Audit Questionnaire

Company
Auditees
Representative
Scope of
Application
Requirements
applied

Report No.

Type of Audit

Date of Audit

Lead Auditor

Auditor(s)
Translator(s) /
Interpreter(s)

Language
Quality Manual
Rev./Date/No.
This Audit Questionnaire is based on the following Standards / Directives:
(EN) ISO 13485:2003 (Medical Devices: Quality Management Systems Requirements for regulatory purpose);
(EN) ISO 9001:2000
Medical Device Directive (MDD) 93/42/EEC
ISO 13485:2003 under Canadian Medical Device Conformity Assessment System (CMDCAS)

Date Lead Auditor Auditor(s)

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 1 of 23

 Audit Questionnaire

Remarks on how to use the Audit Questionnaire:

This questionnaire is a manual from which all relevant requirements can be verified.
With the help of a compilation tool the scope of the audit need to be selected on the basis of either (EN) ISO
13485:2003 or EN ISO 9001:2000. Additional Directives and other applicable regulations have to be selected as
well.
An evaluation is always mandatory for each applicable requirement and has to be documented in either
column E for evaluation of implementation during the on-site audit and DE for document evaluation of the
QS documentation prior or during on-site audit.
Audit notes are not mandatory in this checklist, but can be entered into the right column (if existent)
The classification of the evaluation is as hitherto, with

1 conformity with QS requirement 2 improvement possible, acceptable 3 nonconformity with QS element N/A not applicable

Structure of the Audit Questionnaire:

In the left column the relevant requirements are reproduced with some explanations for the auditor rather
than in fully formulated questions.
The right column (if existent) contains space for audit notes, some pre-defined checkboxes and the following
evaluation box:

DR E DE
Reference to the corresponding deviation Document evaluation (prior or during on-site audit)
report no. (if applicable)
ISO

QM system requirement basis:

Evaluation of implementation (during on-site audit) ISO = ISO 9001 and ISO 13485
ISO 9001 = EN ISO 9001:2000
ISO 13485 = EN ISO 13485:2003

The evaluation of rows with grey background takes place in the section referenced in the text (e.g. s 7.2).
In case of multiple references only the underlined ones must be followed for evaluation purposes.
General notes:
The procedures in the company should be audited along the process orientation of the standard.
In general, information such as date, revision, order no., customer, design and development project, product,
identification no. of inspection, measuring and test equipment etc. can be either noted on the checklist or in
separate audit notes as far as applicable in connection with evidence of reviewed documentation.
In case of multi-site companies pertinent process elements must be documented either in one audit topic list
for each site or in one single topic list with different-coloured notes or other identification for the respective
sites.
At the time the certificate is issued all corrective actions must be completed.

Following footnotes are to be observed and related to following additional requirements :

1
additional requirements according to the MDD 93/42/EEC
6
additional requirements according to CMDR

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 2

 Audit Questionnaire

Chapter of standard: 4. Quality Management System

4.1 General requirements

Obligation to establish and maintain a QMS (s.5.4.2) : O Quality Manual

O Documented processes/procedures and other DR E DE
identification and application of quality system processes
determination of sequence, interaction operations and control applicable documents
O Process interaction matrix
methods of these processes ISO
O Management review
availability of resources and of information required for process O Investment plans
support and monitoring O Action catalogs
process monitoring, measurement and analysis O Balance score card

Only (EN) ISO 9001:2000: Implementation of necessary actions for continuous improvement of these processes (s.8.5.1) ISO 9001

control of outsourced processes O OEM contracts

O Documented agreements DR E DE

ISO

Documented Procedures as required for certifications according to (EN) ISO 9001:2000 and ISO 13485:2003 DR E DE
O DP Document control (4.2.3)
O DP Control of quality records (4.2.4)
O WI Control of production (7.5.1)
ISO
O DP Control of internal audits (8.2.2)
O DP Control of nonconforming product (8.3)
O DP Control of corrective action (8.5.2)
O DP Control of preventive action (8.5.3)

Additional Documented Procedures / Work Instructions as required for certification according to DR E DE

(EN) ISO 13485:2003
O DP Identification of training needs (if required by national or regional regulations) (6.2.2)
O DP / WIs Control of environmental conditions (6.4) ISO 13485
O DP Design Control (7.3)
O DP Purchasing (7.4)
O DP/WIs for reference measurements standards as applicable for control of production and service provision and monitoring
and measuring products (7.5.1.1)
O Documented Requirements: Installation activities (7.5.1.2.2)
O DP / WIs Servicing activities (7.5.1.2.3)
O DP the validation of the application of computer software (and changes to such software and/or its application) for production
and service operations and measuring and monitoring operations (7.5.2.1)
O DP Validation of sterilization processes (7.5.2.2)
O DP Product identification and traceability (7.5.3)
O DP / WIs Preservation Handling storage, and delivery of Product (7.5.5)
O DP / WIs Control of product with a limited shelf- life or special storage conditions (7.5.5)
O DP Control of monitoring and measuring devices (7.6)
O DP Implementation and control of the application of statistical techniques (if required by national or regional regulations) (8.1)
O DP Feedback system (8.2.1)
O WI Rework process (8.3)
O DP Data analysis for Suitability and Effectiveness of the QM system (8.4)
O DP Advisory Notices (8.5.1)
O DP Notification of regulatory Authorities of Adverse Events (if required by national pr regional regulations) (8.5.1)
4.2 Documentation requirements
4.2.1 General
Documentation must include: O See quality manual review report
O documented procedures required by the applied DR E DE
quality manual
documents required for process control standards (s. 4.2.1)
quality records ISO
documentation required by regional requlations (e.g. 93/42/EEC,
98/79/EC, CMDR)

quality policy and quality objectives (s. 5.3, 5.4.1) ISO

 Audit Questionnaire

Chapter of standard: 4. Quality Management System

4.2 Documentation requirements
4.2.1 General
Is for each medical device model or type included in the scope a file O See technical file checklist for product DR E DE
in place and do those files contain all product specifications and ________________________________________
quality system requirements?
(usually called DMR = device master record; might be part of the ISO 13485
Technical file acc. to EC Directives)
Does these DMRs (and/or Technical file1-3) define the complete
manufacturing and, if applicable, installation and servicing process of
the related device?
Are procedures and responsibilities defined and documented to
establish and maintain these DMRs (and/or Technical files1-3)? Does
the procedure describe the content and structure of the DMRs
(Technical files1-3)
Is the file pointing out where the information is located, in case it is
not fully included in one DMR (Technical file1-3)?

