ISO 9001 & ISO 14001 Standards

Preparing ISO 9001 Quality Manual

The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system.

ISO 9001 defines a quality manual as a document specifying the quality management system of an organization. It is therefore not intended that the quality manual be a response to the requirements of ISO 9001. As the top-level document describing the management system it is a system description describing how the organization is managed.

Countless quality manuals produced to satisfy ISO 9001:2008, were no more than 20 sections that paraphrased the requirements of the standard. Such documentation adds no value. They are of no use to managers, staff or auditors. Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate.

A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :

1. a means to communicate the vision, values, mission, policies and objectives of the organization

2. a means of showing how the system has been designed

3. a means of showing linkages between processes

4. a means of showing who does what an aid to training new people

5. a tool in the analysis of potential improvements

6. a means of demonstrating compliance with external standards and regulations

When formulating the policies, objectives and identifying the processes to achieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult to see the linkages.

The requirement provides the framework for the quality manual. Its content may therefore include the following:

1 Introduction

(a) Purpose (of the manual)

(b) Scope (of the manual)

(c) Applicability (of the manual)

(d) Definitions (of terms used in the manual)

2 Business overview

(a) Nature of the business/organization – its scope of activity, its products and services

(b) The organization’s interested parties (customers, employees, regulators, shareholders, suppliers, owners etc.)

(c) The context diagram showing the organization relative to its external environment

(d) Vision, values

(e) Mission

3 Organization

(a) Function descriptions

(b) Organization chart

(c) Locations with scope of activity

4 Business processes

(a) The system model showing the key business processes and how they are interconnected

(b) System performance indicators and method of measurement

(c) Business planning process description

(d) Resource management process description

(e) Marketing process description

(f) Product/service generation processes description

(g) Sales process description

(h) Order fulfilment process description

5 Function matrix (Relationship of functions to processes)

6 Location matrix (Relationship of locations to processes)

7 Requirement deployment matrices

(a) ISO 9001 compliance matrix

(b) ISO 14001 compliance matrix

(c) Regulation compliance matrices (FDA, Environment, Health, Safety, CAA etc.)

8 Approvals (List of current product, process and system approvals)

The process descriptions can be contained in separate documents and should cover the topics identified previously (see Documents that ensure effective planning, operation and control of processes ).

As the quality manual contains a description of the management system a more apt title would be a Management System Manual (MSM) or maybe a title reflecting its purpose might be Management System Description (MSD).

In addition a much smaller document could be produced that does respond to the requirements of ISO 9001, ISO 14001, and the regulations of regulatory authorities. Each document would be an exposition produced purely to map your management system onto these external requirements to demonstrate how your system meets these requirements. When a new requirement comes along, you can produce a new exposition rather than attempt to change your system to suit all parties. A model of such relationships is illustrated in Figure 4.10. The process descriptions that emerge from the Management System Manual describe the core business processes and are addressed in Chapter 4 under the heading of Documents that ensure effective operation and control of processes.

Tags: quality manual

Scope Of The Quality Management System

The ISO 9001 standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion. The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.

Under ISO 9001:2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because it operated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the quality management system.

It is sensible to describe the scope of the quality management system so as to ensure effective communication. The scope of the quality management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor. Why you need to justify specific exclusions is uncertain because it is more practical to justify inclusions.

The scope of the quality management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.

It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’.

It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable.

For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.

Tags: quality management system

ISO 9001 Quality Policy

The standard requires the quality policy to be appropriate to the purpose of the organization.

The purpose of an organization is quite simply the reason for its existence and as Peter Drucker so eloquently put it there is only one valid definition of business purpose: to create a customer”(Drucker, Peter F., 1977)2 . In ensuring that the quality policy is appropriate to the purpose of the organization, it must be appropriate to the customers the organization desires to create. It is therefore necessary to establish who the customers are, where the customers are, what they buy or wish to receive and what these customers regard as value. As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9001 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to quality policy.

Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’

– thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.

