QMS Au dit Che cklist

Bringing a medical device to market is hard. greenlight.guru’s beautifully simple QMS and design control software makes it easier. Click here to schedule your free personal demo today.
FDA-ISO QMS Audit Checklist developed by greenlight.guru
Audit #:
Dates:
Lead Auditor: PP = Positive Practice
A = Acceptable
Objecti ve NC, OFI, PP,
Item Subsystem / Assessment Detail FDA / ISO reference Auditor Notes Auditor Observation Evidence or A?
Management Controls (main subsystem)

rev iew quality manual;

ensure Quality Manual defines scope of QMS , rev iew QMS metrics;
procedures (or referenc e to) within QMS, and ISO 13485:2003: 4.1, 4.2.2 rev iew critical processes and
1 description of the interaction of processes within QMS ISO 13485:2016: 4.1, 4.2.2 procedures
verify criteria and methods are in place to monitor and ISO 13485:2003: 4.1(c), 4.2.1(d), 8.4 rev iew QMS metrics;
2 control processes for eff ectiv eness ISO 13485:2016: 4.1.3(a), 4.2.1(d), 8.4 rev iew management rev iews
ISO 13485:2003: 5.1(d), 5.6
Verify firm has established and conducts Management ISO 13485:2016: 5.1(d), 5.6; request proc edure in advance;
3 Reviews, at least annually 21 CFR 820.5, 820.20( c) rev iew management rev iews

confirm management reviews ex amine suitability and ISO 13485:2003: 4.1(f), 5.6.1, 5.6.3, 6.1, 8.4
eff ectiveness of quality systems, improv ements needed ISO 13485:2016: 4.1.3(c ), 5.6.1, 5.6.3, 6.1, 8.4;
4 because of customer requirements, and resource needs 21 CFR 820.20(c) review procedure

ensure management review addresses audit results,

customer feedbac k, process performance, CAPA s,
previous management reviews, changes to QMS ,
recommendations for improv ement, and new or revised ISO 13485:2003: 5.6.2
5 regulatory requirements ISO 13485:2016: 5.6.2 review management reviews
ISO 13485:2003: 4.1(a) , 4.2.1(b), (c) request quality manual and
verify firm has established a Quality Manual and Quality ISO 13485:2016: 4.1.2(a), 4.2.1(b), (c); procedures in adv ance;
6 System Proc edures and Instructions that are appropriate 21 CFR 820.5, 820.20( c), (d), (e), 820.22 rev iew documents
ISO 13485:2003: 4.2.1(d), 5.4
ISO 13485:2016: 4.2.1(d), 5.4;
7 Verify firm has established Quality Plan 21 CFR 820.20(d) request quality plan in advance
ISO 13485:2003: 5.4.2
confirm that Quality Planning addresses QMS needs and ISO 13485:2016: 5.4.2;
8 Quality Objectiv es 21 CFR 820.20(a), (d) review quality plan
ISO 13485:2003: 4.2.1(a), 5.1(b), (c), 5.3, 5.4.1 interview employees about quality
verify firm has implemented Quality Policy and Quality ISO 13485:2016: 4.2.1(a), 5.1(b), (c), 5.3, 5.4.1 policy;
9 Objectives 21 CFR 820.20(a), (d) rev iew training records

request proc edure in advance;

ISO 13485:2003: 4.2, 8.2.2 rev iew audit schedule and
Verify firm has established Quality Audit procedures and ISO 13485:2016: 4.2, 8.2.4; documents;
10 conducts audits 21 CFR 820.20(c), 820.22 rev iew auditor training
ISO 13485:2003: 4.1(f), 4.2.1( d), 8.2.2
ensure quality audits examine compliance and ISO 13485:2016: 4.1.3(c ), 4.2.1(d), 8.2.4; rev iew procedure;
11 eff ectiveness 21 CFR 820.22 rev iew audit rec ords
ISO 13485:2003: 6.2.2, 8.2.2
ISO 13485:2016: 6.2, 8.2.4; rev iew audit rec ords;
12 verify that auditors are trained 21 CFR 820.22 rev iew training records
ISO 13485:2003: 8.2.2
ISO 13485:2016: 8.2.4; rev iew audit rec ords;
13 ensure that audits are conducted by objective parties 21 CFR 820.22 rev iew training records
ISO 13485:2003: 8.2.2
ISO 13485:2016: 8.2.4;
14 confirm quality audits are linked to CAPA 21 CFR 820.22, 820.100 review procedures

