OpenRegulatory
⌘J Log in Get started for free

Template: SOP Internal Audit

Sven Piechottka ISO 13485 Templates Published May 11, 2021 Internal Audit

Template Download

This is a free template, provided by OpenRegulatory.
If you are a user of Formwork, our eQMS software, you can save a lot of time by choosing “QMS” on the top menu and “OpenRegulatory Templates” on the left menu, then opening the relevant folder to find this template ready to load into Formwork.

If, for some mysterious reason, you're using a different QMS software, you can also simply download this template – specifically, as Word (.docx), PDF, Google Docs or Markdown file. Scroll down for a preview!

The template license applies (don't remove the copyright at the bottom, don't re-use this for commercial purposes).

Download Word File DOCX
Download PDF PDF
Download HTML (Google Docs) HTML
Download Markdown MD

Lost In Regulation? We're here to help.

Unsure how to get started and how to get your EU MDR medical device certified?
We've already helped 100+ companies with their MDR compliance.
Take a look at our services and book a free 30-minute consulting call.

Chat with us now → View Services & Pricing →
Document Template
Sven Piechottka

SOP Management Review

Sven Piechottka
updated 9 months ago
Document Template
Sven Piechottka

Internal Audit Program

Sven Piechottka
updated about 1 year ago
Document Template
Sven Piechottka

SOP Update of Regulations

Sven Piechottka
updated about 1 year ago

Template Preview

Regulatory Requirement Document Section
ISO 13485:2016 Section 8.2.4 All

Summary

This SOP describes how internal auditing is performed for the purpose of reviewing compliance with regulatory
requirements. It can be used for both internal and supplier audits.
Process Owner <enter role of process owner>
Key Performance Indicators <enter KPIs to be tracked for the Management Review>

1. General Considerations

1.1 Auditor Qualification

Auditors that conduct audits must be sufficiently qualified by having attended external auditor training and
by having participated in audits before.

1.2 Audit Guidelines

Auditors must adhere to the following guiding principles:

  • Integrity: all participants of an audit shall give honest presentations of their views and knowledge, observe confidentiality regarding sensitive information towards third parties and conduct audit work in a thorough manner.
  • Objectivity: auditors must act impartial, free of any favoritism and conflicts of interest regarding the subject of their work.
  • Verifiability: auditors must collect evidence to support their assessments. Documentation must include audit plans, audit criteria and detailed evidence of audit findings so that outcomes are reliable and comprehensible for later reference.

1.3 Audit Findings

The following categories of audit findings are defined for the organization:

Major Nonconformities (MNC+):

Major nonconformities are systematic deviations from regulatory requirements that indicate disabilities of the
organization’s QMS to deliver intended outputs. For instance, major nonconformities would entail the lack of a
process, repeated minor nonconformity regarding the same process or QMS segment and failure to eliminate the
cause of that nonconformity.

Minor Nonconformities (MNC-):

Minor nonconformities do not indicate systematic malfunctioning of an entire process or the entire QMS. The
general ability to ensure controlled, conforming processes and products is upheld nevertheless. Examples are
single, isolated events like a mislabeled document or a missing review documentation.

Recommendations (REC):

Recommendations entail auditor advice for improved QMS effectiveness or efficacy.

2. Process Steps

2.1 Compilation or Revision of Audit Program

Audits are based on the organization’s QMS processes. The QMO is responsible to maintain a perennial audit
program that ensures:

  1. That core processes (as defined in the quality manual) are audited at least annually,
  2. That processes presenting higher compliance risks based on previous audit findings, CAPAs or changes to the QMS system are audited more frequently.
Participants QMO
Input Previous findings, CAPAs, QMS changes
Output (Updated) audit program

2.2 Conducting Audits

Audits are planned separately by respective auditors, coordination is supported by the QMO. Once a scheduled
audit date approaches, the QMO informs relevant members of the organization to ensure their availability for
potential auditor questions during the audit. QMO and auditor together compile an audit plan that specifies
the audit scope, objectives and participants.

Audit objectives may entail: review of compliance of processes with regulatory requirements, review of
compliance with processes, review of the effective implementation of corrective and preventive action (CAPA).

Audits are conducted by inspecting appropriate process records and by interviewing members of the
organization. The auditor documents collected evidence, observations and findings as part of an audit report.
Participants Auditor, QMO
Input Audit program Quality Management System, incl. records
Output Audit plan (before the audit) Audit report (after the audit)

2.3 Audit Follow-Up

For all major nonconformities resulting from audit findings, a separate CAPA is initiated.
The QMO reports audit findings to the Management as part of the next Management Review.
Participants QMO
Input Audit report
Output CAPA documentation

Template Copyright openregulatory.com. See template
license.

Please don't remove this notice even if you've modified contents of this template.

Sven Piechottka avatar

Sven Piechottka

With a background in political and administrative sciences, my way into regulatory affairs started from a different angle. I focused on the promises of precision medicine during my final year of studies and first joined IBM to help leverage healthcare innovation projects across Germany.

I then gained most of my regulatory experience while working for Vara (before: Merantix Healthcare), where we built up a quality management system from scratch. For about three years, I coordinated regulatory affairs, led the ISO 13485 certification and CE certification of an AI-based radiology software, and served as data protection officer and quality management officer of the company.
More about me