How does the manufacturer ensure, which medical devices will be sold MDD AIMD
(e. g. list of products): IVDD PAL
into the EU union 1-3 CMDR TCP
into the Canadian market 6
and whether regulatory requirements are fulfilled?

(plausibility of classification acc. to CMDR given?6) CMDR

Device licences available ? 6,7
Are procedures and responsibilities defined to inform the Regulatory DR E DE
Body (e.g. Notified Body, Health Canada) in case of substantional
changes of products and/or the quality system
MDD AIMD
IVDD TCP
CMDR

Is a procedure(s) in place describing the process of when and how to O Contract with distributor DR E DE
communicate with Health Canada (i.e., obligations to inform,
obligation to submit certificates, device license applications and
amendments)? 6 CMDR
Are authorized Canadian distributors identified (establishment
license)? 6
Has a European Representative (address) been appointed by the DR E DE
manufacturer and the responsibility and procedures between the
manufacturer and the European Representative clearly defined and
documented (e.g. in contracts, procedures)? 1-3 MDD AIMD
recall / vigilance system IVDD
incident reporting
market complaints
traceability of sold devices
training
spare parts
technical documentation

 Audit Questionnaire

Chapter of standard: 4. Quality Management System

4.2 Documentation requirements
4.2.2 Quality manual
Scope of QMS including justification of exclusions (and/or non- O Quality Manual
O Geographic or technical scope of application DR E DE
applications, only (EN) ISO:13485)
Does the quality system documentation also refer to applicable O Justification for exclusions from requirements as
per Chapter 7
regulatory Directives/Laws/Standards (incl. CMDR) ISO
O Non-applicabilities in chapter 7 due to inherent
character of the device

Descriptions of procedures and

Interaction between quality system processes (cf. footnote to 4.1 in standard)
4.2 Documentation requirements
4.2.3 Control of documents

Review of adequacy prior to issue and approval O DP Document control

O Quality Manual DR E DE
Review, up-date and re-approval O Approval documents
Identification of revision status and changes O Revision procedures
O Approval procedures ISO
Steps taken to ensure that relevant documents are available at point O Documented procedures
of use O Test plans
Steps taken to ensure that documents are legible and readily O Lists of revision stati
identifiable O Distribution lists
O Evidence of issue and receipt
Identification and controlled distribution of external documents O Review of external documents
Steps taken to ensure that the unintentional use of obsolete
documents is prevented and that the latter are suitably identified

Is it ensured that changes to documents are reviewed and approved DR E DE

either by the original approving function or another designated function
having pertinent background information for decision?
ISO 13485

Is the expected lifetime of the manufactured medical devices defined? O Lifetime of the device _______________ defined
DR E DE
(please consider that lifetime is in general shelf life, e.g. lifetime for for _______________ months/years
implants > shelf life)
ISO 13485

Is the retention period defined for obsolete documents to ensure that DR E DE

documents to which medical devices have been manufactured and
tested are available for at least the lifetime of the medical device as
defined by the manufacturer? ISO 13485

DR E DE

PAL
 Audit Questionnaire

Chapter of standard: 4. Quality Management System

4.2 Documentation requirements
4.2.4 Control of records
Controls must ensure: O Quality Manual
O Process/DP Control of records DR E DE
Legibility
Identification O Sales and order records
O Manufacturing records
Storage O Minutes/records ISO
Protection from damage O Check lists
Retrievability O Test certificates
Retention period O Documentation of internal audits
O Qualification certificates
Disposition O Purchase records
O Logistic records
O Control of translations for labeling and instruction
for use (only (EN) ISO 13485)
Is the retention period of quality records defined for a period of time at DR E DE
least equivalent to the lifetime of the medical device, but not less than 2
years, from the date of dispatch from the organiziation?
ISO 13485

Is the documentation referred to in the CMDR stored for a period DR E DE

as long as the projected useful life of the device or
two years after shipping of the device (distribution records,
complaint records)?6 CMDR

Is the documentation referred to in the MDD stored for a period of at DR E DE

least five years after the last product has been manufactured?1-3, 8

MDD AIMD
IVDD PAL
 Audit Questionnaire

Chapter of standard: 5. Management Responsibility

5.1 Management commitment
Evidence of commitment for quality system effectiveness O Management review
O Written quality policy DR E DE
maintenance(s. 8.4 + 8.5.1)
Determination and communication of the significance of customer O Training schedules / evidence
O Manpower-development plans
and statutory and regulatory requirements (s. 5.2) ISO
O Quality plans
O Records of defined objectives
O Employee information (notices, agenda of informative events)
O Project plans
O Investment plans
O Plant agreements

Establishing of quality policy and quality objectives (s. 5.3 + 5.4.1) ISO
Conduct of management reviews (s. 5.6)
Steps taken to ensure availability of resources (s. 6)

Only (EN) ISO 9001:2000: Is there evidence for the commitment of the continual improvement of quality management system?
(s. 8.4 + 8.5.1) ISO 9001

