Clause

No.

ISO 13485:2003
7-2 Customer related processes-13485 rev 1
Topic In Review

Audit Question

4.2.2

Quality manual

How does the QM define customer related processes?

4.2.3

WI or procedure

Review applicable procedures and WIs. Are they consistent with 4.2.3
and 7.2?

4.2.4

Records

Review records of reviews. Do the records indicate conformity with

clause 7.2.2?

5.3

Quality Policy

Ask an employee at random what the quality policy is and how it

relates to him/her.

5.4.1

Quality Objectives.

What are the quality objectives for the department and what evidence
is there to verify they are being met?

5.5.1

Responsibility and authority

Who has the responsibility to accept/reject contracts from customers?

How is this defined?

6.2.2

Competence awareness and training

How is competency defined? Select several individuals at random

and verify that their records reflect the job requirements.

6.3

Infrastructure

What infrastructure is required by the department and is it available?

(Phones, internet access, etc.)

4.1

General Requirements

What Sales/marketing tasks are outsourced? How are they controlled?

5.2

Customer Focus

How does Top management ensure that customer requirements are

determined and are met with the aim of customer satisfaction? See
7.2.1 5.1.a 5.5.2.c 6.1.b 7.2.3 8.2.1. Does the execution of
these clauses demonstrate customer focus?.

5.5.1

Responsibility and authority

How is the responsibility and authority for accepting/rejecting

contracts defined?

5.5.2

Mgt Rep.

How does the Mgt. Rep ensure the promotion of awareness of

customer requirements throughout the organization? How are the
management representatives duties and responsibilities defined?

6.1

Provision of resources

How does the organization determine and provide for the resources
needs to enhance customer satisfaction by meeting customer
requirements?

Determination of requirements related to the product

How does the customer communicate his requirements to the

organization? How does the organization determine requirements not
specified by the customer, but necessary for intended use? How are
applicable statutory/regulatory requirements defined? If the
organization goes through a bid/no bid process, how is that
accomplished? What additional requirements has the organization
invoked?

Review of requirements related to the product

If the organization generates proposals or bids, how are the

requirements communicated? How are the responses reviewed and
evaluated? What evidence exists to ensure the organization has the
ability to meet the defined requirements? How are changes
communicated to the organization?

7.2.3

Customer communication

What channels of communication exist for the customer? How are

complaints tracked? What follow up exists to ensure that customer
complaint investigations are initiated ? (See 8.5.1) What records of
these complaint investigations are maintained?

7.3.2

Design input

How do the requirements defined in clause 7.2.1 get communicated

to D&D ?

Purchasing process

If the customer specifies a particular supplier, or material how is this

communicated to purchasing?

7.4.2

Purchasing information

If the customer specifies particular material/components how is that

information conveyed to Purchasing?

7.5.1

Control of Production and service provisions

How does the customer convey production and service provisions he

wants used on his product such as SPC, and qualifications of
personnel?

7.5.2

Validation of processes for production and service provision

How does the customer convey special requirements for production

and service provisions such as ESD controls, sterilization etc.? How is
this monitored?

7.5.5

Packaging material requirements

How does the customer convey handling, packing, packaging and

shipping requirements?

Feedback

How is customer satisfaction monitored and measured? How does the

documented procedure for feedback ensure customer complaints are
considered as part of the early warning of quality problems?

Monitoring and measurement of processes

How are the customer related processes monitored and measured?

What corrections and corrective actions have been executed?

Monitor/measure product

How does the customer specify acceptance criteria and how is this
documented? What records are maintained to prove conformity to
customer specified requirements?

Data analysis

How is data collected and analyzed on the various processes related

to customer requirements? What is done with this data? What
evidence exists to show that data analysis has resulted in Continual
Improvement or preventive action?

