Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
      • Templates
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, redesign and development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Non-product software validation
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Predetermined Change Control Plan
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-028 AI Development
    • GP-029 Software Delivery and Commissioning
    • GP-030 Cyber Security Management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • BSI Non-Conformities
  • Pricing
  • Public tenders
  • Procedures
  • GP-003 Audits

GP-003 Audits

Purpose​

To define the systematic procedure for planning, performing, reporting, recording and monitoring of all the audit activities, both internal and external.

Scope​

All the audit activities related to our Quality Management System and medical devices manufacturing process.

Responsibilities​

JD-001​

To annually approve the audits program, the internal audit plans and the internal auditors.

JD-004​

To notify and plan the audits, archive the audit records and monitor the non-conformities, corrective and preventive actions.

Internal or external Auditor​

To execute the audit and make the audit report.

Inputs​

  • Previous internal audit reports.
  • All the information (not just documental) about the monitoring and measuring processes.
  • ISO 13485 8.2.4 section requirement
  • Customer requests for audits

Outputs​

  • T-003-001 Audit program
  • T-003-002 Internal auditor qualification
  • T-003-003 Internal audit plan
  • T-003-004 Internal audit checklist
  • T-003-005 Internal audit reports
  • External audits plans and reports
  • Non-conformities and corrective and preventive actions of the QMS.

Development​

Types of audits​

Our QMS considers the following types of audits:

Internal audits​

Internal audits are planned and conducted by our organization to verify the effectiveness and compliance of our Quality Management System. According to ISO 13485 requirements, at least one internal audit must be performed annually. However, it is not mandatory to audit the entire QMS in each audit; instead, we audit the processes considered necessary based on:

  • Changes in processes or documentation
  • Results from previous audits
  • Customer requirements or requests
  • Regulatory changes or updates
  • Risk assessment outcomes
  • Any other relevant factors identified by the JD-004 or JD-001

External audits​

External audits are conducted by parties outside our organization. We distinguish two main categories:

  1. Client audits (supplier audits): Audits performed by our clients to verify our capabilities and compliance as their supplier. For example, audits conducted by clients such as Quantificare or other customers who need to ensure our QMS meets their requirements.

  2. Certification and regulatory audits: Audits performed by certification bodies and competent authorities, including:

    • ISO 13485 certification audits conducted by our Notified Body (BSI)
    • MDR 2017/745 compliance audits
    • Manufacturing license audits by AEMPS

Audits program​

We maintain a specific calendar (T-003-001 Audit program) for all audits to be performed, including both internal and external audits. This program includes a Gantt diagram with all the activities and a Google Calendar integrated in our QMS, which allows us to set up alarms and share the events with the required employees.

All audits, regardless of their type, must be registered in the T-003-001 Audit program. This program is reviewed and validated during the annual Management Review meetings to ensure proper planning and coverage of all QMS areas over time.

The JD-004, at least annually, reviews and updates the Audit program and informs the other employees when the audits will be held.

Internal audits​

Procedure flowchart​

Internal auditor selection​

To evaluate all the activities related to the established processes, annually, the JD-004 selects the appropriate auditor to ensure objectivity and impartiality of the audit process, and this auditor is approved by the JD-001.

The auditor shall be one of our employees independent of the process audited or be external. Only qualified personnel may perform internal audit activities. The requirements to develop an auditor tasks are defined below and must be checked for every auditor and recorded in the T-003-002 Internal auditor qualification.

Skills​
  • Good interpersonal Skills
  • Analytical capacity
  • Organizational and planning Skills
Minimum requirements​
  • Knowledge on ISO 13485 and/or ISO 9001.
  • Quality experience.
  • Knowledge of internal processes.
  • Training on MDR 2017/745.

Internal audit performance​

The JD-004 together with the auditor and the rest of the involved personnel agree on a date for the audit. The auditor prepares the T-003-003 Internal audit plan or external equivalent document, where it is described which areas and activities are audited in each audit day and time slot, considering previous audits results and the status and importance of the process and areas to be audited. In this T-003-003 Internal audit plan, the scope, criteria and methods of the audit are recorded (UNE-EN ISO 13485:2018).

Then the JD-004 informs all the personnel involved about the schedule for the process.

The phases of the audit are:

  • Opening meeting, to inform the auditee in detail of the object, scope and review schedule of the audit.
  • Audit development
    • Review of documentation (QMS documentation structure).
    • Verify the compliance with processes established in the documentation and verify that it is suitable.
    • Any audit will begin systematically with the review of the correction of previous audits, both internal and external. For this reason, the JD-004 will provide the auditor with the reports of the last internal and external audit.
    • To facilitate the internal audit, it is recommended that the auditor uses the T-003-004 Internal audit checklist (or external equivalent document) as a guide to ensure coverage of the topics to be audited, always based on the standard UNE-EN ISO 13485:2018.
  • Closing meeting, the auditor presents all the findings, nonconformities and observations identified during the audit.
Sending documents​

Audits typically require a lot of documentation to be shown to the auditor. However, this happens differently in live or in asynchronous audits.