9
5.2 Customer focus
Determination of customer requirements (s.a. 7.2.1 + 8.2.1)
ISO

Only (EN) ISO 9001:2000: Are customer requirements determined with the aim of customer satisfaction? (s.a. 7.2.1 + 8.2.1)
ISO 9001

9
5.3 Quality policy

Suitability for organization O Quality Manual

O Corporate guidelines and principles DR E DE
Commitment to comply with requirements and to maintain the
O Written quality policy
effectiveness of the QMS
O Training schedules and evidence
Communication within the organization O Employee information (notices, meetings etc.) ISO
On-going review of suitability O Management review
O Internal audits
O company meeting

Only (EN) ISO 9001:2000: Does the quality policy include a commitment to continually improve the effectiveness of the QMS? ISO 9001
(s. 8.5.1)

Determination on the basis of data and parameters (s. 8.4 + 8.5.1) O Quality Manual
O Internal/external target agreements (business plans, DR E DE
Measurable quality objectives (numerical)
project plans, quality assurance agreements)
Alignment with quality policy O Company-related
Alignment with product requirements (s. 7.1) O Product-related ISO
O Customer-related
O Records of employee interviews
O Trend analysis
5.4.2 Quality management system planning

Steps taken to ensure that quality objectives and O Quality Manual

O Documented procedures DR E DE
requirements outlined in 4.1 are satisfied
Steps taken to ensure that changes to the QMS do not impair O Investment plans
O Strategic plans
integrity ISO
O Quality plans
Documentation O Production plans
O Resource plans / records
O Documented procedures / process descriptions
O Work and test plans
 Audit Questionnaire

Chapter of standard: 5. Management responsibility

5.5 Responsibility, authority and communication
5.5.1 Responsibility and authority
Definition and communication of responsibilities and authorities O Quality Manual
O Documented procedures (QM) DR E DE
Ensured by top management
O Job / function profiles
O Requirement profiles
O Organizational Chart ISO

Is the Top Management establishing the interrelation of all personnel DR E DE

and ensuring their necessary authority and independence?

ISO 13485

DR E DE

MPG

DR E DE

PAL

5.5.2 Management representative 9

Appointment and announcement of an independent member of the O Quality Manual
management responsible for the following tasks. O Organizational chart and organizational structure DR E DE
O QMR appointment letter
O QMR function profile
O QMR job profile ISO
O Status report /Q analyses
Tasks: O Internal audit reports
Quality system (incl. processes needed) established and O Reports on quality situation
maintained O Statistical evaluation
Reporting to top management
Sensitization to customer requirements

and regulatory requirements ISO 13485

PAL

5.5.3 Internal communication 9

Establishment of suitable communication processes within the O Minutes and reports of meetings
O Team training and other meetings DR E DE
organization
O Notice boards, internal magazines
O Audio-visual and electronic media
ISO

Communication regarding quality system effectiveness O Agenda of company events

O Circular letters
O Statistics
O Reports on quality system effectiveness
 Audit Questionnaire

Chapter of standard: 5. Management responsibility

5.6 Mamangement Review 9
5.6.1 General 9
Regular review of quality system O Management-review report
O Monthly management reports DR E DE
Assessment of opportunities for improvements to quality policy and
O Controlling reports
quality objectives
O Finance reports
Recording of the need for changes to the quality system O Q-reports ISO
O Supplier evaluations
O Logistic reports

5.6.2 Review input 9

Management review must include: O Management-review report
O Customer-satisfaction analyses DR E DE
audit results
customer feedback O Process analyses
O Evidence of corrective and preventive action
process performance and productconformity O Resource deployment and application planning ISO
status of preventive and corrective action O Benchmarking results
follow-up action from previous management reviews O Quality analyses
planned changes that could affect the quality system O Risk analyses (technical/economic)
O Internal audit reports
recommendations for improvement O Process audits
(s. 8.1+8.2+8.4+8.5 ) O Product audits / reports
O Action reports
O Investment planning

regulatory requirements incl. CMDR, EC Directives? ISO 13485

MDD AIMD
IVDD
CMDR
GMP PAL

5.6.3 Review output 9

Decisions and actions with reference to: O Management-review report
O Business plan DR E DE
improvement needed for maintaining the effectiveness of the QMS
and its processes O Strategic plans
product improvements O Investment plans
O Human-resources plans ISO
resource needs O New objectives
O Projects
O Action plans
Only (EN) ISO 9001:2000: Does the output includes any decisions and actions related to improvements of the effectiveness of the
QMS? (s. 8.5.1) ISO 9001
 Audit Questionnaire

Chapter of standard: 6. Resource management

6.1 Provision of resources

Determination and provision of resources required for: O Quality Manual

O Investment plans DR E DE
Implementing and maintaining the effectiveness of the quality
system - relating to personnel
Meet customer requirements - relating to equipment
- relating to real estate ISO
O Staffing schedules
O Other target plans

Meet regulatory requirements ISO 13485

Only (EN) ISO 9001:2000: Does the organization determine and provide resources necessary to
ISO 9001
a) continually improve its effectiveness ? (s. 8.5.1)
b) enhance customer satisfaction by meeting customer requirements ? (s. 8.2.1)
6.2 Human resources
6.2.1 General
Personnel performing work affecting product quality must be competent O Quality Manual
based on: O Job / function profiles DR E DE
education O Employment contracts
training O Manpower-development plans
O Qualification documentation ISO
skills O Records of employee interviews
experience. O Employee certificates
O Qualification matrix
6.2.2 Competence, awareness and training
Determination of training needs O Records of quality requirements
O Job / function profiles DR E DE
Provision of appropriate training O Induction plans
Evaluation of training effectiveness O Records of employee interviews
O Training schedules ISO
actions of awareness-building measures for the relevant activities
and for the achievements of the objectives O Training certificates
O Proofs on the evaluation of training effectiveness
Maintaining of relevant records O Qualification Record for Medizinprodukteberater as per 31 MPG
Are the personnel who are supposed to work part time under specific
environmental conditions appropriately trained or supervised by
trained personnel
6.3 Infrastructure
Determination, provision and maintenance of infrastructure, e.g.: O Workplace investigations
O Investment plans DR E DE
buildings, workplace and associated utilities
process equipment, hardware and software O Maintenance and servicing plans and records
O Records of process capability studies
support services (such as transport or communication) O Records of supplier evaluation ISO
(including service providers)