7.2.1

7.2.2

7.4.1

8.2.1

8.2.4

8.4

8.5.1

Continual improvement

What continual improvements have been implemented on customer

related processes? Review the documented procedure(s) for issue
and implementation of advisory notices. Are they capable of being
issued at any time? How are records of customer complaints
maintained?

8.5.2

Corrective action

What corrective actions have been implemented on customer related

processes?

8.5.3

Preventive action

What preventive actions have been initiated on customer related

processes?
8-2-1 Feedbcak process -13485 rev 1

4.2.1

General documentation

What additional documentation/records have been generated for this

function, besides those mandated by ISO 13485? Are they in
accordance with clause 4.2.3 and 4.2.4?

4.2.2

Quality manual

Does the feedback process operate as described in the Quality

manual?

4.2.3
4.2.4

Control of documents
Records

Review existing procedures or Work instruction for the feedback

process.
Review records of the feedback process..

5.3

Quality Policy

Ask an employee at random, what the quality policy means to

him/her?

5.4.1

Quality objectives

Review the feedback quality objectives. Are they being met?

5.5.1

Responsibility & Authority

Review the responsibility & authority for personnel conducting the

feed\back process. Is it as defined in clause 5.5.1.?

Competence, awareness and training

Infrastructure
QMS planning

How are competency requirements defined for personnel conducting

the feedback process? Do the records of personnel performing
various tasks of the feedback process (6.2.2.e) match the
competency requirements defined in 6.2.2.a.
What infrastructure is required by the feedback process?
How does QMS planning direct the feedback process?

5.6.2.b

Management review inputs

How is feedback discussed? (5.6.2.b) Are any changes to the

feedback process initiated as a result of management review? How
are customer complaints addressed?

7.2.3

Customer communication

How is customer feedback used to validate feedback (7.2.3.c)?

8.1

M&M analysis -General

What statistical techniques are used to monitor and measure

feedback?

8.2.1
8.2.3

Feedback
M&M processes

How is information relating to customer perception as to whether the

organization has met customer requirements monitored? Caution:
While customer complaints are often an indicator of low customer
satisfaction the absence of such complaints does not necessarily
imply high customer satisfaction; and even when customer
requirements have been agreed with and fulfilled this does not
necessarily ensure high customer satisfaction. See notes 1 and 2 in
IS9000-2005, 3.1.4. How are the methods for obtaining and using this
information determined? How does the documented procedure for
feedback define the early warning of quality problems? How are
these early warnings communicated to the preventive and corrective
action processes? How is experience from the post production phase
factored into the feedback system?
How is the feedback process defined by the process owner?

8.4

Data Analysis

What feedback data is analyzed and what is done with the analyses?

8.5.1

Continual improvement

Has the feedback process ever resulted in an improvement in any

process that would result in improvement of the effectiveness of the
QMS? How is this communicated?

8.5.2

Corrective Action

Review all outstanding CAs against the feedback process since the
last audit. What evidence is there that the CAs were effective?

8.5.3

Preventive Action

Have any PAs been developed regarding feedback? If so, how

effective were they?

6.2.2
6.3
5.4.2

8-3 Control of NC- process 13485 rev 1

4.2.1

General documentation

What additional documentation/records have been generated for this

function, besides those mandated by ISO 13485-2003? Are they in
accordance with clause 4.2.3 and 4.2.4?

4.2.2

Quality manual

Does control of Nonconforming product operate as described in the

Quality manual?

4.2.3
4.2.4

Control of documents
Records

Review existing procedures or Work instruction for control of N/C

product.
Review records of the control of nonconforming product..

5.3

Quality Policy

Ask an employee at random, what the quality policy means to

him/her?

5.4.1

Quality objectives

Review quality objectives for N/C product. Are they being met?

5.5.1

Responsibility & Authority

Review the responsibility & authority for personnel conducting control

of N/C product as defined in clause 5.5.1.

