- Why Us
The purpose of a QMS audit is to ensure your company has established the appropriate processes and procedures within your quality management system (QMS), and that those processes and procedures are being followed.
I know a lot of people dread audits, but they’re simply a fact of life in the medical device industry. And the better you understand and prepare for the audits you’ll inevitably face, the easier it will be to get safe and effective medical devices to market.
So, let’s go over the three main types of QMS audits you’ll undergo (or carry out) and look at some tips for preparing your team for those audits.
We can break QMS audits into two categories:
External audits are conducted by entities outside of your organization.
Internal audits are the audits you conduct within your organization.
There are two major players in the external audit world, and those are the US Food and Drug Administration (FDA) and notified bodies.
First, a note on terminology: When FDA comes knocking, it’s an inspection, though you may hear people refer to it casually as an audit and the FDA inspectors as auditors. FDA inspectors will determine whether your QMS is in compliance with 21 CFR Part 820, otherwise known as the Quality System Regulation (QSR).
Routine FDA inspections will occur at least once every two years for manufacturers of Class II and Class III devices, though any findings at routine inspections may result in compliance follow-up inspections to verify you’ve addressed the problem.
You can think of FDA inspections as the Super Bowl of audits. These are federal agents showing up at your company’s doorstep (sometimes unannounced!), and they have the power to shut your company down on the spot. The good news is that with the right attitude toward quality and the right QMS software, there should be nothing to panic about when FDA inspectors come knocking.
To market your device in the EU, your QMS will need to be certified to the international standard ISO 13485:2016. To get that certification, you’ll need to be audited by a notified body, which is a third-party organization that has been designated by an EU member state to assess the conformity of your QMS.
ISO 13485 is technically a voluntary standard and notified bodies are not law enforcement agencies. In fact, you’re paying them to come audit you. This means these audits are a little less tense than FDA inspection. More of a playoff game than the Super Bowl.
Of course, that doesn’t mean you’re paying them to pass you. If your QMS is in disarray, they will not certify your conformity with ISO 13485:2016, and you won’t be able to sell your product in the EU.
TIP: The timeline between your first contact with a notified body and the QMS audit can be as long as six months. So while you do need to be ready when they show up, you don’t need your QMS to be perfect when you first pick up the phone and call them.
Internal audits are simply the audits that an organization will perform on its own QMS to ensure it’s in compliance. Internal audits are required by both FDA regulations and ISO 13485:2016, so you must conduct these at least once a year.
Internal audits will be led by the Quality team within your own company. You can think of these as practice for the real thing—although that doesn’t mean you should take them lightly. The point is to proactively find any issues that may lead to findings when you’re facing FDA or a notified body.
If you’re looking for more information on conducting successful internal audits, I spoke with Greenlight Guru founder Jon Speer about this very topic not too long ago on this episode of the Global Medical Device Podcast.
Keeping your QMS audit-ready is about more than making a few tweaks to your SOPs—it’s about establishing a culture of quality within your organization.
The organizations where everyone understands that quality isn’t just the responsibility of the Quality department are the ones that tend to breeze through audits with zero findings. With that said, there are some steps you can take to start building that culture of quality and prepare for your next QMS audit.
It’s sad to say, but internal audits are often looked at as an impediment to getting things done. For some companies, the internal audit is the last box that has to be checked at the end of the year.
Not only is this mentality missing the point of the internal audit, it’s also costing those companies valuable opportunities to improve their processes and catch problems that may result in findings during external audits.
Think of it this way: Would you rather find the problem yourself and fix it or let FDA find it and issue you a 483 or a warning letter? It seems like a pretty obvious choice to me.
New hires are an amazing source of insight into your SOPs because they’re subject matter experts, but they aren’t experts in the way you’ve been doing things. That means they’ll look at your QMS with the same fresh set of eyes as an auditor.
So, make sure you solicit their feedback on the SOPs for their role—and take that feedback seriously. When they look at those SOPs, are the procedures clear? Do they think they could follow these steps exactly and achieve the correct result?
If they’re struggling to understand how you do things, chances are an auditor will too.
There will be times during external audits when an auditor asks to see some documentation—and you have exactly what they’re looking for. But you also realize that if the auditor had asked for something slightly different, you would have had a hard time providing it.
Now, what you do with that little epiphany matters. You could just kind of forget about it, but there’s no guarantee it won’t come up in your next audit.
My recommendation is that you put the issue in what’s known as your “parking lot.” It could be a document or spreadsheet, but your parking lot is just an industry term for the place you record all the opportunities for improvement you noticed during an external audit. There’s no sense hoping you get lucky again next year, so make a plan for evaluating and acting on those opportunities for improvement as soon as possible.
The truth is, your entire team can be committed to quality and bought in on the importance of QMS audits, but you still need the right tools for the job.
Companies that use a paper-based QMS or try to make generic QMS tools work for them are playing with fire when audit time comes around. Multiple document versions, missing signatures, or lost records will all come back to haunt teams that rely on inadequate QMS tools.
At Greenlight Guru, our eQMS platform was created by medical device professionals for medical device professionals. Our comprehensive, out-of-the-box solution helps you stay audit-ready at all times with Part 11 compliant e-signatures, flexible review and approval workflows, revision control and more. You’ll be able to provide auditors and inspectors with the signatures and objective evidence they need as soon as they ask for it. No more chasing down lost or missing records.
So, if you’re ready to see how a purpose-built eQMS can make audit panic a thing of the past, get your free demo of Greenlight Guru today.
Sara Adams is a Medical Device Guru at Greenlight Guru and a Certified ISO 13485 Lead Auditor who began her career in the medical device industry in the post-manufacturing world. As an experienced Quality Engineer, she has been responsible for leading Corrective and Preventive Action (CAPA) investigations and...