Are requirements for maintenance activities and their frequency
documented and recorded?
O Maintenance / servicing plans (records)
O (IVDD) Appropriate air supply systems ISO 13485
O (IVDD) Waste disposal
O (IVDD) Waste water effluent treatment
O (IVDD) Access control for the entry of personnel / material?
O (IVDD) Containment to prevent environmental contamination
O (IVDD) Alarm systems e.g. for accident in environmetal conditions?
O (IVDD) Waste, contamination, warning systems etc. for specific
storage containers with capability of storing specific materials like
radioactive or pathogenic material
 Audit Questionnaire

Chapter of standard: 6. Resource management

6.3 Infrastructure
Is the necessary infrastructure provided for following products8: DR E DE
products that need to avoid dust, humidity, insects and other:
a facility to avoid such objects
products that use toxic gas: PAL
a facility to process toxic gas
for products in fluid, sol, gel, powder (except sterile products) the
workspace shall comply to:
if contamination risk, only personnel of the workspace may pass
if contamination risk , no exit that faces outside (except:
emergency exit)
exit and window can close facility to prevent contamination by dust
or microorganismn
in case of waste water units, a contamination prevention facility
a facilty that supply quality and sufficient water amount
6.4 Work environment
The organization shall determine and manage the work environment O Evidence of instruction in occupational safety
needed to achieve the conformity of product requirements O Evidence of the satisfaction of statutory and DR E DE
regulatory requirements or conditions
O Workplace investigations
O Benchmarking work environment ISO

Are procedures and responsibilities defined and documented for health, O Employee -satisfaction analyses
cleanliness and clothing of personnel, if contact between such O Analyses on labor turnover / absentence ISO 13485
personnel and product or environment could adversely affect the quality O DP / WIs Control of environmental conditions
of product?
If appropriate, are special procedures (e. g. sterilization or desinfection)
available for handling, used and/or returned product, in order to prevent
contamination of
other products,
manufacturing environment, or
personnel

Are requirements for the environment to which products are exposed O States of raw material
documented and maintained (if appropriate, the environmental O Cleaning requirements/procedures defined
conditions shall be controlled and/or monitored, e.g. bio-burden)? O Cleaning plan established
How are the environmental conditions controlled and monitored? O Product protection against vermin and posts maintained

Are the personnel who are supposed to work part time under specific environmental conditions appropriately trained or supervised ISO 13485
by trained personneI? (s. 6.2.2)

DR E DE

IVDD
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.1 Planning of product realization
Planning and development of product-realization processes. Such O Project-strategy approaches
planning must take the following points into account: O Specifications DR E DE
quality objectives and product requirements O Quality plans
the need to establish or provide product-specific processes, O Project-development plans
O Milestone plans ISO
documents and resources
O Feasibility records
product-specific verification, validation, monitoring, inspection and O Measurement and test strategies
test activities and criteria for product acceptance O Logistic strategies
appropriate records to provide documented evidence for the O Records relating to risk assessment and process evaluation
realization of producat and process (s. 4.2.4) (technical, economic)
O Criteria for process release
Are requirements for risk management throughout product realization O Process FMEA DR E DE
documented and are records arising from such risk management O Records relating to risk assessment and process
maintained? 9 evaluation (technical, economic)
ISO 13485

7.2 Customer-related processes

7.2.1 Determination of requirements related to the product 9
Determination of: O Customer inquiries
O Specifications DR E DE
product requirements including delivery and post-delivery support
requirements not stated by the customer but necessary for the use O Drawings
O Order
statutory and regulatory requirements ISO
O Records of consultations with customers
all additional requirements laid down by the organization O Trend analyses
O Competitor analyses
O Research on standards and statutory requirements
7.2.2 Review of requirements related to the product 9
Review of product requirements prior to commitment to supply product O Quotations, contracts
to customer. The following must be ensured: O Evidence of contract review DR E DE
definition and documentation of product requirements O Documentation of amendments
elimination of contradictions O Feasibility analysis records
O Feasibility studies ISO
contract review O Confirmations of orders
feasibility O Specifications
technical O Calculations
commercial O Price lists
O Delivery schedules
qualitative
documentation, understanding and communication of amendments
non-documented requirements of the customer are confirmed
9
7.2.3 Customer communication
Determination and implementation of communication with customers O Process description
concerning: O Work instructions DR E DE
product information O Projects
inquiries, contracts or order handling, including amendments O Customers' product specifications
O Inquiry documents ISO
advisory notes (s.a. 8.5.1) O Contracts
O Confirmation of order
O Advertising material
O Customer surveys and reports of customer visits
O Customer-satisfaction analyses
O Queries, complaints
O Complaint analyses
O Customer requests for changes

customer feedback, including customer complaints, (s. 8.2.1) O Complaint database

ISO
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.3 Design and development
7.3.1 Design and development planning 9

