Lumiform Mobile audits & inspections
Get App Get App

Be ready for QMS inspections with an ISO 13485 audit checklist

An ISO 13485 audit checklist is used by quality managers to determine whether the company’s quality management system (QMS) is compliant with the ISO 13485:2016 standard. It helps assess whether a company is ready to undergo an ISO 13485:2016 certification audit by a third party.

Downloaded 2785 times
ISO 13485 Audit Checklist
Management Controls
The Quality Manual defines the scope of the QMS, the procedures (or reference to) within the QMS, and the description of the interaction of the processes within the QMS.
Are there criteria and methods to monitor and control processes for effectiveness?
Has the company implemented management reviews and conducts them at least annually?
Do management reviews examine the suitability and effectiveness of quality systems, improvements needed due to customer requirements, and resource needs?
Do management reviews address audit findings, customer feedback, process performance, corrective and preventive actions (CAPA), previous management reviews, QMS changes, improvement recommendations, and new or revised regulatory requirements?
Has the company implemented a quality manual and quality assurance procedures and instructions that are adequate?
Has the company established a quality plan?
Does quality planning address the needs and quality objectives of the QMS?
Has the company established a quality policy and quality objectives?
Has the company established a quality review process and conducts audits?
Do quality audits examine compliance and effectiveness?
Are the auditors properly trained?
Are audits conducted by objective companies or individuals?
Are the quality audits linked to CAPA?
Review the company's organizational structure:
Are resources available to support processes?
Has the company defined a management representative with responsibility for the implementation and reporting of the quality management system?
Are appropriate responsibilities, authorities and resources in place for quality system activities?
Has the company established procedures for identifying training needs?
Are personnel trained to perform assigned tasks?
Does management ensure that an adequate and effective quality system is implemented?
Does management ensure that management establishes and communicates the importance of meeting customer requirements, regulatory requirements, and the QMS?
Design and Development / Design Controls
Design controls and risk management methods are set and applied?
Design and improvement stages are identified?
Are the design and development stages identified?
Review, confirmation, validation, and design transfer activities at each stage are suitable?
Are the responsibilities for design and development defined?
Review the project design & development plan, responsibilities, and interfaces.
Has the design and development plan been updated, reviewed and approved?
Design & development products and services are suitable for purchasing, production, and servicing?
Are products subjected to design controls?
Design input demands were established, reviewed, and approved?
Are customer requirements captured?
Have incomplete, ambiguous, and/or conflicting requirements been addressed?
Are design and development deliverables defined, verifiable, reviewed, and approved?
Are design and development outcomes appropriate for purchasing, production, and service?
Are key design and development deliverables identified?
Are acceptance criteria referenced by design and development deliverables and were they defined prior to design verification and design validation?
Did design verification confirm that design outputs meet design input requirements?
Do the design validation results prove that the device meets the predefined needs and intended uses of the users?
Did the design validation leave no unresolved discrepancies?
If required by national or regional regulations, confirm that clinical assessments and/or device performance evaluation have been performed?
If the device contains software, confirm that the software has been validated.
Were initial production units (or equivalents) used for design validation?
Have risk management activities been performed?
Have design changes been controlled and validated (or verified, if appropriate)?
Were design changes reviewed for their impact on previously made components and products?
Were design reviews conducted at the appropriate stages of design and development?
Were the design review participants qualified to do so and were independent reviewers?
Was the design correctly transferred to production?
Does DHF include design review documentation?
Corrective and Preventive Actions (CAPA)
Do CAPA procedures comply with regulatory requirements?
Do non-compliant product and CAPA procedures determine the need for investigation and notification?
Do non-compliant product and CAPA procedures define responsibilities for review and disposition?
Are there procedures for rework, retesting, and reassessment of nonconforming products that are followed?
Have appropriate records of quality problems been established and used?
Data from trend analysis indicates quality problems. Is the data used for CAPA decisions?
Is CAPA data complete, accurate, and current? Compare results across multiple data sources to identify quality issues.
Are appropriate statistical techniques being used?
Are investigations of equipment failures used to determine root cause?
Are failure investigations commensurate with the risks?
Are controls in place to prevent nonconforming products from being released?
Were CAPA actions effective, verified, validated, documented, and implemented appropriately?
Were CAPAs and nonconformances communicated to personnel responsible for quality assurance and problem prevention?
Were quality issues and CAPAs disseminated for management review?
Does the company have procedures for handling complaints and investigating advisory notices/recalls?
Ensure that provisions are in place to feed into the CAPA system.
Medical Device Reporting (MDR)
Do procedures exist for reporting medical devices (MDR) comply with legal requirements?
Does the company maintain MDR event files that comply with legal requirements?
Is appropriate MDR information identified, reviewed, reported, documented and filed?
Is the company effective in identifying reportable MDR events?
Does the company have procedures in place to receive, review and evaluate complaints?
Does the company maintain complaint files and ensure that they are appropriately accessible?
Are complaints evaluated to determine if an event should be an MDR?
Does the complaint investigation include: the name of the device, the date of the complaint, the device identification number, the complainant's contact information, details of the complaint, the date and results of the investigation, any corrective actions, and responses to the complainant?
Production and Process Controls (P&PC)
Are product realization processes planned? Confirm that risk management takes place throughout product realization.
Is product realization planning consistent with the requirements of other processes in the QMS?
Have requirements for suppliers, contractors, and consultants been defined? Ensure that suppliers, contractors, and consultants are selected based on their ability to meet requirements.
Does the company maintain records of acceptable suppliers, contractors, and consultants?
Is data maintained to support supplier requirements? Verify that suppliers, contractors, and consultants agree to keep the company informed of changes in products and/or services.
Are procedures in place to identify products at all stages of receipt, production, distribution, and installation?