ISO 13485:2003: 4.1(d), 5.1( e), 5.5.1, 5.5.2, 6.1, 6.2

ISO 13485:2016: 4.1.3(b), 5.1(e), 5.5.1, 5.5.2, 6.1,
Review organizational structure of firm; confirm 6.2; request organizational c hart(s) in
15 resources are av ailable to support processes 21 CFR 820.20(b), 820.25 adv ance

ask management representative

to identify responsibility for:
-c hanges to procedures, device
designs, manufacturing processes
verify firm has defined a management representative ISO 13485:2003: 5.1, 5.5.1, 5.5.2, 6.1, 6.2 -review of quality audit results
with executive responsibility for implementing and ISO 13485:2016: 5.1, 5.5.1, 5.5.2, 6.1, 6.2; -oversight and interaction with
16 reporting quality management system 21 CFR 820.20(b)(3) , 820.25 CAPA activities
ISO 13485:2003: 5.1(e), 5.5.1, 5.5.2, 6.1, 6.2 interview management
verify appropriate responsibilities , authority, and ISO 13485:2016: 5.1(e), 5.5.1, 5.5.2, 6.1, 6.2; representativ e about resource
17 resources are in place for quality system activities 21 CFR 820.5(b)(1)-(2), 820.20(b), 820.25 allocation

verify firm has established procedures for identify ing

training needs; ISO 13485:2003: 6.2
ensure personnel are trained to perform assigned ISO 13485:2016: 6.2; rev iew procedures;
18 responsibilities 21 CFR 820.25(b) rev iew training records

AT A UDIT CONCLUSION . . .
Determine if executiv e management ensures adequate interview executive management;
and effective quality system is implemented. Ensure prov ide confirmation or failures of
management is committed to and communicates quality system;
importance of meeting c ustomer requirements, ISO 13485:2003: 5.1(a) , 5.2, 5.5.3 rev iew other subsystems and
19 regulatory requirements, and QM S. ISO 13485:2016: 5.1(a) , 5.2, 5.5.3 return to management controls
Design & Development / Design Controls (main subsystem)
ISO 13485:2003: 7.1, 7.3
ISO 13485:2016: 7.1, 7.3; rev iew procedure;
1 verify products are subject to design controls 21 CFR 820.30(a) rev iew products
ISO 13485:2003: 7.3
verify design c ontrol and risk management procedures ISO 13485:2016: 7.3; ensure procedures address all
2 are established and applied 21 CFR 820.30(a) - (j) design control elements

ensure design and development stages are identified;

confirm that review, verification, v alidation, and design ISO 13485:2003: 7.3.1
transfer activities at each stage are appropriate; verify ISO 13485:2016: 7.3.2;
3 responsibilities f or design and development are defined 21 CFR 820.30 review procedures

selection criteria:
-c ontains software
-single product focus
-risk based
-result of complaints, problems
-most recent
-c ov er product range
4 select a design project -recent 510(k) , PMA, CE mark

rev iew procedure;

assess plan's
-milestones
-phases
ISO 13485:2003: 7.3.1 -responsibilities
review the project design & development plan, ISO 13485:2016: 7.3.2; -risk management
5 responsibilities, and interfaces 21 CFR 820.30(b) -interf aces
ISO 13485:2003: 7.3.1
verify design & dev elopment plan is updated, reviewed, ISO 13485:2016: 7.3.2; rev iew plan revisions;
6 and approved 21 CFR 820.30(b) rev iew and approval procedures

rev iew procedure;

ensure requirements address
-intended use
-f unctional, perf ormance, and
confirm design input requirements were established, saf ety requirements
review ed, and approved; ensure customer requirements -applicable statutory and
are captured; ensure inputs include f unctional, ISO 13485:2003: 7.2.1, 7.3.2 regulatory requirements
performance, saf ety, and statutory and regulatory ISO 13485:2016: 7.2.1, 7.3.3; -user and patient needs
7 requirements 21 CFR 820.30(c) -other essential requirements
ISO 13485:2003: 7.3.2
incomplete, ambiguous, and/or conflicting requirements ISO 13485:2016: 7.3.3; rev iew procedure;
8 were addressed 21 CFR 820.30(c) rev iew resolutions

rev iew procedure;

ISO 13485:2003: 7.3.3(a), ( c) rev iew draw ings, specifications,
confirm design & development outputs are established, ISO 13485:2016: 7.3.4(a), ( c) ; labeling, packaging, work
9 verifiable, reviewed, and approved 21 CFR 820.30(d) instructions, IFUs
ISO 13485:2003: 7.3.3(b)
ensure design & development outputs are appropriate ISO 13485:2016: 7.3.4(b);
10 for purchasing, production, and servicing 21 CFR 820.30(d) review procedure;

rev iew procedure;