PAL

Planning and controlling of design and development; in this context, the O Project plans
following aspects must be defined: O Design and development plans and flow charts DR E DE
design and development stages O Milestone plans
review, verification, validation and design transfer process O Measurement and test plans
O Verification and validation specifications ISO
responsibilities and authorities O Approval provisions
actualisation of planning output O Responsibility matrix
(and documentation, only (EN) ISO 13485) O DP for design and development planning
interfaces and communication between the various groups O Definitions of records for individual design steps
involved
Is a risk analysis and/or FMEA part of the development process? O Risk assessment for product
DR E DE
Are assignments of responsibilities to perform and review risk __________________________________________
analysis clearly documented?
Are risk acceptance criteria defined? ISO 13485

7.3.2 Design and development inputs 9

Determination and recording of input relating to product requirements. O Specifications / terms of reference
This includes O Statutory and/or regulatory implementing guidelines DR E DE
functional performance and safety requirements O Result reports from previous similar design and
applicable statutory and regulatory requirements development activities
O Evaluation of customer-requirement analyses ISO
previous design and development results obtained in connection O Patent research
with similar products O Approval documents
other requirements (price, service life, recyclability) O Customer complaints evaluations
adequate, clearcut requirements O Guaranties evaluations
O FMEAs

How is it ensured that applicable regulatory requirements are part of the MDD AIMD
design input and are recorded as such (e.g. Annex I of 93/42/EEC or IVDD
98/79EC, CMDR?1-3, 6, 8 CMDR PAL

Does the QM system dopcumentation include requirements for the Name of Device, Identifier
DR E DE
labeling of medical devices (CMDR)? 6 O Name and address of manufacturer
O Control Number (only CMDR, Class III & IV only)
Does the labeling indicate the same manufacturer name and address if O Sterile (if applicable)
compared with maintained device licenses? CMDR
O Expiry date (if applicable)
Labeling for devices used by lay persons must be bilingual
English/French

7.3.3 Design and development outputs 9

Design and development output must: O Drawings
O FE-calculations DR E DE
meet input requirements for design and development O QM-plans
O Acceptance certificates
provide information for purchasing, production and service ISO
O Order documents containing specifications
provision
O Risk analyses (e.g. FMEA)
reference product acceptance criteria
specify product characteristics essential for its safe and proper use O Test records (for production, verification and validation)
O Approval documents
O Sample test

output(s) of risk management (see 7.1) ISO 13485

 Audit Questionnaire

Chapter of standard: 7. Product realization

7.3 Design and development
7.3.4 Design and development review 9
Systematic review of design and development at suitable stages O Intermediate / final design and development reports
(s. 7.3.1) O Appropriate test records, e.g. of laboratory or field DR E DE
to assess their ability to fulfill requirements testing
to identify problems and propose necessary action O Minutes of meetings
O Milestone and phase reviews ISO
The results of the review and the necessary action must be O FMEA
documented. (s. 4.2.4) O Models and simulations
O Approval documents

7.3.5 Design and development verification 9

Design and development verification must ensure that: O Test plans (verification requirements)
O Prototypes / test samples DR E DE
design and development outputs satisfy design and development
input requirements (s. 7.3.1) O Test records / reports
O Records of alternative calculations /analyses
follow-up action is defined ISO
O Test / simulation reports
verification results have been documented. (s. 4.2.4) O Records of experiments / trials
O Description of follow-up measures
O Approval documents

Are design records available which demonstrate (not limited to):

ISO 13485
compliance with applicable standards
tests performed in comparison to products with comparable
design/ model copy
7.3.6 Design and development validation 9
Design and development validation according to planned regulations O Test plans (validation requirements)
must ensure: O Laboratory tests DR E DE
fitness for use O Environmental tests
partial validation, if applicable O Results of pilot series / field testing
O Test records / reports ISO
validation prior to product delivery (possibly from customers, too)
documentation (s. 4.2.4) is guaranteed O Results of -life testing
O Field testing
O Evaluation results from other bodies (customer)
O Validation approvals

Are selection criteria for laboratories/hospitals for clinical trials DR E DE

defined and documented?
Are criteria for the selection of scientific literature for clinical
AIMD IVDD
evaluation defined?
MDD
Is the responsible personnel defined and sufficiently qualified?
Are procedures and responsibilities defined to select and evaluate
scientific literature used for the clinical evaluation?

Is it ensured that clinical evaluations and/or performance evaluations DR E DE

are part of design and development of validations?

ISO 13485
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.3 Design and development
7.3.7 Control of design and development changes 9
This involves review of the following aspects:
identification and documentation of changes
review, verification, validation and approval prior to implementation
review of effects of changes in design and development and of
follow-up action on product
documentation of review results (s. 4.2.4)
O Communication of changes to customers, units DR E DE
O Withdrawn documents
O History of changes
O Documented requests for changes ISO
(e.g. by the customer, production, ...)
O New revision stati of e.g. specifications, drawings, process
descriptios, test procedures, measurement systems,
O Comments, test reports in connection with changes
O Approval documents in connection with implemented changes

7.4 Purchasing
7.4.1 Purchasing process
The purchased product must conform to product requirements. The O Product specifications DR E DE
supplier must be evaluated and criteria for such evaluation established. O Supplier's quality system documentation
The following aspects must be considered in the purchasing process, O Checklist
e.g.: O Evidence of supplier evaluation ISO
external product quality O List / database of approved suppliers
factors of influence O Evaluation criteria
O Complaints
supplier capability O quality agreements
Criteria for supplier selection, regular evaluation and re-evaluation O ppm-statistics
documentation of evaluation (s. 4.2.4) 9 O Specifications
O DP Purchasing
7.4.2 Purchasing information
Purchasing information must describe the product to be purchased. O Product specifications
Such information must include, where appropriate, a description of the O Order forms DR E DE
requirements pertaining to: O purchasing specifications in EDP
product approval, procedures, processes, facilities and O Order lists, piece lists
ISO
equipment O Performance / delivery contracts
O Quality assurance agreements
personnel qualification O Order approval documents
the quality system.
The adequacy of requirements must be ensured prior to their
communication to the supplier
Are copies of relevant purchasing documents (product specifications, DR E DE
ordering specification, etc.) retained?
For example:
for safety relevant components, ISO 13485
according to the specified traceability requirements? (s.7.5.3.2)

