External Quality Audits

As described in post 15 entitled “the internal quality audit” and conversely, there should also be an external quality audits program in the medical device company. The internal quality plan is to audit the state of things with the internal quality system while the external audit is to audit the state of things with external business entities associated with the sponsor. Examples are contract research organization (CRO), contract manufacturing organization (CMO) and all sort of suppliers. Depending on the complexity of the medical device, sometimes, the sponsors has literally a few to a few hundred suppliers. These suppliers need to be constantly audited to ensure their quality system is in compliance to 21 CFR 820, ISO 13485, ISO 14971 etc.

Therefore, sponsor should have a procedure that can provide a system and instructions and to assign responsibility for conducting external audits of the quality management system.

Aside from the procedure, sponsor should also has external audit plan, audit nonconformity report template, quality audit checklist and a great external quality audit team.

For audit plan: QA is responsible for planning and scheduling external audits of the quality system, CMO manufacturing processes and raw materials suppliers. Because of the enormity of the external audit program, therefore, it is prudent to choose the audit frequency based on status and importance of the processes, products and areas to be audited and as well as results from previous audits, previous nonconformities, CAPA and customer complaints. Typically, each supplier should be audited once in two years.

In the external audit plan, the dates, assignment of audit teams, areas to be audited should be set clearly and to be followed. External audit plans should be synchronized with management reviews of the sponsor’s quality system.

For external audit team: External quality team member should be qualified, experienced, have the necessary education, independent and able to write well and fast. External auditors must have expert level in ISO 13485, 21 CFR 820 and EU MDD.

During the external auditing, external auditors seek objective evidence demonstrating whether the audited activities conform to the requirements of the documented quality system, and whether the system is effectively implemented and maintained. When nonconformity is noted, it is brought to the attention of, and discussed with, the responsible individual of the department.

At the end of the audit, each noted nonconformity is documented using the audit Nonconformity Report. External audit should fill out only the first part of the form, describing the nonconformity and handed over to the responsible individual who uses the second part to propose correction, corrective action or perhaps a remediation plan.

Upon receiving the report, the responsible individual investigates the cause/s of the problem noted as a nonconformity, proposes a correction or corrective action to be taken, and indicates the date by which the corrective action will be fully implemented. The external auditor reviews and approves the proposed action.

Documentation and Record: this is a critical part. External audits, implementation of resulting corrective actions, and follow-up audits are documented. At the end of an auditing cycle, all nonconformity reports established during the cycle are compiled and analyzed, and are presented at the management review meeting.

Below is the exact wording from FDA website on 21 CFR 820.22

820.22	Has the company established procedures for quality audits?
820.22	Does the company conduct quality audits to assure that the quality system is in compliance with the established quality system requirements and determined to be effective?
820.22	Are quality audits conducted by individuals who do not have direct responsibility for the matters being audited?
820.22	Are corrective actions, including a re-audit of deficient matters, taken when necessary?
820.22	Are reports of the results of each quality audit and re-audit(s), where taken, prepared?
820.22	Are the quality audit reports reviewed by management having responsibility for the matters being audited?
820.22	Are the dates and results of quality audits and re-audits documented?

Courtesy of www.ISO.org

Disclaimer: Although the author had exhaustively researched all sources to ensure the accuracy and completeness of the information contained in this blog, but no warranty and fitness is implied. I assumed no responsibility and implied warranty of any kind for errors, inaccuracies, omission, or any inconsistency herein. No liability is assumed for incidental or consequential damages in connection with the use of the information contained herein. Readers should always use their own judgment and review all related regulatory guidelines. Guidelines can change over time.