In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the quality policy.

One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision. Omitting the strategy may not ensure uniformity of approach and direction.

The standard requires that the quality policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system.

A commitment to comply with requirements means that the organization should undertake to meet the requirements of all interested parties. This means meeting the requirements of customer, suppliers, employees, investors, owners and society. Customer requirements are those either specified or implied by customers or determined by the organization and these are dealt with in more detail under clauses 5.2 and 7.2.1. The requirements of employees are those covered by legislation such as access, space, environmental conditions, equal opportunities and maternity leave but also the legislation appropriate to minority groups such as the disabled and any agreements made with unions or other representative bodies. Investors have rights also and these will be addressed in the investment agreements. The requirements of society are those obligations resulting from laws, statutes, regulations etc.

An organization accepts such obligations when it is incorporated as a legal entity, when it accepts orders from customers, when it recruits employees, when it chooses to trade in regulated markets and when it chooses to use or process materials that impact the environment.

The effectiveness of the management system is judged by the extent to which it fulfils its purpose. Therefore improving effectiveness means improving the capability of the management system. Changes to the management system that improve its capability i.e its ability to deliver outputs that satisfy all the interested parties, are a certain types of change and not all management system changes will accomplish this. This requirement therefore requires top management to pursue changes that bring about an improvement in performance.

Tags: quality policy

Integrating Management Systems Within The ISO 9001 Standards

Integrating Management Systems Within The ISO 9001 Standards

Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8?700, mostly technical related standards on this basis. Standards Series such as ISO 9001, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.

ISO is a word derived from the Greek isos, meaning “equal”. ISO 9001 Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9001 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430?000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9001 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.

ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9001. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000?, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)

Tags: iso 9001, iso 9001 standard, ISO 9001 Standards

Records Required by ISO 9001 Standard

Records Required by ISO 9001 Standard
ISO 9000 requires that records be kept of critical operations. Record keeping is the fourth tier of required documentation in ISO 9000, following the Quality Policy Manual, Procedures, and Work Instructions.
Questions you may have include:
•What is a record?
•What are the required records?
•What is the reason for these records?
This lesson will answer those questions. There is a mini-quiz near the end of the lesson.
What is a record?
Records consist of any historical documentation, such as summaries or meetings and reviews, specifications, invoices, results of tests and such. This is different than procedures and instructions that tell what do to. Instead, a record is the history of what has been done.
Records required
The following lists the records required under ISO 9001 version 2000, along with the referring sub-paragraph number from the standard. ISO 9002 and ISO 9003 would be subsets of this list. Of course, a company may choose to include additional records that they deem important.
Para.
Record Required
5.6.1
Management reviews
6.2.2 (e)
Education, training, skills and experience
7.1 (d)
Evidence that the realization processes and resulting product fulfill requirements
7.2.2
Results of the review of the requirements relating to the product and actions arising from the review
7.3.2
Design and development inputs
7.3.4
Results of design and development reviews and any necessary action
7.3.5
Results of design and development verification and any necessary action
7.3.6
Results of design and development validation and any necessary action
7.3.7
Results of the review of design and development changes and any necessary action
7.4.1
Results of supplier evaluations and actions arising from evaluations
7.5.2 (d)
As required by the organization to demonstrate the validation of processes where subsequent monitoring and measurement cannot verify the resulting output
7.5.3
Unique identification of the product, where traceability is a requirement
7.5.4
Customer property that is lost, damaged, or otherwise found to be unsuitable for use
7.6 (a)
Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist
7.6
Validity of previous results when measuring equipment is found not to conform to its requirements
7.6
Results of calibration or verification of measuring equipment
8.2.2
Internal audit results
8.2.4
Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product
8.3
Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
8.5.2
Results of corrective actions
8.5.3
Results of preventive actions
Reason for records
The reason to keep records is for future use as a reference in case of questions related to contractual and legal matters, work techniques, verification of work done, and other parts essential to the company running smoothly. The company management should use sound judgment as to what records are non-essential and how long to keep a specific record.

