In 21 CFR 820, the FDA requires manufacturers to conduct quality audits “to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system.” This is also a requirement of ISO 9001 and ISO 13485. It is imperative that these audits be performed by individuals not directly responsible for the area being audited.
The purpose of a quality audit is to assess or examine a product, the process used to produce a particular product, or the system supporting the product to be produced. It is also used to determine compliance with governing regulations. These audits are typically performed at a predetermined time interval.
There are three types of audits: system, process and product. A system audit will evaluate the who, what, where, when and how of the quality system. It will identify how the quality system is defined, who is responsible for producing the product, who is responsible for assuring the quality of the product, and what procedures are used to guide the process. A system audit is going to be broad in nature, and not delve too deep into any particular area.
A process audit is more narrowly defined – it will go deep into a particular subject. The main focus is to verify the manner that people, materials, machines, etc. work together to produce the product. Typically, a process audit will compare how the end-product is produced to the documents that guide the process (like procedures, forms, regulations, etc.). It’s used to verify that a process is working within the established limits.
The product audit is really an inspection of the finished product, which is performed prior to releasing the product to the customer. It is an evaluation of the cosmetic appearance and the general quality level of the finished product.
There are also three perspectives of the audits: First Party, Second Party, and Third Party. A First Party audit (internal audit) is typically performed by a group of people within the company. The purpose of this self-assessment is to monitor and analyze critical processes which could degenerate and have negative impact if left unattended.
A Second Party audit (customer audit) is usually performed by an outside party – usually customers evaluating their suppliers – to verify that the supplier can meet requirements. These audits can also be performed by a contracted, independent auditor.
The Third Party audit (regulatory audit) is an assessment of a quality system for compliance to a standard. Upon completion of this type of audit, a certificate of conformance is issued. This is typically done for ISO certification.
*Image source - FreeDigitalPhotos.net