1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

ISO audit

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Rachel lv, Mar 12, 2020.

  1. Rachel lv

    Rachel lv New Member

    Joined:
    Feb 29, 2020
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi everyone

    Our company establish in 2019, main product is Laser used in medical device
    In this year we plan to apply for ISO certification.
    What kind of certificate should we prepare for the auditor? Does the auditor check licenses, registrations, permits ?
    I'm not familiar with this part. Please give me some advice
     
    Rachel lv, Mar 12, 2020
    #1
  2. Jacquie Collins66

    Jacquie Collins66 Member

    Joined:
    Aug 8, 2019
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    2
    Location:
    Great Yarmouth
    Hi Rachel

    Start with the standard and break down each section, my advice is to keep it simple and relevant to your company. I broke each section down and wrote my system on this.

    upload_2020-3-12_11-22-54.png
     
    Jacquie Collins66, Mar 12, 2020
    #2
  3. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,055
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Welcome to QFO.

    There's no specific statement in the ISO 9001:2015 standard that requires an organization to show business licenses or permits to an auditor. This doesn't mean your organization don't need to comply with statutory/regulatory requirements.
     
    tony s, Mar 12, 2020
    #3
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,107
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Firstly, medical device manufacturers usually apply for ISO 13485 Certification - this is the ISO 9001 forum. Are you seeking ISO 9001 certification?

    The auditor doesn't want to see any certificates if you want ISO 9001. The auditor will not be checking those permits etc. With ISO 13485 it's going to be different.
     
    Andy Nichols, Mar 12, 2020
    #4
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,107
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I wouldn't ever advocate for a QMS - a manual or the whole system - to be structured around the requirements of the standard. People have been doing it this way for 30+ years and the result is that NO-ONE uses it. Sure, it'll get you a certificate and auditors may find their job is "easier", but the vast majority who try to force the ISO structure into their business create zero value for the organization. It's easy to detect. Just ask them to navigate around and describe what happens...
     
    Andy Nichols, Mar 12, 2020
    #5
    RoxaneB likes this.
  6. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    I echo the thoughts of @Andy Nichols .

    Three other reasons to not mirror the standard:

    1. If you wish to integrate management systems - what if their numbering, structure, requirements are different?
    2. Standards change over time - what "Document Control" today may become "Document Management and Control" tomorrow.
    3. People - outside of our world - don't speak ISO/Standard...they speak the organizational language.

    If an organization wants people to embrace their Q/E/H&S MS, it's best to develop it in their organization's own language. This is what we did in my previous life. For example, we had 5S, Routine Mangement, and Failure Analysis processes at all of our sites around the globe. There was no way I was going to write a manual or processes called Corrective Action or Process Control.

    I had ISO 9001, ISO 14001, OHSAS 18001, ISRS, Sarbanes-Oxley, and our own business system requirements to integrate. At the foundation of what we did was Plan-Do-Study-Act so we developed our system around that. We had matrix that showed how all of the relevant standards aligned with what we did...instead of how we fit the standards. Easier to change a matrix than an entire manual.
     
    RoxaneB, Mar 12, 2020
    #6
    Andy Nichols likes this.
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,107
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Once you have decided which standard you are certifying to, ISO 9001 or ISO 13485, you will need to find a Certification Body (possibly one which is also a Notified Body). Be careful on which CB you select. Take a good look at which ones operate in your industry sector - who certifies your competition, your customers, your suppliers etc. Once you have selected a CB, they should be capable of describing the process and any preparation you have to go through. Each CB will be a little different but the process is similar.

    Let us know if you have further questions.
     
    Andy Nichols, Mar 12, 2020
    #7
  8. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    A lot depends on where you want to sell your products. For example, if your market is only the US, certification to 13485 isn't recognized (you DO have to have a Quality Management System and 13485 provides a good framework but you have to be compliant with the Quality Systems Regulation, 21 CFR 820). If you want to market in the EU then 13485 is the best route. If you want to market in Canada, you need to go the MDSAP route (13485 "on steroid").

    Speaking of the EU, you also need CE marking and so you'd want to select a Notified Body that is designated under the MDR. There aren't many and so expect long delays in getting scheduled.

    The regulatory aspects are not straight forward and you definitely want to have someone with expertise in defining your clearance pathways.
     
    yodon, Mar 12, 2020
    #8
    Andy Nichols likes this.
  9. Rachel lv

    Rachel lv New Member

    Joined:
    Feb 29, 2020
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    In china, Business licenses and permits check is part of ISO audit . No matter it's ISO 9001 or ISO 13485.
    I don't know the style of American auditors, Maybe it is different in china
     
    Rachel lv, Mar 13, 2020
    #9
  10. Guy Léger

    Guy Léger Member

    Joined:
    Mar 24, 2020
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    2
    Location:
    Chelyabinsk
    According to ISO 19011: 2018, in A.14, documented information that auditors should check may include "policies, quality plans, procedures, standards, work instruction, licences and authorizations, specifications, contracts, orders, meeting reports, dashboard and indicators, non conformities requests or other customers feedback, ...and other records related to the lifetime of the medical devices..
     
    Guy Léger, Mar 25, 2020
    #10
  11. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,055
    Trophy Points:
    112
    Location:
    Laguna Philippines
    ISO 19011:2018 also mentioned in its Introduction:
    "This document concentrates on internal audits (first party) and audits conducted by organizations on their external providers and other external interested parties (second party). This document can also be useful for external audits conducted for purposes other than third party management system certification".
     
    tony s, Mar 25, 2020
    #11
    Andy Nichols and Guy Léger like this.