Procedure for Planned Internal Quality Audits in Pharma

1.0 PURPOSE: 1.1 The purpose of this procedure is to implement a system for planned internal quality audits to verify compliance of the quality activities and related results with the planned arrangement and to determine the effectiveness of the quality system.

2.0 SCOPE:
2.1 This procedure is applicable to all activities of the quality system and requirements of the national and international standards in the company.

3.0 RESPONSIBILITY:
3.1 Management Representative

4.0 AUTHORITY:
4.1 Director, QMS and Other CQA Members

5.0 Procedure for Internal Quality Audits:

5.1 Planned Audits are designed for one or more of the following purposes:

5.1.1 To determine conformity or nonconformity of the activities to the specified requirement and elements of the International Standard/ Quality system.
5.1.2 To determine the effectiveness of the implemented quality system in achieving the specified quality policy and quality objectives.
5.1.3 To verify compliance of quality activities and related results with the planned arrangements, documented quality system.

Types of Planned Audit:

• Internal Quality Audits
• External Audits by Regulatory Bodies
• Certification Bodies
• Notified Bodies, and Customers.
• Un-announced audits by the Regulatory Bodies.
• Internal quality audits are conducted at least twice a year.

5.2 Planned Internal Audits Planning and Scheduling

5.2.1 Quality team makes an annual plan for the internal audit.
5.2.2 Based on the annual plan, the Quality team prepares an audit schedule according to the status and importance of the activity. The team appoints auditors for each area to be audited. Each audit team must audit all applicable elements of the quality system in the assigned department/function.
5.2.3 The quality team informs all auditors and auditees of the audit schedule.
5.2.4 Trained personnel, independent of those with direct responsibility for the area/activity being audited, conduct audits, where applicable and practical. External competent individuals may also be hired for internal audit purposes.

5.3 Executing the audit

5.3.1 During the audit, the auditor, covers the entire scope of the auditor as advised by the Quality team.
5.3.2 Before starting an audit, the auditor properly prepares a checklist wherever required for convenience in audit, to save the waste of time during the audit, and to follow a professional approach.
5.3.3 The quality team conducts an opening meeting among the auditors and audit heads to ensure the availability of the resources and facilities required to conduct the audit.
5.3.4 pieces of evidence are collected through interviews, the examination of documents,s, and observations of activities & conditions in the concerned area/function.
5.3.5 Clues indicating nonconformity are noted if they seem significant even though not covered by the checklist and are investigated.
5.3.6 Information collected through interviews is verified by obtaining the same information from other independent sources like physical observation, measurements, and records.
5.3.7 All audit findings are documented at the end of the audit, and the audit team and audit head review the entire finding to identify the actual nonconformity. Audit findings are documented on the non-conforming report.
5.3.8 All nonconformity findings during audit are acknowledged by the auditee or auditee head.

5.4 Audit Report

5.4.1 An audit report is prepared for identified nonconformity on Nonconformity reports for its accuracy and completeness and submitted to the auditee.

5.5 Audit Completion

5.5.1 Audit shall be completed on the submission of the audit report to the auditee.

5.6 Corrective action and follow-up:

5.6.1 The auditor is only responsible for identifying the nonconformity.
5.6.2 The Auditee department is responsible for determining and initiating the corrective action required to correct the nonconformity or its cause, and for closing the raised nonconformity report. 5.6.3, corrective action and its follow-up are completed within an agreed-upon time period by the auditor and Auditee department. If necessary, the Quality team also consults on this matter.
5.6.4 On the agreed completion date or earliest possible, the auditor visits the Auditee department to verify satisfaction and effective implementation of the corrective action taken.
5.6.5 The auditor records comments regarding the verification of corrective action taken, and upon satisfaction, signs and closes the nonconformity.
5.6.6 The quality team includes the audit report with details of corrective actions taken on the agenda of the next management review meeting.
5.6.7 All documents in use must be duly approved and controlled before issuance to the user department.
5.6.8 Obsolete documents must be promptly removed from the point of use.

NOTE: The audits that will be conducted include various applicable statutory and regulatory standards to avoid any oversight and lapses, e.g., all the statutory approvals, ISO 13485:2016, MDD 93/42/EEC as amended 2007/47, list of standards applied audits.

6.0 External Audits: 

6.1 External Audits are conducted by Regulatory Bodies, Certification Bodies, Notified Bodies, and Customers.

Regulatory Bodies: The Regulatory Bodies, including CDSCO and the State Licensing Authority, conduct audits and inspections at our site with prior information, sharing the audit schedule. We communicate regarding travel and stay (if required) with the respective designated Medical Device Officer/Drug Inspectors. We eliminate any observations or deficiencies provided by the Medical Device Officers/Drug Inspectors by taking appropriate corrective actions and submitting them to the Regulatory Authorities.

Notified Bodies: The audits are conducted annually. When we receive the audit plan, the Notified Body Auditors conduct the audit. The Notified Body auditors provide the audit results, and if there is any nonconformity, we submit the root cause and corrective action plan. Based on the acceptance of the corrective action plan, we take and complete the corrective actions as per the target dates.

Certification Bodies: The Certification Body audits us according to ISO/EN ISO 13485 annually. After receiving the audit plan, the Auditors conduct the audit. The auditors provide the audit results, and if there is any nonconformity, we submit the root cause and corrective action plan. Based on the acceptance of the corrective action plan, we take and complete the corrective actions as per the target dates.

Follow-Up Audits: The follow-up audits are required to be conducted by these Regulatory/Notified and Certification Bodies only when serious nonconformities that can affect the quality management system and product performance are noticed during routine audits. We submit the root cause analysis and corrective action plan to the auditors, and after they accept it, we initiate corrective action to be completed within the stipulated period. The auditors decide to verify the same on-site or off-site depending on the type of non-conformity, and only after verifying the evidence, the continuation is maintained.

7.0 Unannounced Audits: 

7.1 These audits are generally conducted by Regulatory Bodies and Notified Bodies to verify compliance with requirements due to a complaint or their own standards. For instance, the European Directive mandates an unannounced audit within three years of the certification audit.
7.2 Handling unannounced audits is important to ensure ongoing compliance.
7.3 Based on the directive, a minimum of two auditors will participate in an unannounced audit. Auditors can arrive anytime between shift start and end.

7.4 Unannounced audits are not done on the weekly off and public holidays.
7.5 The main focus during these audits is on production and inspection activities.
7.6 The auditors will explain the reason for the audit and how the audit will be conducted.
7.7 They can select samples from the production line for verification, including all relevant documentation and personnel from design to batch release.
7.8 The auditors are to Co-operate throughout the audit as in routine audits.

8.0 Precautions:

8.1 Always ensure the current revision of the documents is in use.
8.2 Internal quality Audit records shall be legible and easy to retrieve.

9.0 Reference:

9.1 Requirements of ISO 13485:2016, MDD 93/42/EEC, IMDR 2017.