ISO 13485:2003: 7.3.3(d) rev iew draw ings, specifications,
verify essential design & development outputs are ISO 13485:2016: 7.3.4(d); labeling, packaging, work
11 identified 21 CFR 820.30(d) instructions, IFUs

rev iew procedure;

rev iew draw ings, specifications,
confirm ac ceptance criteria is referenced by design & ISO 13485:2003: 7.3.3(c ), 7.3.5 labeling, packaging, work
development outputs and was defined prior to design ISO 13485:2016: 7.3.4(c ), 7.3.6; instructions, IFUs;
12 verification and design validation activ ities 21 CFR 820.30(d) & (f) rev iew verification activities
ISO 13485:2003: 7.3.5
determine if design verification confirmed design ISO 13485:2016: 7.3.6; rev iew procedure;
13 outputs met design input requirements 21 CFR 820.30(f) rev iew verification activities
ISO 13485:2003: 7.3.6
confirm design validation results prov e dev ice met ISO 13485:2016: 7.3.7; rev iew procedure;
14 predetermined user needs and intended uses 21 CFR 820.30(g) rev iew validation activities
ISO 13485:2003: 7.3.6
confirm design validation did not leav e unresolved ISO 13485:2016: 7.3.7; assess design and specification
15 discrepancies 21 CFR 820.30(g) changes
if required by national or regional regulations, confirm ISO 13485:2003: 7.3.6
clinical evaluations and/or evaluation of devic e ISO 13485:2016: 7.3.7; rev iew procedure;
16 performance w ere performed 21 CFR 820.30(g) rev iew ev aluation data
ISO 13485:2003: 7.3.1, 7.3.6 ensure software component have
if device contains software, confirm software was ISO 13485:2016: 7.3.2, 7.3.7; sati sfied design, validation, and
17 validated 21 CFR 820.30(g), 820.75 change control requirements
ISO 13485:2003: 7.3.6 rev iew procedure;
determine if initial production units ( or equiv alents) ISO 13485:2016: 7.3.7; evaluate prototype / production
18 were used for design validation 21 CFR 820.30(g) records

ISO 13485:2003: 7.1 rev iew procedure;

ISO 13485:2016: 7.1; rev iew risk management file;
ISO 14971:2000; ensure risk analysis, evaluation,
19 confirm risk management activities were performed 21 CFR 820.30(g) and control steps are addressed
ISO 13485:2003: 7.3.1, 7.3.5, 7.3.7 rev iew procedure;
confirm design changes were controlled and validated ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9; rev iew design changes and
20 (or where appropriate, verified) 21 CFR 820.30(i) , 820.70(b), 820.75(c) documentation decisions
ISO 13485:2003: 7.3.1, 7.3.5, 7.3.7
confirm design changes hav e been rev iewed for effect ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9; rev iew design changes and
21 on components and product prev iously made 21 CFR 820.30(i) , 820.70(b) documentation decisions
ISO 13485:2003: 7.2.2, 7.3.1, 7.3.4 rev iew procedure;
determine if design rev iews w ere conducted at ISO 13485:2016: 7.2.2, 7.3.2, 7.3.5; rev iew design rev iew
22 appropriate stages of design & development 21 CFR 820.30(e) documentation
ISO 13485:2003: 7.3.1, 7.3.4
confirm design review attendees were appropriate for ISO 13485:2016: 7.3.2, 7.3.5; rev iew design rev iew
23 stage and included independent reviewer 21 CFR 820.30(e) documentation
ISO 13485:2003: 7.3.1
determine if design was correctly transferred to ISO 13485:2016: 7.3.2, 7.3.8; rev iew procedure;
24 production 21 CFR 820.30(h) rev iew DMR
ISO 13485:2016: 7.3.10
25 ensure DHF contains design control documentation 21 CFR 820.30(b) - (j) review DHF
Corrective & Preventive Actions (CAPA) (main subsystem)
ISO 13485:2003: 4.1, 4.2, 8.5
verify CAPA procedures comply with regulatory ISO 13485:2016: 4.1, 4.2, 8.5;
1 requirements 21 CFR 820.100(a) review procedures
ISO 13485:2003: 8.3, 8.5
verify non-conforming product and CAPA procedures ISO 13485:2016: 8.3, 8.5;
2 determine the need for inv estigation and notification 21 CFR 820.90(a), 820.100( a)(2) review procedures
ISO 13485:2003: 8.3, 8.5
verify non-conforming product and CAPA procedures ISO 13485:2016: 8.3, 8.5;
3 define responsibilities for review and disposition 21 CFR 820.90(b)(1) review procedures

rev iew procedures;

ensure that procedures for rework, retesting, and re- ISO 13485:2003: 8.3, 8.5 rev iew DHRs (of nonconforming
ev aluation of nonconforming product exist and are ISO 13485:2016: 8.3, 8.5; products)
4 followed 21 CFR 820.90(b)(2)

rev iew records of acc eptance

ISO 13485:2003: 8.3, 8.5 activities, production test failures,
verify that appropriate records of quality problems have ISO 13485:2016: 8.3, 8.5; returned produc ts, service
5 been created and used 21 CFR 820.100(a)(1) records, complaints

rev iew procedures;

