The Road to ISO 13485 Certification: Tips for Effective Audits


Moving targets are notoriously difficult to hit. The secret to success, whether it’s an audit or a fast-moving tennis ball, is to always keep your eyes on the goal.

People can cower beneath their desks at the mere mention of the word “audit.” Indeed, medical device makers face a daunting array of quality and safety standards and obligations, particularly when their activities span international and local borders. There are strategies for getting ready for and carrying out an audit that will keep you out from under the desk and yield favorable outcomes.

Understanding ISO 13485

ISO 13485 is one of numerous Universal Organization for Standardization (ISO) guidelines, and it is particular to the desires and prerequisites for a compliant restorative gadget quality administration framework within the restorative gadget industry. Against that foundation, another step is to get the base prerequisites of the ISO 13485 standard and its relationship to 21 CFR Portion 820, the Quality Framework Direction (QSR), which codifies the desires and prerequisites of the FDA. The QSR is the control that guarantees all therapeutic gadgets made and created inside the joined-together States are secure and take after palatable quality forms all through their development.

Currently, compliance with ISO 13485 is intentional, whereas compliance with the QSR isn’t. In reality, therapeutic gadgets are considered “adulterated” if the related quality administration framework (QMS) isn’t compliant with the QSR. However, the centrality of ISO 13485 certification gets to be clearer given that compliance with that standard can serve as proof of a compliant QMS amid FDA reviews. And, in early 2022, the FDA proposed an alteration to the QSR that will consolidate ISO 13485. Whereas this will likely not take put until at slightest 2024, the development is a sign that ISO 13485 reviews will end up being more common.

Why ISO 13485 Audits Are Important

It may surprise some to learn that the goal of an audit carried out by a recognized organization to get ISO 13485 certification is to evaluate a device manufacturer’s procedures in comparison to the standard and pinpoint areas that require improvement, rather than to find fault.

It may still be nerve-wracking to go into an audit. Nobody wants to let their company, the notified body seeking the audit, or themselves down. A typical audit for ISO 13485 involves the following concerns: –

Poor personnel and facility preparedness

  1. Inability to respond to the auditor’s inquiries.
  2. Regretting a response to one of the auditor’s queries
  3. A lack of comprehensive documentation that is accessible upon request, and
  4. An out-of-compliance finding

A few of these issues are legitimate. Inadequate or erroneous records and non-compliance with policies, methods, and procedures are the most frequent ISO 13485 audit observations. Being well-prepared is the greatest method to assuage fears and raise the likelihood of avoiding such findings of non-compliance.

Best-Practice Advice:

1. Be well-informed! Any manufacturer of medical devices must comprehend the standard. Purchase the standard and ensure that it has all the updates, including the most recent version. Discover all about it.

2. Learn about the tools that the ISO’s Committee on Conformity Assessment must provide.

3. Integrate the standard into organizational policies and practices. To effectively work with ISO 13485, your organization’s quality management system must be designed, implemented, maintained, and improved around its standards. Undoubtedly, providing a warning of an audit might enhance these measures; nonetheless, the process of implementation needs to be continuous.

Good documentation practices (GDPs) should be an organization’s constant approach to getting ready for an audit. From an auditing standpoint, GDPs permit:

  1. exchange of consistent data between external and internal parties,
  2. auditors to comprehend a project’s past, evaluate how well commitments are being fulfilled, and confirm compliance,
  3. auditors should deconstruct any phases in the creation of the gadget and comprehend the logic,
  4. staff training and cross-training that is more effective; and
  5. setting internal standards that serve as a foundation for future advancements.

The ideal way to implement GDPs will depend on each manufacturer’s circumstances, but generally speaking: In the context of an audit, your actions are meaningless if they aren’t documented. Insofar as it is written but unfinished, it is documenting your noncompliance. 

4. Inform. The requirements of ISO 13485 (including the QSR) must be understood by every employee in a plant that manufactures medical devices. Everyone has the responsibility of getting ready for an audit and implementing the standard into daily operations, workflows, and protocols. These actions are crucial to take to get ready for an audit, as is proactive education and training on ISO 13485 requirements.