Tags: iso 9001

ISO 9001 Standards Gap Analysis

ISO 9001 Standards Gap Analysis

One of the first steps in implementing ISO 9000 is to perform a gap analysis. This is the technical name for an initial comparison of the Quality Management System to the ISO 9001:2008 Standard. The goal in find the gap between the standard and the QMS. The Gap Analysis will establish the scope of the implementation project and will therefore be important information for determining the amount of resources that will be required to complete the project in the given timeline.
Typically the gap analysis is based on a Gap Analysis checklist. These can be purchased from several different sources on the web ( like theISOstore.com). A second option is to use the internal audit checklist from this web site as a gap analysis checklist. Either way, the key to have a list of questions based on the standard that will uncover any weaknesses in the QMS before the project begins.
Gap Analysis Auditors
Performing gap analysis is best done by someone who is familiar with the ISO 9001 standard. If the company has no one with this experience, then consider outside training for the person who will be the lead internal auditor. Without grasping the goals behind the standard, you and your company can waste a lot of time improperly documenting flaws and over engineering solutions.
Performing a Gap Analysis
I recommend performing a basic ISO 9000 awareness training before the gap analysis. The awareness training will help reduce fear or resistance to the change that sometimes comes with a large company wide project. Once everyone understands the goals of the ISO project and is ready to be audited, start the gap analysis in sections. Covering sections 4,5,6,7 and 8 all in one audit is a mind melting experience. Start with section 4 to see how fast you can properly document the a section. Then schedule the remaining section based on your experience.
As you go through each section, you will either find that a system is already in place that meets the requirements of the ISO9001 standard or you will write a finding for that section. If you find that the system is in place, simply log the document numbers on the gap analysis sheet and move on. If you find that a large portions of the quality systems are missing, then you can write the equivalent of a major finding with a larger scope and not waste too much time listing every detail of what is missing.
How to use the result of the gap analysis
Once you have completed the gap analysis, you will have a list of missing or under-developed documents, records and systems. If you use the checklist from this web site, the result of the gap analysis will be a list of individual item that must be corrected. If the check sheet said “what document is used to the describe record retention?” and you found no document, then the document should be created. Once you feel that everything is in place, then you will want to repeat the audit to confirm that you can answer every question on the internal audit checklist with a positive response.
If the gap analysis show that your systems are in relatively good shape with some area for improvement, then I would make the gap analysis the first record in your internal audit notebook. This will help build a history of audits. If the gap analysis shows major flaws, you may want to fix them and then perform an internal audit as the first record to meet your internal auditing requirements. External auditor will frequently look at your internal auditing records to see if there are any blatant problems with the QMS, so don’t make their job too easy.

Tags: iso 9001

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:

1) No changes with high impact would be incorporated into the standard;

2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;

3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:

1. No Changes or minimum changes on user documents, including records.

2. No changes or minimum changes to existing processes of the organization.

3. No additional training required or minimal training required.

4. No effectes on current certifications.

Tags: iso 9001:2008

What Is New In ISO 9001:2008 Standards

The new edition of ISO 9001 is an amendment and not a revision; in other words, the changes are very small. They are broadly as follows:

- the user-feedback survey on ISO 9001:2000 revealed that there were some ambiguities and some points needing clarification. These have been tidied up, along with clarification inareas that were previously too open to interpretation.

- the new edition has improved compatibility with ISO 14001 for those wishing to integrate their ISO 14001 certification with their ISO 9001 certification.

ISO 9001:2008 – What it means to certified organizations

For certified organizations, the transition period runs from 14 November 2008 to 31 December 2009. All organizations need to be compliant with ISO 9001:2008 by the end of 2009 to retain their certification. BSI’s clients will be audited against the new edition of the standard at their next continuing assessment or re-certification visit.

Antony Barrett, product marketing manager responsible for ISO 9001 at BSI Management Systems UK, comments: “We don’t see anyone having any problems in achieving the 2008 edition of the standard.” Client managers will work with clients to manage the process.

