the audit process is to clearly define the objectives. The primary objectives of ISO 9001 internal and external audits include:

• Assessing compliance with ISO 9001 standards.
• Identifying non-conformities and areas for improvement.
• Ensuring that the QMS is effectively implemented and maintained.
• Providing assurance to stakeholders regarding the quality of products and services.

Documentation is essential at this stage. Organizations should maintain an audit plan that outlines the scope, objectives, and criteria for the audits. This plan should also define the roles of the audit team members, including lead auditors and team members responsible for specific areas of the QMS.

Inspection expectations during this phase include ensuring that auditors are trained and competent, and that they understand the processes and standards relevant to the audit. For example, a pharmaceutical company may need to ensure that its auditors are familiar with Good Manufacturing Practices (GMP) as outlined by the FDA.

Step 2: Preparing for the Audit

Preparation is critical for successful audits. This phase involves gathering relevant documentation, including quality manuals, procedures, and previous audit reports. The audit team should also review any CAPA records, deviation reports, and change control documentation to understand past issues and resolutions.

Roles during this preparation phase typically include:

• Quality Manager: Oversees the audit preparation and ensures all necessary documents are available.
• Auditors: Review documentation and prepare audit checklists based on the ISO 9001 requirements.
• Department Heads: Provide input on areas that may require special attention during the audit.

Inspection expectations include verifying that all relevant documentation is current and accessible. For instance, if a medical device manufacturer is undergoing an external audit, they should ensure that all design history files (DHFs) are complete and reflect any changes made since the last audit.

Step 3: Conducting the Audit

During the audit, the audit team will assess compliance with the established QMS and ISO 9001 standards. This involves interviewing personnel, observing processes, and reviewing records. The audit should be systematic and objective, focusing on evidence-based findings.

Documentation during the audit includes:

• Audit checklists that align with ISO 9001 requirements.
• Notes from interviews and observations.
• Non-conformity reports for any identified issues.

Roles during the audit include:

• Lead Auditor: Facilitates the audit process and ensures adherence to the audit plan.
• Auditors: Collect evidence and document findings.
• Department Representatives: Provide information and clarification as needed.

Inspection expectations focus on the auditor’s ability to remain impartial and objective. For example, if a deviation is identified in a clinical trial process, the auditor must document it accurately without bias. The FDA emphasizes the importance of thorough documentation in its guidance on quality systems.

Step 4: Reporting Audit Findings

After the audit is completed, the next step is to compile the findings into an audit report. This report should summarize the audit process, highlight areas of compliance, and detail any non-conformities identified during the audit.

Documentation for this phase includes:

• Audit report that outlines findings and recommendations.
• Non-conformity reports that specify the nature of the non-conformities.
• Supporting evidence such as photographs or document references.

Roles involved in reporting findings include:

• Lead Auditor: Prepares the audit report and presents findings to management.
• Quality Manager: Reviews the report for accuracy and completeness.
• Department Heads: Discuss findings relevant to their areas and prepare for follow-up actions.

Inspection expectations during this phase involve ensuring that the audit report is clear, concise, and actionable. For example, if a deviation in a manufacturing process is noted, the report should provide specific recommendations for corrective actions.

Step 5: Linking Findings to CAPA Processes

Once audit findings are reported, the next step is to link them to the CAPA process. This involves analyzing non-conformities to determine root causes and implementing corrective actions to prevent recurrence. The CAPA process is critical for maintaining compliance and improving the QMS.

Documentation for this phase includes:

• CAPA forms that document the non-conformity, root cause analysis, and corrective actions taken.
• Follow-up reports to assess the effectiveness of the implemented actions.

Roles in this phase typically include:

• Quality Manager: Oversees the CAPA process and ensures timely implementation.
• Department Heads: Responsible for implementing corrective actions within their areas.
• Auditors: May assist in verifying the effectiveness of corrective actions during follow-up audits.

Inspection expectations focus on the thoroughness of the CAPA process. For instance, if a deviation is linked to a specific piece of equipment, the CAPA should include a review of the equipment’s maintenance history and any necessary changes to operating procedures.

Step 6: Managing Deviations and Change Control

Deviations from established processes can occur for various reasons, and managing these deviations is crucial for maintaining compliance. The audit process should include a review of deviation management practices to ensure that all deviations are documented, assessed, and addressed appropriately.

Documentation in this phase includes:

• Deviation reports that outline the nature of the deviation and actions taken.
• Change control records that document any changes made to processes or procedures as a result of the deviation.

Roles involved in managing deviations include:

• Quality Manager: Ensures that deviations are managed according to established procedures.
• Department Heads: Responsible for investigating deviations and implementing necessary changes.
• Auditors: Review deviation management practices during audits to ensure compliance.

Inspection expectations during this phase include verifying that all deviations are properly documented and that change control procedures are followed. For example, if a deviation occurs in the production of a pharmaceutical product, the change control process should reflect any adjustments made to the manufacturing process to prevent future occurrences.

Step 7: Continuous Improvement and Follow-Up Audits

The final step in the audit process is to ensure that the findings lead to continuous improvement within the QMS. This involves regularly reviewing audit results, CAPA actions, and deviation management practices to identify trends and areas for further improvement.

Documentation for this phase includes:

• Management review meeting minutes that discuss audit findings and improvement opportunities.
• Follow-up audit reports that assess the effectiveness of implemented changes.

Roles in this phase typically include:

• Quality Manager: Facilitates management reviews and ensures that improvement actions are tracked.
• Department Heads: Provide input on areas for improvement based on audit findings.
• Auditors: Conduct follow-up audits to verify that corrective actions have been effective.

Inspection expectations focus on the organization’s commitment to continuous improvement. For instance, if a trend of non-conformities is identified during audits, the organization should take proactive steps to address the underlying issues rather than merely reacting to individual findings.

Conclusion

Linking ISO 9001 internal and external audits with CAPA, deviation management, and change control processes is essential for maintaining compliance and ensuring the effectiveness of a quality management system. By following the steps outlined in this guide, organizations in regulated industries can enhance their audit processes, improve their QMS, and ultimately deliver higher quality products and services to their customers. For further guidance, organizations may refer to official resources such as the FDA and ISO.