Does the company maintain procedures and records to trace each unit or batch of finished equipment and components? (need not be required for all equipment)
Is the process controlled and monitored?
Has the equipment used been adjusted, calibrated and maintained?
Have control and monitoring activities been identified? Ensure control of inspection, measurement and test equipment, and calibration.
Has the company established procedures for production and process changes? Ensure changes are verified or validated, as required.
Do device history records (DHR) exist to identify rejects and/or nonconformances?
Have defects, rejects, nonconformances, and removal of materials been properly addressed?
Are processes validated that cannot be fully verified?
Are automated or software-driven processes validated for their intended use?
Are personnel trained in each manufacturing process and aware of potential errors?
Are monitoring and control methods, dates, date performed, people performing the process, and key equipment used documented?
Have links to other processes been identified?
Are infrastructure and work environment adequate and controlled?
Are maintenance schedules, routine inspections, and equipment adjustments recorded?
Are procedures in place for contamination control and cleanliness?
Is verification of purchased products adequate?
Do thee procedures define receiving, in-process, and final acceptance activities?
Are there records of receiving, in-process, and final acceptance activities?
Do the procedures define labeling activities, including integrity, inspection, storage, operation, and tracking numbers?
Do product packaging and shipping containers adequately protect the device during processing, storage, handling, shipping, and distribution?
Are procedures in place to prevent mix-ups, damage, deterioration, contamination, or other adverse effects to the product during handling?
Are there procedures in place for product distribution? Do distribution records include the recipient's name and address, identification and shipment quantity, shipment date, and identification numbers?
Are installation and inspection procedures in place? Verify that installation records are maintained.
Are maintenance procedures in place (if necessary)? Verify that service records are maintained.
Does the company identify, verify, protect, and safeguard customer property entrusted to its care?
Controls of the sterilization process
Checking the procedures of the sterilization process: Is the sterilization process validated?
Review of sterilization control and monitoring activities: Are processes, equipment and calibration up to date?
Purchasing Controls
Are suppliers evaluated for their ability to meet specific requirements?
Is the adequacy of the specifications of the materials and/or services provided by the supplier confirmed?
Does purchasing information identify requirements for approval of products, procedures, processes and equipment, personnel qualification requirements, and QMS requirements?
Suppliers are assessed for the ability to meet specified demands?
Supplier evaluation records are sustained?
Documentation and Records
Are documents and changes approved before use?
Are documents and records legible and identifiable?
Are documents of external origin identified with controlled distribution?
Does the company maintain a quality system record (QSR) that includes or refers to the location of procedures?
Are documents and records retained for the required period of time (this includes retention of obsolete controlled documents and records)?
Are change records reviewed and approved by the same functions that performed the original review and approval?
Do change records include a description of the change, identification of affected documents, approval signatures, approval date, and effective date?
Are documents available at the point of use and are outdated documents not used?
Does the company maintain DMRs for each type of device?
Do DMRs include or reference equipment specifications, production process specifications, quality assurance procedures and specifications (including acceptance criteria), packaging and labeling specifications (including acceptance criteria), and installation, maintenance, and repair procedures?
Are DHRs maintained and equipment manufactured to DMR?
Do implementation processes and product meet requirements?
Do DHRs include or reference date of manufacture, quantity manufactured, quantity released for distribution, acceptance records demonstrating that the device was manufactured per DMR, primary identification label and labeling used for each unit, and device identification and/or control numbers used?
Does the company maintain records of education, training, skills, and experience of/with resources?
Does the company maintain purchasing and vendor records?
Are sterilization process parameters and records maintained for each batch? Ensure sterilization validation records are kept.
Customer Requirements
Review product requirements: Are intended use, customer requirements, and regulatory requirements considered?
Are incoming contracts and purchase orders reviewed to clarify conflicting information and ensure customer requirements can be met?
Are procedures and systems in place for customer communication and feedback and ensuring integration with the CAPA system?
Technical Files
Have procedures for technical files been reviewed?
Do documents need to ensure planning, operation, and control of technical file processes?
Does the documentation address a general description of the product, intended use(s), and any variants, accessories, or other devices used in combination with the product?
Are design specifications, applied standards, and risk analysis results available?
Are the key requirements met?
Are techniques used to verify the design and validate the clinical data of the device(s)?
Does the documentation define the sterilization method and validation?
Does the documentation include the instruction manual(s) and labeling?
Have key subcontractors been documented?
Further comments/cecommendations:
Name of inspector:
Signature of the inspector:
Share this template:

This post is also available in: Deutsch Español

Inspect your quality management system with an ISO 13485 audit checklist

ISO 13485 is a set of international standards that help organizations identify, control, and prevent quality problems. It’s important for businesses to be compliant with these standards because it shows they are taking their quality management seriously.

The ISO 13485:2016 standard establishes a framework for the quality management system (QMS) requirements for healthcare products and services. ISO 13485 requirements checklists help assess whether a company is ready to undergo an ISO 13485 certification audit by a third party. A certification audit involves conducting an in-depth evaluation of a company’s QMS to determine its compliance with specific standards. This provides assurance that your organization meets global safety and quality standards so that you can maintain customers’ trust and protect your business reputation.

To prepare for an ISO 13487 auditing process, it is important to have baseline information about your organization’s QMs already in place. An ISO13485 audit checklist can be used as part of this process. A QMS will typically include processes and procedures for analyzing the quality of products and services, managing risk related to quality issues, maintaining records of performance (including corrective actions), and training employees on how to use the system.

Use this ISO 13485 checklist to determine whether your company’s QMS meets the ISO standards and take corrective actions.

Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.
This site is registered on as a development site. Switch to a production site key to remove this banner.