ISO 13485:2003: 8.1, 8.2.3, 8.4, 8.5 rev iew records of inc oming
determine if trend analysis data indicates quality ISO 13485:2016: 8.1, 8.2.5, 8.4, 8.5; products, components, testing,
6 problems; determine if data used for CAPA decisions 21 CFR 820.100(a)(1), 820.250 S PC data

rev iew data sources;

verify CAPA data is complete, accurate, and timely ; ISO 13485:2003: 8.4, 8.5 use data tables to determine
compare results across multiple data sources to identify ISO 13485:2016: 8.4, 8.5; sampling plan;
7 quality problems 21 CFR 820.100(a)(1) compare results
ISO 13485:2003: 8.1, 8.2.3, 8.4
ISO 13485:2016: 8.1, 8.2.5, 8.4; rev iew procedures;
8 verify appropriate statistical techniques are implemented 21 CFR 820.100(a)(1), 820.250 rev iew techniques used
ISO 13485:2003: 8.3, 8.5
ISO 13485:2016: 8.3, 8.5; rev iew procedures;
9 verify device failure investigations determine root cause 21 CFR 820.100(a)(2) rev iew investigations
ISO 13485:2003: 8.3, 8.5
ISO 13485:2016: 8.3, 8.5; rev iew procedures;
10 verify failure investigations are commensurate with risks 21 CFR 820.100(a)(2), 820.90( b) rev iew investigations
ISO 13485:2003: 8.3
verify controls exist to prevent non-conforming product ISO 13485:2016: 8.3; rev iew investigations;
11 from being released 21 CFR 820.90(b) rev iew non-conformance records

ISO 13485:2003: 8.2.3, 8.5.2, 8.5.3

ISO 13485:2016: 8.2.5, 8.5.2, 8.5.3;
verify appropriate actions were taken for quality 21 CFR 820.100(a)(3), 820.100(a)(5); 820.100(a)(4), rev iew procedure;
12 problems 820.100(b) rev iew CAPA records
ISO 13485:2003: 8.5
determine CAPA actions were effective, verified, ISO 13485:2016: 8.5; rev iew procedure;
13 validated, documented, and implemented appropriately 21 CFR 820.100(a)(4), 820.100(a)(5), 820.100(b) rev iew CAPA records
verify CAPAs and nonconformities were disseminated to ISO 13485:2003: 8.3, 8.5
personnel responsible for ensuring quality and ISO 13485:2016: 8.3, 8.5; rev iew CAPA and non-
14 prevention of problems 21 CFR 820.100(a)(6) conformance records
ISO 13485:2003: 5.6.3, 8.3, 8.5
verify quality issues and CAPAs w ere disseminated for ISO 13485:2016: 5.6.3, 8.3, 8.5; rev iew procedure;
15 Management Review 21 CFR 820.100(a)(6), 820.100(a)(7) rev iew CAPA records
verify firm has procedures for handling complaints and ISO 13485:2003: 7.2.3, 8.2.1
investigation of advisory notices / recalls; ensure ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3;
16 provisions exist to feed in CAPA sy stem 21 CFR 820.100, 820.198 review procedures
Medical Device Reporting (MDR)
ISO 13485:2003: 8.5.1
Verify MDR procedures comply with regulatory ISO 13485:2016: 8.5.1;
1 requirements 21 CFR 803.17 review procedures
ISO 13485:2003: 8.5.1
verify firm maintains MDR event files that comply w ith ISO 13485:2016: 8.5.1;
2 regulatory requirements 21 CFR 803.18 review MDR files
ISO 13485:2003: 8.5.1
confirm appropriate M DR information is identified, ISO 13485:2016: 8.5.1;
3 review ed, reported, documented, and filed 21 CFR 803, 820.198(d) review MDR files

rev iew procedures;

ISO 13485:2003: 8.5.1 rev iew MDR files;
ensure firm is effective in identify ing MDR reportable ISO 13485:2016: 8.5.1; rev iew complaints & returned
4 ev ents 21 CFR 803 products
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
ensure firm has established procedures for receiv ing, ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
5 review ing, and evaluating complaints 21 CFR 820.198(a) - ( c) review procedures
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
verify firm maintains complaint files and that they are ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
6 reasonably accessible 21 CFR 820.198(a), ( f), ( g) review complaint records
ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
confirm that complaints are evaluated to determine if ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3, 8.5.1;
7 an event should be a MDR 21 CFR 803, 820.198(a)( 3) review procedures

ensure c omplaint investigations include the device

name, date of complaint, dev ice identification number,
contact information of complainant, details of ISO 13485:2003: 7.2.3, 8.2.1, 8.5.1
complaint, date and results of investigation, any ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1;
8 correctiv e actions, and replies to complainant 21 CFR 820.198(e) review complaint records
Reports of Corrections & Removals (C&R)
verify C&R procedures comply with regulatory
1 requirements 21 CFR 806 review procedures
examine records of corrections and/or removals of determine if removal was initiated
2 product 21 CFR 806 by firm
3 verify reporting requirements are implemented 21 CFR 806 review procedures
4 identify C&R actions not identified or initiated by firm 21 CFR 806 identify events not identified
confirm existence file of non-reportable correc tions and
5 remov als 21 CFR 806.20 review non-reportable C&R files
Medical Device Tracking
identify all manufactured or imported dev ices that
1 require track ing 21 CFR 821.20 review product listings
verify track ing procedures comply with regulatory rev iew procedures;
2 requirements 21 CFR 821.25(c) rev iew records
verify firm perf orms internal audits of tracking system
3 per timeframes specified in regulations 21 CFR 821.25(c)(3) review procedures
Production & Process Controls (main subsystem) (P&PC)