Tips: Upon Scheduling of An Audit

Tip: 1. Get the audit plan when scheduling the audit. Get a thorough audit plan from the informed body carrying out the audit as soon as it has been arranged. The documents and records that will be examined during the audit are outlined in this plan. It should contain a request for site access, the scope of the audit, and any materials that were requested beforehand. In addition, the strategy ought to consider any past nonconformities or areas that may have been improved, offering a roadmap for people who are endeavoring to finish the task. An organization is usually provided with the audit plan weeks or even months before the audit is required.

2. Make audit plan distributions. An audit is a collaborative activity. Make sure lines of communication are open. Assemble a team where everyone feels comfortable disclosing and dealing with problems as they arise. Every individual will be prepared when it comes time to evaluate the processes, procedures, and deadlines they are accountable for if they are aware of the audit’s purpose and parameters.

3. Look through one of the many online ISO 13485 audit checklists. To make matters better, ask for one straight from the audit’s notified body and go over it in detail with your internal audit staff. Or, by going over the ISO 13485 standard itself, you may make your checklist.

4. Clear, tidy, and organize. To clean and arrange all workspaces and files, allot sufficient time. Sort out all your data so that you may concentrate on answering inquiries and requests in a timely, concentrated manner. By doing this, “audit creep” into unspecified areas will be less likely.

Advice To Remember: While Conducting the Audit

1. Take a nap. Although it may seem simple, make sure that everyone has had enough food and sleep before starting the audit. Positive attitudes, receptive eyes, and a willingness to adapt are the most important aspects of an ISO 13485 audit.

2. Ask to have the audit interactions recorded. Choose a capable note-taker if it is not permitted. Assign an audit lead who will follow up with the auditor frequently to ensure they have what they require.

3. Ascertain that staff members are prepared and available for any desired interviews. Make a list of the subject matter experts the auditor may consult about particular issues. Every employee must be ready to get relevant documents and, upon request, provide examples of relevant processes and procedures related to their work.

4.Briefly respond to inquiries. Answer any inquiries with the specific information required, nothing more. Unless expressly requested, do not provide, or prepare information. Information that is not necessarily advantageous to the company is often obtained by auditors amid an unpleasant silence. Admit it with honesty if you don’t know the answer. If required, explain that you don’t have the information but will get it and point them in the direction of the person who can respond to the query.

5. Be cautious when contesting or challenging a possible discovery. Have a learning, transparent, and open mindset. If everyone feels heard and understood after the conversation, then constructive communication may take place. Sometimes that’s already a triumph.

6. Attend the final meeting with anticipation. It’s a valuable chance for learning. You’ll discover if you’ve lived up to or failed to meet expectations. In any case, gathering this data will help with operations in the future.

Audit Interview Do’s and Dont’s


  1. Be polite but limit casual conversation.
  2. Answer questions completely, directly, and honestly with supportable facts. Steer clear of opinion.
  3. Respectfully disagree when appropriate; ask for clarification.
  4. Offer responses of “I do not know” or “I do not remember,” if appropriate, followed with when you will have the information or a referral to the correct subject matter expert.
  5. Keep an inventory and a copy of anything you provide the auditor.
  6. Show only one record at a time, if possible.
  7. Correct any errors in speaking as soon as possible to avoid miscommunication.
  8. Note any questions you were uncomfortable answering or would have answered differently in retrospect.
  9. Conduct a short daily internal debrief during the audit.
  10. Expect what you say to be documented. There is no such thing as “off the record” in an audit.


  1. Misrepresent the truth or leave out important facts.
  2. Correct a colleague in front of the auditor.
  3. Correct documents when reviewing them with the auditor.
  4. Guess or make up an answer.
  5. Volunteer more information than necessary.
  6. Feel like you have to fill dead air.
  7. Question the auditor’s authority, argue, or raise your voice.
  8. Agree to or volunteer to change a policy or procedure during the audit.
  9. Refer to uncontrolled documents.

Carry Out the Teachings

Determine the risk associated with any non-conformance (large or small) findings or areas for improvement that you become aware of, then take appropriate action. To conclude the findings with the auditor, take the appropriate remedial action and follow up as needed. The audit’s true success is determined by follow-up.

When conducted correctly, an ISO 13485 audit may fulfill its intended function of holding medical device makers to the highest standards of quality for the good of the company, the industry, and—above all—the customers.



Please enter your comment!
Please enter your name here