7.4.3 Verification of purchased products

In this context inspection/other activities must be established and O Acceptance criteria DR E DE
implemented which verify product conformity with requirements. O Verification plans
For verification measures conducted at the supplier's premises, the O Test regulations
intended verification measures and methods must be defined. O Regulations re-approval under concession ISO
O Test records of suppliers or of organization's own
incoming inspection
O Certifications
O Incoming inspection
O representative sample or illustrations
Are records of verification maintained?
ISO 13485
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.5.1 Control of production and service provision
7.5.1.1 General Requirements
In this context: (s.a. 7.1) O Acceptance criteria
O Test plans DR E DE
product characteristics must be defined,
O Drawings
suitable equipment must be used, O Maintenance plans
O Installation plans ISO
monitoring and measuring devices must be made available,
O Service contracts
activities must be monitored and measured O Operating instructions
release and delivery of products/services must be ensured O Process flow charts
O representative sample or illustrations
post-delivery activities must be considered O DP and reference standards as applicable for control of production
and service provision and monitoring and measuring products (only
(EN) ISO 13485)

defined operations for labeling and packaging ISO 13485

Additonal notes for manufacturing (if necessary)

7.5.1.2.1 Cleanliness of product and contarmination control

Are requirements for the cleanliness of product defined and O Periodically estimated bio-burden of the product (only
DR E DE
documented? If: (EN) ISO 13485)
a) product is cleaned by the supplier prior to sterilization and/or its
use; or ISO 13485

b) product is supplied non-sterile to be subject to a cleaning process

prior to sterilization and/or its use; or

c) product supplied to be used non-sterile and its cleanliness is of

significance in use; or

d) process agents are to be removed from the product during

manufacture.
(if product is cleaned in acc. with a) or b) above, the requirements
contained in EN ISO 13485:2003, 6.4 do not apply prior to the cleaning
process)
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.5.1.2.2 Installation activities
Are, if appropriate, instruction and acceptance criteria for installation DR E DE
and inspection of the medical device documented and maintained?
Are records of installation and inspection, performed by the
organization or his authorized agent (subcontracted service ISO 13485
provider), retained?
Are written instruction for installation and inspection provided to the
customer in case the contract allows installation other than by the
organization or his authorized agent?

7.5.1.2.3 Servicing activities

If service is a specified activity: are documented procedures, work O DP / WIs Servicing activities
DR E DE
instructions, reference materials, reference measurements
procedures established to perform and to verify the service activity?
Are service records maintained? ISO 13485

7.5.1.3 Particular requirements for sterile medical devices

Are records of the sterilization process maintained for each DR E DE
sterilization batch?
Are these records traceable to each production batch of medical
devices? ISO 13485

7.5.2 Validation of processes for production and service provision

7.5.2.1 General requirements 9 (EN) ISO 13485
Validation must demonstrate process capability. In this context, the O Evidence of machinery and process capability
O Process descriptions DR E DE
following must be taken into account:
O data of process control
validation of all production processes where the resulting output
O Skills documentation and training certificates
cannot be verified by subsequent monitoring or measurement. This ISO
O Qualification certificates
includes all processes where deficiencies become apparent only O Validation specifications
after the product has been delivered.
Validation must include (where appropriate):
criteria for review and approval
approval of equipment and personnel qualification
use of specific methods and procedures
requirements pertaining to quality records (s. 4.2.4)
re-validation
Are procedures and responsibility for the validation of the application DR E DE
of computer software and changes to such software which is used for
process control documented?
Is such validation prior to initial use ensured? ISO 13485
Are records of validation maintained?

7.5.2.2 Particular requirements for sterile medical devices

What sterilization method is used? O DP Validation of sterilization process
DR E DE
Are records of validation stored and control parameters recorded?

ISO 13485

Does a subcontractor perform the sterilization? DR E DE

Is the sterilization process of the sub-contractor certified by a Notified
Body?
Is the responsibility between manufacturer and sterilization ISO 13485
subcontractor defined and documented and include AIMD IVDD
validation MDD
biological evaluation
dispatching/shipping?
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.5.3 Identification and traceability
7.5.3.1 Identification
The product must be identified throughout product realization O Work instructions
O Accompanying documents, e.g. routing slips DR E DE
The product status must be identified with respect to monitoring and
O production plans
measurement requirements.
O IT records
O Product identification ISO
O Test certificates
O Segregation slips
O Approvals

Are responsibility and procedures defined and documented to ensure O DP Product identification and traceability DR E DE
that medical devices received for reprocessing or repair (returned
product) are identified and distinguished at all times from normal
production? ISO 13485

7.5.3.2 Traceability / 7.5.3.2.1. General

Is the unique identification of the product controlled and maintained
where traceability is a requirement? DR E DE

ISO

Are (batch) records for traceability maintained?
Are the batch records verified and approved?
How is the extent of traceability defined, documented and maintained
to enable corrective actions as: e.g.
database of sold products
final destination / location of sold products
serial and/or lot number for identification
O DP Product identification and traceability DR E DE
O Information of used raw materials
O Information of used production media/machines
O Information of used auxiliary materials ISO 13485
O Information of used manufacturing conditions

Are distribution records according to CMDR kept for each shipped DR E DE

device? 6

CMDR

7.5.3.2.2 Particular Requirements for active implantable medical devices and implantable medical devices
Do traceability requirements include DR E DE
components and materials used,
records of the environmental conditions, when these could cause
ISO 13485
the medical device not to satisfy its specified requirements?
Do the traceability procedures (or contracts) require agents or
distributors to maintain records of distribution?
Do those requirements / contracts include the availability of records
for inspection, audits etc.?
Are name and address of the responsible person for shipping
package recipient included in the quality records?