ISO 13485:2003: 7.1

verify produc t realization processes are planned; ISO 13485:2016: 7.1;
confirm that risk management occurs throughout ISO 14971:2000
1 product realization 21 CFR 820.70 review procedures
ISO 13485:2003: 7.1 rev iew procedures;
verify planning of product realization is consistent with ISO 13485:2016: 7.1; rev iew product realization
2 requirements of other processes of QM S 21 CFR 820.30, 820.50, 820.80, 820.181 documents

verify requirements hav e been defined f or suppliers,

contractors, and consultants; ensure suppliers, ISO 13485:2003: 7.1, 7.4.2;
contractors, and consultants are selec ted on ability to ISO 13485:2016: 7.1, 7.4.2 rev iew procedures;
3 meet requirements 21 CFR 820.50(a) rev iew supplier records
ISO 13485:2003: 7.4.1
ensure firm maintains records of acceptable suppliers, ISO 13485:2016: 7.4.1;
4 contractors, and consultants 21 CFR 820.50(a)(3) review supplier records

verify that data supporting supplier requirements is

maintained; verify that suppliers, contractors, and ISO 13485:2003: 7.4
consultants agree to notify firm of changes in products ISO 13485:2016: 7.4;
5 and/or serv ices 21 CFR 820.40, 820.50(a)(3), (b) review records
verify procedures for identifying product during all ISO 13485:2003: 7.5.3
stages of rec eipt, production, distribution, and ISO 13485:2016: 7.5.8, 7.5.9;
6 installation are in place 21 CFR 820.60 review procedures

ensure firm maintains procedures and records for

traceability of each unit, lot, or batch of finished devic es ISO 13485:2003: 7.5.3.2 rev iew procedures;
and components ISO 13485:2016: 7.5.9; rev iew DHRs
7 NOTE: may not be required for all devices 21 CFR 820.65

selection criteria:
-CAPA indicators of process issues
-process f or higher risk dev ice
-degree of risk for process to
cause device failures
-lack of familiarity and experience
with process
-process used for multiple devices
-v ariety in process technologies
-processes not c ov ered during
8 select a process to review previous inspections

rev iew specific procedures,

ISO 13485:2003: 7.5, 7.6, 8.2.3, 8.2.4, 8.4 instructions, drawings, etc.;
ISO 13485:2016: 7.5, 7.6, 8.2.5, 8.2.6, 8.4; may include in-process and/or
21 CFR 820.50, 820.70(a), 802.70( e), 820.70(f)- (h), finished devic e acceptance
9 verify process is controlled and monitored 820.72, 820.75(b) , 820.80 activities
ISO 13485:2003: 7.5
verify the equipment used has been adjusted, ISO 13485:2016: 7.5; rev iew equipment records;
10 calibrated, and maintained 21 CFR 820.70(g)(3), 820.72(a) , 820.70(g)(1) rev iew procedures

rev iew production, equipment,

maintenance, & c alibration
records related to:
-in-process acceptance criteria &
acceptance
-finished device acc eptanc e
identify control and oversight activities; ISO 13485:2003: 7.6, 8.4 criteria & acceptance
ensure c ontrol of inspection, measuring , test ISO 13485:2016: 7.6, 8.4; -environmental control systems
11 equipment, and calibration 21 CFR 820.50(a)(2), 820.72 -c ontamination control systems
verify firm has established procedures for production ISO 13485:2003: 7.3.7, 7.5.2
and process changes; ensure changes are verified or ISO 13485:2016: 7.3.9, 7.5.6;
12 validated, as needed 21 CFR 820.70(b), 820.75(c) review procedures
ISO 13485:2003: 8.3
review devic e history record ( DHR) to identify rejects ISO 13485:2016: 8.3;
13 and/or non-conformances 21 CFR 820.70 review DHRs

rev iew material records;

rev iew DHRs;
determine if
-properly handled
-result of equipment calibration
failures
ISO 13485:2003: 8.3 -result of equipment maintenance
verify that defects, rejects, non-conformances, and ISO 13485:2016: 8.3; failures
14 remov al of materials were handled properly 21 CFR 820.50, 820.70(h), 820.90, 820.100 -result of validation failures

rev iew procedures;

