Management Review Meeting.

  5. The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes

8.13 Records

• 1. Internal Audits; follow records in the google drive  Audits Report  Link

  2. External Audits; can be filed in a secure folder or on the server or in the Google Drive Folder

8.14 Follow-up

Follow-up activities include the verification of the actions taken and the reporting of verification results, which may occur at an agreed time, follow-up audit or any other means with a record as evidence

The follow up can be:

• 1. a new audit within 30 days

  2. audit at next schedule date

  3. email confirmation with evidence e.g. copy of document or picture 

9. Risk Based Approach

In the event of non compliance follow SOP  NON CONFORMANCE CORRECTIVE ACTION

Risk Based Approach Report

[Risk Assessment to is found in SOP PREVENTIVE ACTION RISK ASSESSMENT   refer Document]

9.1 Trend Analysis and Continual Improvement

The analytical reviews with data analysis of internal audits, and any other quality related matters, are reported to management and as part of the input to management review

The Trend analysis may identify any potential and recurring incidents, where corrective action must be reported at the management review to facilitate continual improvement.

Quality Audits Schedule , to be monitored monthly as per risk assessment

10. Revision History

Revision 10, 19.08.2021 - AA 25.05.2022 SCR RP inclusion of self-inspection

Revision 9, 19.08.2021 - AA - updating Information

Revision 8, 01.07.2021 - TNA - updating responsibilities

Revision 7, 03.05.2021 - AA Approved

Revision 6, 29.04.2021 - TNA -  New format with Approval, Scope, Responsibilities, Risk based approach and Records added and new google site format. Amending links.

Revision 5, Digitally signed on 20.11.2019 by AA

Revision 1-4, unknown due to google site change to new google site

11. Records

Name Retained by/ in Retention period Hard copies Destroyed by

Quality Audits Schedule Google Site indefinite n/a

Audits Report Google Site indefinite n/a

Audit Plan   Google Site indefinite n/a