Is the implant registration card kept with the distribution record? 6 DR E DE

Does the implant registration card contain the required information?6

CMDR
 Audit Questionnaire

Chapter of standard: 7. Product realization

7.5 Production and service provision
7.5.3 Identification and traceability
7.5.3.3 Status identification
Is the product status identified and maintained throughout production, DR E DE
storage, installation and servicing ?
Is it ensured that only passed products are dispatched, used or
ISO 13485
installed?
7.5.4 Customer property
In this context, the following must be observed: O Inventory of customer property
O Identification (e.g. labels, stickers) DR E DE
careful handling (also where intellectual property is concerned)
O Correspondence with customers
identification, verification, protection and maintenance O Records on verification and maintenance conducted
O Incoming inspection ISO
documentation in cases involving damage or loss (notification of
customer)
7.5.5 Preservation of product
This refers to both internal processing and delivery and must include: O Bill of material
O Inventory lists DR E DE
preservation of product conformity
O Stock-replenishment and withdrawal plans
identification O Regulations on storage periods and segregation
handling (where appropriate) ISO
packaging O Delivery labels
storage O Regulations on packing, storage, preservation and delivery
O Monitorring of expiry dates
protection O Assembly / operating instructions
This also applies to the constituent parts of products.

Are special storage conditions defined and recorded? O DP / WIs Preservation Handling storage, and delivery ISO 13485
of Product
O DP for the control of products in stock (especially for products with
a limited shelf life or requiring special storage conditions)
O Definitions of appropriate transportation conditions
7.6 Control of monitoring and measuring devices
Determination of required monitoring and measuring devices O Test certificates including acceptance criteria
DR E DE
O Evidence of capability of monitoring and measuring
Ensurance of monitoring and measuring device suitability devices
O List for monitoring and measuring devices and EDP
Calibration and verification at regular intervals program management ISO
O Calibration instructions
Adjustment or readjustment as neccessary
O Calibration records
Identification of measuring equipment O Gauging certificates
O Calibration standards
Identification of calibration status O Calibration certificates
O Records on comparative measurements and inter-laboratory tests
Protection from damage and deterioration during handling, O Records on software qualification testing
maintenance and torage O DP Control of monitoring and measurement devices
Documentation of calibration results
If the equipment is found not to conform to calibration requirements,
previous measuring results must be re-assessed and documented.

The capability of computer software must be confirmed. Capability DR E DE

must be confirmed prior to initial use and reconfirmed as necessary.

ISO
 Audit Questionnaire

Chapter of standard: 8. Measurement, analysis and improvement

8.1 General
Monitoring, measurement, analysis, improvement processes must be O Design and development flow charts
ISO
defined O Design and development test plans
O Company data system
planned O Objectives and the actualisation
implemented (s.a. 4.1) O Improvement schemes
to demonstrate conformity of the product and the quality system and the O Statistics
effectiveness maintenance of quality system. O Progress reports
O inputs for continual improvements
O Information boards
Determination of applicable requirements must include the use of O DP Implementation and control of the application of
suitable statistical techniques. statistical techniques (if required by national or DR E DE
regional regulations)
ISO
8.2 Monitoring and measurement
8.2.1 Feedback
Customer perception must be monitored. Methods of obtaining and O DP Feedback system
O Action catalogs DR E DE
using this information must be determined. (s.a. 5.2)
O Customer-satisfaction analyses
Monitoring must include customer complaints O Benchmarking
O Checklists ISO
O Evaluation of mailing and telephone initiatives
O Evaluation records (general)
O Records of target requirement review

Are complaint records kept according to CMDR about DR E DE

any reported problem relating to performance characteristics and
safety?
In case of products new on the Canadian market: any complaint? 6 CMDR

If any customer complaint is not followed by corrective and/or O Complaint database DR E DE

preventive action, is the reason authorized and recorded?

ISO 13485

8.2.1 Customer satisfaction Only (EN) ISO 9001:2000

In relation to customer perception, does the organization monitor O Evaluation of customer surveys
O Customer-satisfaction analyses (aus 5.2) DR E DE
information as whether the organization has met customer
requirements?
Are the methods for obtaining and using such information ISO 9001
determined?

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 20 of 23

 Audit Questionnaire

Chapter of standard: 8. Measurement, analysis and improvement

8.2.2 Internal audit
Conducting of internal audits to the planned arrangements (s.7.1) at O DP/Process description internal audits
O Audit plans DR E DE
planned intervals
planning O Audit reports
O Nonconformance reports
execution ISO
O Action catalogs for the establishment of corrective
documentation action
evaluation O Test records etc.
definition and implementation of corrective action O Management reviews
O Reports on effectiveness of corrective action
surveillance
O Evidence of auditor qualification
The results of previous audits must be taken into account.
The objectivity and impartiality of auditors must be ensured.

Do internal audits include regulatory requirements (e.g. EU-directives, ISO 13485

CMDR) and requirements of ISO 13485?
MDD AIMD
IVDD
CMDR TCP
PAL

9
8.2.3 Monitoring and measurement of processes
Suitable methods for monitoring and measurement of quality system O Company data
processes must be determined, applied, reviewed and corrective and O Process data DR E DE
preventive action implemented, where appropriate. O Controlling data
O Statistic analysis
O Q records ISO
O SPC-data and evaluations
O Work instructions
O Risk analysis records (FMEA)
O Maintenance and servicing plans and implementation
measures
O Test plans
O Test records
O Quality objectives
8.2.4 Monitoring and measurement of product
8.2.4.1 General requirements
Product characteristics: O Test plans
O Test instructions DR E DE
monitoring
O Test records
measuring O Sampling plans (attributive und variable)
verification O Checklists ISO
documentation O Comparative samples
at appropriate stages of product realization.(s. 7.1) O Q records/ Batch record for product
________________, lot _____________
Products or service may only be approved after conformity has been
established.
The responsible person for release must be identified in each case.