identify processes that cannot be
v erified;
rev iew validation records to
ensure:
-all operators hav e documented
qualification
-f ull c hange control of all
processes
-c alibration and maintenanc e of all
instruments
-equipment is properly installed,
adjusted, & maintained
-predetermined product
spec ifications are established
-test sampling and plans are
performed according to
ISO 13485:2003: 7.5.2 statistically v alid rationale
ensure processes that c annot be f ully verified are ISO 13485:2016: 7.5.6; -process tolerance limits are
15 validated 21 CFR 820.75(a) challenged
ISO 13485:2003: 7.5.2.1
ensure automated or softw are driven processes are ISO 13485:2016: 7.5.6;
16 validated f or intended uses 21 CFR 820.70(i) review validation records
verify that v alidations are documented and conducted ISO 13485:2016: 7.5.6; rev iew procedures;
17 by qualified personnel 21 CFR 820.75(b)(1) rev iew validation records

ISO 13485:2003: 6.2.2

review personnel records to document personnel are ISO 13485:2016: 6.2;
trained per manufacturing processes and aware of 21 CFR 820.20(b)(2) , 820.25, 820.70, 820.70(d),
18 potential defects 820.75(b)(1) review personnel records
ensure that monitoring and control methods, data, date ISO 13485:2003: 7.1, 8.4
performed, individuals performing the process, and the ISO 13485:2016: 7.1, 8.4;
19 major equipment used is documented 21 CFR 820.75(b)(2) review validation records

ISO 13485:2003: 4.1, 4.2

ISO 13485:2016: 4.1, 4.2;
21 CFR 820.20, 820.25, 820.30, 820.40, 820.72, rev iew procedures;
20 determine linkages to other processes 820.90, 820.100, 820.180 rev iew key processes
ISO 13485:2003: 6.3, 6.4
ensure the inf rastructure and work env ironment are ISO 13485:2016: 6.3, 6.4; rev iew procedures;
21 appropriate and controlled 21 CFR 820.70(c), ( f), (g) rev iew records
ISO 13485:2003: 7.6
confirm that maintenance schedules, routine ISO 13485:2016: 6.3, 7.5.1, 7.5.6, 7.6; rev iew procedures;
22 inspections, and adjustments to equipment occur 21 CFR 820.70(g) rev iew records
ISO 13485:2003: 7.5.1.2.1
verify procedures are in place for contamination control ISO 13485:2016: 6.4.2, 7.5.2;
23 and cleanliness 21 CFR 820.70(e) review procedures
ISO 13485:2003: 7.4.3, 8.4
determine if verific ation of purchased products is ISO 13485:2016: 7.4.3, 8.4; rev iew procedures;
24 adequate 21 CFR 820.50(a)(2), 820.80(b) rev iew records
ISO 13485:2003: 7.5.5, 8.4
ensure procedures define receiving, in-process, and final ISO 13485:2016: 7.5.11, 8.4;
25 acceptance activities. 21 CFR 820.80(a) - (d) review procedures
ISO 13485:2003: 8.4
confirm receiving, in- process, and final acceptance ISO 13485:2016: 8.4;
26 activity records exist 21 CFR 820.80(e) review records

ISO 13485:2003: 7.1, 8.2.4 rev iew acceptance c riteria;

verify that procedures exist and that acceptance status ISO 13485:2016: 7.1, 8.2.6; rev iew procedures;
27 of product is indicated 21 CFR 820.86 rev iew product identification
ensure procedures define labeling activities, including ISO 13485:2003: 7.5.5
integrity, inspec tion, storage, operations, and control ISO 13485:2016: 7.5.11;
28 numbers 21 CFR 820.120 review procedures

confirm that product packaging and shipping containers ISO 13485:2003: 7.5.5 rev iew procedures;
adequately protect device during processing, storage, ISO 13485:2016: 7.5.11; rev iew packaging and shipping
29 handling, shipping, and distribution 21 CFR 820.130 containers
verify procedures exist to prevent mix-ups, damage, ISO 13485:2003: 7.5.5
deterioration, contamination, or other adverse effects ISO 13485:2016: 7.5.11;
30 to product during handling 21 CFR 820.140, 820.150 review procedures

verify procedures exist for product distribution; confirm

distribution rec ords include name and address of
consignee, identification and quantity shipped, date of ISO 13485:2016: 4.2.3, 7.1, 7.5.8, 7.5.9.2, 7.5.11; rev iew procedures;
31 shipment, and identification numbers 21 CFR 820.160 rev iew distribution records
ISO 13485:2003: 7.5.1.2.2
ensure installation and inspection procedures exist (if ISO 13485:2016: 7.5.3; rev iew procedures;
32 applicable); v erif y installation records are maintained 21 CFR 820.170 rev iew installation records
ISO 13485:2003: 7.5.1.2.3
ensure serv icing procedures exist (if applicable) ; verify ISO 13485:2016: 7.5.4; rev iew procedures;
33 servicing records are maintained 21 CFR 820.200 rev iew servicing records
verify firm identifies, verifies, protects, and saf eguards ISO 13485:2003: 7.5.4 rev iew procedures;
34 customer property under its care ISO 13485:2016: 7.5.10 identify customer property
Sterilization Process Controls

rev iew procedures;

rev iew validation records to
ensure processes are effective in:
-obtaining SAL
ISO 13485:2003: 7.5.2.2 -product performance not
review sterilization process procedures; verify ISO 13485:2016: 7.5.7; adv ersely affected
1 sterilization process is validated 21 CFR 820.75(a), (c) -packaging not adversely affected