Tags: iso 9001

ISO 9001 — a way of managing for conformance

Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9001 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.

Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.

ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”

To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.

ISO 9001 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.

What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9001 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?

Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.

According to ISO 8402 (quality vocabulary), quality is:

“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”

Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer.  ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.

Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Tags: iso 9001

Process Based Auditing Of Quality Management System

Process Based Auditing Of Quality Management System

Any effective quality management system (including the subsystems) works as a control process, which has the ability to detect deviations and nonconforming products and assures that the corrective and preventive action measures are effective. The regulatory auditor should check that all subsystems and processes of the quality management system are structured as self-regulating control processes. For example Deming’s PDCA cycle demonstrates such a process with the following components:

i) Plan – Has the manufacturer established the objectives and processes to enable the quality system to deliver the results in accordance with the regulatory requirements?

ii) Do – Has the manufacturer implemented the quality system and the processes?

iii) Check – Has the manufacturer checked process monitoring and measurement results against the objectives and the regulatory requirements? Does the manufacturer evaluate the effectiveness of the quality system periodically through internal audits and management reviews?

iv) Act – Has the manufacturer implemented effective corrective and preventive actions? Confirm that the company is committed to providing high quality safe and effective medical devices, and that the company is conforming with applicable laws and regulations. These are generic questions that can be asked throughout the audit.

Sampling

In general there are two ways of sampling records for review which are useful in regulatory audits risk based and statistical. Where possible, auditors should select samples based on factors which are most likely to affect the safety of the patient. In this situation sampling tables are not necessary. The auditor may however decide to select a statistically valid sample. A sample can also be drawn using a combination of risk based and statistical sampling.

Audit Planning

i) Further to the requirements given in the chapter 11 of GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers – Part 1:

General Requirements (SG4/N28R2), some more consideration should be given to the following points: Information from the Manufacturer Estimation of audit duration, frequency and targeted on-site auditing time Further points to consider are given in chapter 6. Information required from the manufacturer

ii) In the planning phase, the following information should be requested from the manufacturer to estimate the audit duration and to prepare the audit plan for Regulatory Auditing of Quality Systems of Medical Device: manufacturer’s name, address contact name, telephone, fax numbers and e-mail addresses ? total number of employees (all shifts) covered by the scope of the audit ? range and class of medical devices being manufactured types of devices? sold and/or planned to be sold in the countries and/or regions for which the regulatory requirements will be assessed, including a complete list of authorizations (e.g. licenses) issued for those devices (where applicable) location and function of each site to be included in the audit a list of activities on each site the involvement of any? special manufacturing processes, e.g. software, sterilization, etc. a list of the activities performed by subcontractors and their locations, including the type of control that is exercised over those outsourced operations any existing audit results from other auditing organizations e.g. from USA, Australia, Europe, Canada, Japan. do they install or service the medical devices produced changes since the last audit, if applicable.

ii) Audit frequency The audit frequency is dependent on the factors mentioned in Appendix 3, the regulatory requirements and history of the Manufacturer.

iv) Audit duration The audit duration has a significant effect on both regulatory agencies and industry. It is dependent on factors such as the audit scope and specific regulatory requirements to be assessed, as well on the range, class and complexity of devices, and the size and complexity of the manufacturer. If not specifically mentioned, the considerations in this section are applicable to initial, and surveillance audits.

v) Relation between audit frequency and audit duration Audit duration depends on the audit frequency. In the following an annual audit frequency is the baseline as reference in IAF Guidance on the Application of ISO/IEC Guide 62. For more or less frequent audits, audit duration should be adapted accordingly. vi) Method of estimating audit duration When auditing organizations are planning regulatory audits, sufficient time should be allowed for the audit team to establish the conformity status of a medical device manufacturer’s quality system with respect to the relevant regulatory requirements. Any additional time required to assess national or regional regulatory requirements must be justified.

Tags: quality management system