Competence, awareness and training

How are competency requirements defined for personnel performing

control of N/C product? Do the records of personnel performing
various tasks of the control of N/C product (6.2.2.e) match the
competency requirements defined in 6.2.2.a.

6.2.2

6.3

Infrastructure

What infrastructure is required by control of N/C product (Storage

space etc) & how is this defined?

5.6.2
7.3.7

Management review inputs

D&D changes

Is the control of N/C product discussed as part of Product conformity

(5.6.2.c) What changes are initiated as a result of this discussion?
How does control of N/C product drive D&D changes?

7.4.1

Purchasing process

Does the control of N/C product influence or impact the selection of

suppliers?

7.4.3
7.5.1

Verification of purchased product

Production/service

Review records of received N/C material. How is acceptance criteria

for incoming material defined?
How is the rework or repair of N/C product described?

8.2.4

M&M of product

How is N/C product identified and moved from inspection/test to the

N/C product area?

Control of N/C product

Data analysis

How is N/C product precluded from unintended use or delivery? What

evidence exists to prove reworked/repaired product has been reverified? What action is taken when N/C product is discovered after
delivery or use has started? How does the organization ensure that
N/C product accepted by concession only if regulatory requirements
are met? What work instructions have been developed for product
that must be reworked one or more times? Have these WIs
undergone the same the same authorization and approval as the
original WI? How has a determination of the adverse effects of rework
on the product been documented?
What is done with N/C data?

Corrective Action

How does control of N/C product trigger corrective action? Review

recent product CAs to ensure the requirement of 8.5.2 have been
met.

8.3
8.4

8.5.2

4.2.1 General documentation

4.2.2 Quality manual

4.2.3 Control of documents
4.2.4 Records
5.3

Quality Policy

5.4.1 Quality objectives

5.5.1 Responsibility & Authority

6.2.2 Competence, awareness and training

6.3

Infrastructure

5.6.2 Management review inputs

7.3.7 D&D changes

7.4.1 Purchasing process

7.4.3 Verification of purchased product

7.5.1 Production/service

8.2.4 M&M of product

8.3
8.4

Control of N/C product

Data analysis

8.5.2 Corrective Action

What additional documentation/records

have been generated for this function,
besides those mandated by ISO 134852003? Are they in accordance with clause
4.2.3 and 4.2.4?
Does control of Nonconforming product
operate as described in the Quality manual?
Review existing procedures or Work
instruction for control of N/C product.
Review records of the control of
nonconforming product..
Ask an employee at random, what the
quality policy means to him/her?
Review quality objectives for N/C product.
Are they being met?
Review the responsibility & authority for
personnel conducting control of N/C product
as defined in clause 5.5.1.

How are competency requirements defined

for personnel performing control of N/C
product? Do the records of personnel
performing various tasks of the control of
N/C product (6.2.2.e) match the
competency requirements defined in
6.2.2.a.
What infrastructure is required by control of
N/C product (Storage space etc) & how is
this defined?
Is the control of N/C product discussed as
part of Product conformity (5.6.2.c) What
changes are initiated as a result of this
discussion?
How does control of N/C product drive D&D
changes?
Does the control of N/C product influence
or impact the selection of suppliers?
Review records of received N/C material.
How is acceptance criteria for incoming
material defined?
How is the rework or repair of N/C product
described?

How is N/C product identified and moved

from inspection/test to the N/C product
area?

How is N/C product precluded from

unintended use or delivery? What evidence
exists to prove reworked/repaired product
has been re-verified? What action is taken
when N/C product is discovered after
delivery or use has started? How does the
organization ensure that N/C product
accepted by concession only if regulatory
requirements are met? What work
instructions have been developed for
product that must be reworked one or more
times? Have these WIs undergone the
same the same authorization and approval
as the original WI? How has a
determination of the adverse effects of
rework on the product been documented?
What is done with N/C data?
How does control of N/C product trigger
corrective action? Review recent product
CAs to ensure the requirement of 8.5.2
have been met.