ISO 13485:2003: 7.5.1.3

review sterilization control and monitoring activities; ISO 13485:2016: 7.5.5;
ensure processes, equipment, and calibration are 21 CFR 820.50, 820.70(a), (c) ,( e), (f), (g), (h), 820.72,
2 current 820.75(b), 820.80 review sterilization records
review DHR for sterilization failures; ensure integration
4 with CAPA system 21 CFR 820.75(b) review sterilization records
rev iew sterilization records;
rev iew equipment adjustment,
5 ensure sterilization failures were handled properly 21 CFR 820.70(g)(3), 820.72(a), 820.70(g)(1) calibration, and maintenance
review personnel records to document personnel are
qualified and trained with implemented sterilization
6 activities 21 CFR 820.25, 820.70(d), 820.75(b) review personnel records
ensure automated or softw are driven sterilization
7 processes are controlled and validated 21 CFR 820.70(i) review validation records
Purchasing Controls (main subsystem for virtual manufacturers)
ISO 13485:2003: 7.4.1
ISO 13485:2016: 7.4.1;
1 review supplier evaluation procedures 21 CFR 820.50 review procedures
ISO 13485:2003: 7.4.1
ensure suppliers are ev aluated for ability to meet ISO 13485:2016: 7.4.1;
2 specified requirements 21 CFR 820.50(a)(1) review procedures
ISO 13485:2003: 7.4.2
ensure adequacy of specifications of materials and/or ISO 13485:2016: 7.4.2;
3 services provided by supplier is c onfirmed 21 CFR 820.50(b) review procedures

confirm purchasing information identifies requirements

for approval of product, procedures, processes, and ISO 13485:2003: 7.4.2
equipment, requirements for personnel qualification, ISO 13485:2016: 7.4.2; rev iew purchasing records;
4 and QMS requirements 21 CFR 820.50 rev iew procedures
ISO 13485:2003: 7.4.1
ISO 13485:2016: 7.4.1; rev iew procedures;
5 verify supplier evaluation records are maintained 21 CFR 820.50(a)(3) rev iew supplier evaluation records
ISO 13485:2003: 7.4.3
determine that verification and acceptance of ISO 13485:2016: 7.4.3; rev iew procedures;
6 purchased materials and/or serv ices is adequate 21 CFR 820.50(a)(2), 820.80(a) , 820.80(b) rev iew acceptance records
Documentation & Records

review procedures for identification, storage,

protection, retrieval, retention time, control, approval, ISO 13485:2003: 4.2.3, 4.2.4
distribution, dispositi on, and changes of documents and ISO 13485:2016: 4.2.4, 4.2.5;
1 records 21 CFR 820.40, 820.180 review procedures

rev iew procedures;

ISO 13485:2003: 4.2.3 rev iew documents and records;
ensure documents and changes are approv ed prior to ISO 13485:2016: 4.2.4; rev iew change management
2 use 21 CFR 820.40 records
ISO 13485:2003: 4.2.3(e), 4.2.4
3 verify documents and records are legible and identifiable ISO 13485:2016: 4.2.4(e), 4.2.5 review documents and records
ensure documents of external origin are identified w ith ISO 13485:2003: 4.2.3(f ) rev iew external documents and
4 controlled distribution ISO 13485:2016: 4.2.4(f ) records
ISO 13485:2003: 4.2.1(e), (f);
verify firm maintains a quality sy stem record (QSR) ISO 13485:2016: 4.2.1(c ), (e)
5 which includes or refers to location of procedures 21 CFR 820.20, 820.40, 820.186 review procedures

ISO 13485:2003: 4.2.1, 4.2.3, 4.2.4;

confirm that documents and records are retained for ISO 13485:2016: 4.2.1, 4.2.4, 4.2.5
required length of time ( this includes retention of 21 CFR 820.100(b), 820.180(b) , 820.181, 820.184, rev iew procedures;
6 obsolete controlled documents and records) 820.186, 820.198(a) , 820.200(d) rev iew documents and records
ensure c hange records are reviewed and approved by ISO 13485:2003: 4.2.3, 7.3.7
the same f unctions that performed original review and ISO 13485:2016: 4.2.4, 7.3.9; rev iew procedures;
7 approval 21 CFR 820.40(b) rev iew change records
verify change records include a description of change, ISO 13485:2003: 7.3.7
identification of affected documents, approval ISO 13485:2016: 7.3.9; rev iew procedures;
8 signatures, approval date, and eff ective date 21 CFR 820.40(b) rev iew change records

rev iew procedures;