Monitoring and measurement against documented procedures? ISO 13485

8.2.4.2 Particular requirements for active implantable medical devices and implantable medical devices
Are personnel, performing any inspection or testing, defined, and are DR E DE
the names documented?

ISO 13485

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 21 of 23

 Audit Questionnaire

Chapter of standard: 8. Measurement, analysis and improvement

8.3 Control of non-conforming products
Does the customer authorize the use, release or acceptance under
DR E DE
concession of a nonconforming product?

ISO 9001

Nonconforming products must be: O DP control of nonconforming product

O Nonconformance records DR E DE
identified
separated O Test regulations
O Test certificates
controlled O Customer information ISO
corrected O Additional test plans, where appropriate
re-verified O Approval records
documented O Expert opinions
O Approval under concession
Corrected nonconforming products must be: O Identification requirements
re-verified,
Records of the nature of nonconformities and any outsequent
actions maintained
Consequences of nonconformances, also for products in use must be:
determined and
action taken
records of concessions shall be maintained
Are appropriate actions in place once a nonconforming product is O WI Rework process
DR E DE
detected after delivery or use has started?
Do work instructions for rework undergo the same authorization and
approval procedure as the original work instruction? ISO

Is it ensured that a nonconforming product is accepted by concession ISO 13485

only if all applicable legal requirements are met?
Is the person authorizing the concession defined and recorded?
Are the adverse effects of the rework / retesting documented?

8.4 Analysis of data 9

Appropriate data to demonstrate quality system suitability, effectiveness O Measurement and test records
O Nonconformance records DR E DE
and continual improvement must be:
determined O Records of customer complaints
O Customer-satisfaction analyses
collected ISO
O Audit reports
analyzed O Q reports
to provide information relating to O Records relating to field experience
conformity of product requirements (s. 7.2.1) O Target/performance comparison reports
process and product characteristics (s. 8.2.3 + 8.2.4)
suppliers (s. 7.4.1)

Are records of results of above tasks maintained? O DP Data analysis for Suitability and Effectiveness of ISO 13485
the QM system (only (EN) ISO 13485)
Only (EN) ISO 9001:2000 Appropriate data to demonstrate quality system suitability, effectiveness and continual improvement must
be determined, collected and anaylized to provide information relating to customer satisfaction (s. 8.2.1) ISO 9001

Only (EN) ISO 9001:2000 Does the organization evaluate, based on data collection and analysis, where continual improvement of
the effectiveness of the QMS can be made? (s. 8.5) ISO 9001

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 22 of 23

 Audit Questionnaire

Chapter of standard: 8. Measurement, analysis and improvement

8.5 Improvement
8.5.1 General
Identify and implement any changes necessary to ensure and maintain O Quality management plans
the continued suitability and effectiveness of the quality management O Project plans DR E DE
system through the use of O Documentation of target requirements
the quality policy O Progress reports
O Management reviews ISO
quality objectives
O Corrective-action catalogs
audit results O Preventive-action catalogs
data analysis O Inputs for continual improvements
corrective and preventive action
management review. (s. 4.1)
Does the organization continually improve the effectiveness of the QMS O Complaint documentation / analyses
through the use of the a. m. tools O Product validation records DR E DE
O External quality costs
O ppm-statistics
O Market analyses ISO 9001
O Benchmarks
O Quality Manual
O Corporate guidelines and principles
O Written quality policy
Does the procedure for complaint handling and advisory notes O Other methods for market surveillance (e.g. search in
advisory notes databases) DR E DE
address the effective and timely investigation of the problem?
Are there procedures to notify the regulatory authority for incidents in
compliance with the regulatory requirements (e.g. EU Vigilance ISO 13485
System, CMDR, local regulation)?
Is a documented procedure established for the issue and
implementation of recalls incl. the advisory notices?
Is this procedure capable to be implemented at any time?

8.5.2 Corrective action

To prevent the recurrence of nonconformances, the procedure must O DP/Process description of corrective action
O Nonconformance records DR E DE
cover the following aspects:
O 8-D-reports
reviewing non-conformities (incl. customer requirements)
O Statistical evaluations
determination of the clauses of nonconformities O Test / result records ISO
required measures to prevent recurrence O Instructions re corrective action
action / corrective action O Training plans
O Training certificates
monitoring and evaluation of corrective action
O Complaints analyses
documentation O Amended delivery contracts (where appropriate),
O Q agreements
O Investment plans
O Documentation of reviews
reviewing the corrective action for its effectiveness ISO 13485

8.5.3 Preventive action

To eliminate the causes of potential nonconformances, the procedure O DP/Process description of preventive action
must cover the following aspects: O Risk analyses (economic / technical) DR E DE
determination of potential nonconformances O Nonconformance records
planning of preventive action O 8-D-reports
O Analyses records ISO
implementation of preventive action O Test records
evaluation of preventive action taken O Action catalogs
documentation O Training plans
O Training certificates
O Amended delivery contracts
O Q agreements
O Investment plans
O Trend analysis
reviewing the preventive action for its effectiveness O Cost evaluations
ISO 13485
O Inputs for continual improvement

Audit Question List Global Requirements-GB.doc Rev. 2; February 2007 Page 23 of 23