Pillarstone Quality

Conducting an ISO 13485 Internal Audit

Book Free Consultation

How to Conduct an ISO 13485 Internal Audit: Complete Guide 

An ISO 13485 internal audit is a crucial component of maintaining a compliant medical device Quality Management System (QMS). Internal audits help ensure ISO 13485 compliance, improve processes, mitigate regulatory risks, and demonstrate continual improvement—core principles of ISO 13485:2016. 

This guide explains how to conduct an ISO 13485 internal audit, who is qualified to perform it, and how PillarStone Quality can support your organization with expert auditing and compliance services. 

What Is an ISO 13485 Internal Audit? 

An internal audit is a systematic and independent review of your medical device QMS to determine whether: 

  • It conforms to planned arrangements, including ISO 13485 requirements and applicable regulatory requirements (FDA 21 CFR Part 820, EU MDR). 
  • It is effectively implemented and maintained. 
  • It supports the achievement of your quality objectives. 

Internal audits are a mandatory requirement under ISO 13485:2016 (Clause 8.2.4) and are essential for certification readiness, regulatory compliance, and continuous improvement. 

Who Is Qualified to Conduct an ISO 13485 Internal Audit? 

ISO 13485 does not require auditors to hold external certification, but they must be competent, objective, and independent from the activities being audited. 

Qualified internal auditors should:

  • Have formal training in ISO 13485 requirements and auditing techniques (ISO 19011 guidance). 
  • Understand your medical device processes, risk management, and quality objectives. 
  • Apply evidence-based auditing and clearly communicate findings. 
  • Maintain impartiality and avoid conflicts of interest. 

For smaller organizations or to ensure objectivity, consider engaging external ISO 13485 audit experts, especially when internal resources are limited.

Book Free Consultation

Step-by-Step ISO 13485 Internal Audit Process 

1

Plan the Audit

  • Create an annual audit schedule covering all QMS processes and locations. 
  • Define scope (departments, functions, or sites) and criteria (ISO clauses, procedures, and regulatory requirements). 
  • Assign trained auditors — internal staff or PillarStone Quality ISO 13485 consultants. 
2

Prepare the Audit Checklist

  • Use a custom ISO 13485 audit checklist to ensure your questions align with key clauses and regulatory expectations. 
  • Consistent evaluation 
  • Complete process coverage 
  • Evidence-based assessment 
3

Conduct the Audit

  • Hold an opening meeting with auditees. 
  • Gather evidence via interviews, observations, and document review. 
  • Record: 
  • Conformities 
  • Opportunities for improvement 
  • Minor and major nonconformities 
4

Report the Results

  • Summarize findings in a detailed internal audit report. 
  • Clearly identify nonconformities and recommended corrective actions. 
  • Share results with management and process owners. 
5

Take Corrective Action and Follow Up 

  • Conduct root cause analysis for each nonconformity. 
  • Implement and verify corrective actions. 
  • Confirm closure via follow-up verification or re-audit. 
Book Free Consultation

Best Practices for Effective ISO 13485 Internal Audits 

  • Maintain auditor independence avoid auditing your own work. 
  • Focus audits on risk-based and critical processes. 
  • Use digital audit tools and templates to track findings efficiently. 
  • Review results in management review meetings. 
  • Partner with experienced ISO 13485 consultants for objectivity and regulatory insight.
PillarStone Why Choose Us

Why Choose PillarStone Quality

At PillarStone Quality, we specialize in helping medical device companies build, improve, and certify their quality management systems. Our consultants bring years of hands-on experience with FDA-regulated environments and ISO 13485 compliance. 

ISO Expertise

Deep knowledge of ISO 13485, MDSAP, and regulatory frameworks (FDA, EU MDR, Health Canada)

Solutions

Customized Solutions

We tailor your QMS to your operations—never a one-size-fits-all template. 

Track Record

Proven Track Record

Trusted by startups and established manufacturers across North America. 

Support

End-to-End Support

From initial gap assessment to certification and ongoing maintenance. 

Partnership

Continuous Partnership

We don’t just get you certified—we help you stay compliant and improve performance over time.