  • In asynchronous audits, we will send documents to the auditor, usually via PDF. When doing so, we will accompany it by the version control system so they can verify author, date, version and method of verification of the signatures for all the history of the document.
  • In live audits, the auditor can ask for the documentation to be shown in a meeting, accompanied by the version control system to ensure compliance with requirements. Sometimes, after the audit meeting, the auditor may ask for additional documents to be sent via email. When this happens, we will send the documents following their instructions regarding things such as format, version control and signatures, due to different auditors having different requirements.

Internal audit evaluation​

When the audit finishes, the auditor prepares an T-003-005 Internal audit report (or external equivalent document) with a copy of the T-003-004 Internal audit checklist (or external equivalent document) and submits it to the JD-004. In case that the audit was carried out by external personnel, the JD-004 is responsible for claiming and collecting all the relevant information of these activities as it is described in this procedure.

The JD-004 distributes copies of the report to the JD-001 and and to the personnel of the areas that were directly involved in the audit by means that allows leaving written evidence or in a meeting in which they are all present.

In the case of outsourced audits, the formats provided by the external company can be used and their documents will be registered with the same validity than the equivalents of our QMS.

The JD-004 raises all premises shown in this report and manages and determines if immediate actions, corrective actions or preventive actions are required in accordance with the Procedure GP-006 Non-conformity. Corrective and Preventive actions. Likewise, from this report it can be reported different types of findings:

  • Non-conformities
  • Opportunities for improvement
  • Strengths
  • Observations

When any type of non-conformity appears, it is mandatory to open an action. In the cases of opportunities for improvement or observations, the JD-004 decides if it is necessary to implement a corrective or preventive action, registering it in accordance with the Procedure GP-006 Non-conformity. Corrective and preventive actions.

Internal audit monitoring​

The JD-004 establishes who is responsible for addressing the solution of incidents shown in the internal audit by the assignation of the T-006-001 Non-conformity report, and the due date required to accomplish with the task.

The audited area responsible is in charge of executing determined actions without undue delay. If they observe any problem or inconvenience, they should immediately inform the JD-004, who checks the action and its conditions to solve the problem.

All the T-003-005 Internal audit report (or external equivalent document) are collected together with the related documentation to plan the next internal audit and to evaluate the monitoring and measuring of the processes of the company in the management review meetings, assessing the actions taken in accordance to the Procedure GP-006 Non-conformity. Corrective and preventive actions.

External audits​

As described in the Types of audits section, external audits can be:

  1. Client audits: Performed by our clients as part of their supplier qualification and monitoring processes. These audits verify that our QMS meets their specific requirements and that we are capable of delivering products and services according to their standards.

  2. Certification and regulatory audits: Performed by certification bodies (such as BSI for ISO 13485) and competent authorities (such as AEMPS for the manufacturing license). These audits verify compliance with applicable standards and regulations.

The external audit procedure follows the same general steps as described for internal audits. The auditors contact the JD-004 to appoint a date for the audit and send the audit plan, which is shared with the departments and responsibles involved. Then, the JD-004 collects and archives the documents related to the audit, such as the audit plan and the audit report. The JD-004 is responsible for performing the audit evaluation and monitoring as explained for the internal audit development procedure.

All external audits must be registered in the T-003-001 Audit program and their results are reviewed during the Management Review meetings.

Audits records​

All audits records will be archived within the QMS. Each audit will have its own folder named as the date of the audit performance, and it will contain all the records generated during the planning, development, evaluation and monitoring of the audit.

Associated documents​

  • T-003-001 Audit program
  • T-003-002 Internal auditor qualification(or external equivalent document)
  • T-003-003 Internal audit plan(or external equivalent document)
  • T-003-004 Internal audit checklist(or external equivalent document)
  • T-003-005 Internal audit reports(or external equivalent document)
  • GP-006 Non-conformity. Corrective and preventive actions
  • T-006-001 Non-conformity report

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
  • Approver: JD-001 General Manager
ㅤ ㅤ

Previous
T-002-007 Process validation card
Next
Templates
  • Purpose
  • Scope
  • Responsibilities
    • JD-001
    • JD-004
    • Internal or external Auditor
  • Inputs
  • Outputs
  • Development
    • Types of audits
      • Internal audits
      • External audits
    • Audits program
    • Internal audits
      • Procedure flowchart
      • Internal auditor selection
        • Skills
        • Minimum requirements
      • Internal audit performance
        • Sending documents
      • Internal audit evaluation
      • Internal audit monitoring
    • External audits
    • Audits records
  • Associated documents
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)