ISO 13485:2003: 4.2.3(d), (g) rev iew document distribution;
ensure documents are av ailable at point of use and ISO 13485:2016: 4.2.4(d), (h); rev iew change management
9 obsolete document are not in use 21 CFR 820.40(a) records
ISO 13485:2003: 4.2.1
ISO 13485:2016: 4.2.1;
10 verify that firm maintains DMRs for each type of device 21 CFR 820.181 review DMRs

ensure that DMRs contain or make reference to dev ice

specific ations, produc tion process specific ations, quality
assurance procedures and specifications (including
acceptance criteria) , pack aging and labeling ISO 13485:2003: 4.2.1
specific ations (including acceptance criteria), and ISO 13485:2016: 4.2.1;
11 installation, maintenance, and servicing procedures 21 CFR 820.181(a) - ( e) review DMRs
verify that DHRs are maintained and devices are ISO 13485:2003: 7.1, 8.2.4
manuf actured according to DMR; ensure realization ISO 13485:2016: 7.1, 8.2.6;
12 processes and product meet requirements 21 CFR 820.184 review DHRs

confirm that DHRs contain or make reference to dates

of manufacture, quantity manuf actured, quantity
released f or distribution, acceptanc e records
demonstrating the device was manufactured per DM R,
primary identification label and labeling used for each ISO 13485:2003: 8.2.4
unit, and device identification and/or control numbers ISO 13485:2016: 8.2.6;
13 used. 21 CFR 820.184(a) - ( f) review DHRs
ensure firm maintains records for education, training, ISO 13485:2003: 6.2.2(e)
14 skills, and experience of resources ISO 13485:2016: 6.2 ( e) review training records
ISO 13485:2003: 7.4.1, 7.4.3
ISO 13485:2016: 7.4.1, 7.4.3; rev iew purchasing and supplier
15 verify firm maintains purchasing and supplier records 21 CFR 820.50 records
ensure sterilization process parameters and rec ords are
maintained for each batch; ensure sterilization ISO 13485:2003: 7.5.1.3, 7.5.2.2
16 validation records are maintained ISO 13485:2016: 7.5.5, 7.5.7 review sterilization records
Customer Requirements
review product requirements to ensure that intended ISO 13485:2003: 7.2.2 rev iew procedures;
use, customer requirements, and regulatory ISO 13485:2016: 7.2.2; rev iew product requirements
1 requirements are addressed 21 CFR 820.30(c), 820.30( d) , 820.30(f) , 820.30(g) documents
confirm incoming contracts and orders are review ed to rev iew procedures;
resolve conflicting information and that customer ISO 13485:2003: 7.2.2 rev iew incoming inspection
2 requirements can be met ISO 13485:2016: 7.2.2 records
verify that procedures and systems exist for customer ISO 13485:2003: 7.2.3, 8.2.1
communications and f eedback; ensure integration w ith ISO 13485:2016: 7.2.3, 8.2.1;
3 CAPA system 21 CFR 820.100(a)(1), 820.198 review procedures
Technical Files (main subsystem)
ISO 13485:2003: 4.2.1(d)
ISO 13485:2016: 4.2.1(d);
1 review technical file procedures 21 CFR 820.180, 820.181, 820.184, 820.186 review procedures
ISO 13485:2003: 4.2.1(d)
review documents need to ensure planning, operation, ISO 13485:2016: 4.2.1(d);
2 and control of technical file proc esses 21 CFR 820.180, 820.181, 820.184, 820.186 review technical file records

selection criteria:
-single product focus
- risk based
-result of complaints
-recent projec t
3 select documentation to review -c ov ers product range

ISO 13485:2003: 7.1, 7.2, 7.3.3

verify documentation addresses a general description of ISO 13485:2016: 7.1, 7.2, 7.3.4;
product, intended use( s) , and any variants, accessories, 21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
4 or other devices used in combination with product 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
ensure design specifications, standards applied, and 21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
5 results of risk analysis are present 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
6 confirm that principal requirements have been fulfilled 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
review techniques used to v erif y design and validate 21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
7 product(s) clinic al data 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
ensure documentation defines sterilization method and 21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
8 validation 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
ensure documentation inc ludes instruction manual(s) 21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
9 and labeling 820.50, 820.75 review technical file records

ISO 13485:2003: 7.1, 7.2, 7.3.3

ISO 13485:2016: 7.1, 7.2, 7.3.4;
21 CFR 820.30(d), 820.30(g), 820.30( f), 820.181,
10 verify major subcontractors have been documented 820.50, 820.75 review technical file records

pag e 1 of 3