ISO 13485 Quality Checklist (MDQMS)

For organizations providing medical devices and related services, ISO 13485:2016 specifies requirements for a quality management system enabling them to consistently meet customer and applicable regulatory requirements. Use this self-assessment checklist for internal audits to determine if your organization’s QMS is aligned with the ISO 13485:2016 standard and evaluate your readiness for a third-party ISO 13485:2016 certification audit.

ISO 13485 Quality Checklist (MDQMS)



Management Controls

1. Quality Manual defines scope of QMS, procedures (or reference to) within QMS, and description of the interaction of processes within QMS? (ISO 13485:2016: 4.1, 4.2.2)


Photo Comment

2. Criteria and methods are in place to monitor and control processes for effectiveness? (ISO 13485:2016: 4.1.3(a), 4.2.1(d), 8.4)


Photo Comment

3. Firm has established and conducts Management Reviews, at least annually? (ISO 13485:2016: 5.1(d), 5.6)


Photo Comment

4. Management reviews examine suitability and effectiveness of quality systems, improvements needed because of customer requirements, and resource needs? (ISO 13485:2016: 4.1.3(c), 5.6.1, 5.6.3, 6.1, 8.4)


Photo Comment

5. Management review addresses audit results, customer feedback, process performance, Corrective and Preventive Actions (CAPAs), previous management reviews, changes to QMS, recommendations for improvement, and new or revised regulatory requirements? (ISO 13485:2016: 5.6.2)


Photo Comment

6. Firm has established a Quality Manual and Quality System Procedures and Instructions that are appropriate? (ISO 13485:2016: 4.1.2(a), 4.2.1(b), (c)


Photo Comment

7. Firm has established Quality Plan? (ISO 13485:2016: 4.2.1(d), 5.4)


Photo Comment

8. Quality Planning addresses QMS needs and Quality Objectives? (ISO 13485:2016: 5.4.2)


Photo Comment

9. Firm has implemented Quality Policy and Quality Objectives? (ISO 13485:2016: 4.2.1(a), 5.1(b), (c), 5.3, 5.4.1)


Photo Comment

10. Firm has established Quality Audit procedures and conducts audits? (ISO 13485:2016: 4.2, 8.2.4)


Photo Comment

11. Quality audits examine compliance and effectiveness? (ISO 13485:2016: 4.1.3(c), 4.2.1(d), 8.2.4)


Photo Comment

12. Auditors are trained? (ISO 13485:2016: 6.2, 8.2.4)


Photo Comment

13. Audits are conducted by objective parties? (ISO 13485:2016: 8.2.4)


Photo Comment

14. Quality audits are linked to CAPA? (ISO 13485:2016: 8.2.4)


Photo Comment

15. Review organizational structure of firm. Resources are available to support processes? (ISO 13485:2016: 4.1.3(b), 5.1(e), 5.5.1, 5.5.2, 6.1, 6.2)


Photo Comment

16. Firm has defined a management representative with executive responsibility for implementing and reporting quality management system? (ISO 13485:2016: 5.1, 5.5.1, 5.5.2, 6.1, 6.2)


Photo Comment

17. Appropriate responsibilities, authority, and resources are in place for quality system activities? (ISO 13485:2016: 5.1(e), 5.5.1, 5.5.2, 6.1, 6.2)


Photo Comment

18. Firm has established procedures for identifying training needs and personnel are trained to perform assigned responsibilities? (ISO 13485:2016: 6.2)


Photo Comment

19. Executive management ensures adequate and effective quality system is implemented? Ensure management is committed to and communicates importance of meeting customer requirements, regulatory requirements, and QMS. (ISO 13485:2016: 5.1(a), 5.2, 5.5.3)


Photo Comment
Design And Development / Design Controls

1. Products are subject to design controls? (ISO 13485:2016: 7.1, 7.3)


Photo Comment

2. Design control and risk management procedures are established and applied? (ISO 13485:2016: 7.3)


Photo Comment

3. Design and development stages are identified? (ISO 13485:2016: 7.3.2)


Photo Comment

4. Review, verification, validation, and design transfer activities at each stage are appropriate? (ISO 13485:2016: 7.3.2)


Photo Comment

5. Responsibilities for design and development are defined? (ISO 13485:2016: 7.3.2)


Photo Comment

6. Review the project design & development plan, responsibilities, and interfaces. Design & development plan is updated, reviewed, and approved? (ISO 13485:2016: 7.3.2)


Photo Comment

7. Design input requirements were established, reviewed, and approved? (ISO 13485:2016: 7.2.1, 7.3.3)


Photo Comment

8. Customer requirements are captured? (ISO 13485:2016: 7.2.1, 7.3.3)


Photo Comment

9. Inputs include functional, performance, safety, and statutory and regulatory requirements? (ISO 13485:2016: 7.2.1, 7.3.3)


Photo Comment

10. Incomplete, ambiguous, and/or conflicting requirements were addressed? (ISO 13485:2016: 7.3.3)


Photo Comment

11. Design & development outputs are established, verifiable, reviewed, and approved? (ISO 13485:2016: 7.3.4(a), (c))


Photo Comment

12. Design & development outputs are appropriate for purchasing, production, and servicing? (ISO 13485:2016: 7.3.4(b))


Photo Comment

13. Essential design & development outputs are identified? (ISO 13485:2016: 7.3.4(d))


Photo Comment

14. Acceptance criteria is referenced by design & development outputs and was defined prior to design verification and design validation activities? (ISO 13485:2016: 7.3.4(c), 7.3.6)


Photo Comment

15. Design verification confirmed design outputs met design input requirements? (ISO 13485:2016: 7.3.6)


Photo Comment

16. Design validation results prove device met predetermined user needs and intended uses? (ISO 13485:2016: 7.3.7)


Photo Comment

17. Design validation did not leave unresolved discrepancies? (ISO 13485:2016: 7.3.7)


Photo Comment

18. If required by national or regional regulations, confirm clinical evaluations and/or evaluation of device performance were performed? (ISO 13485:2016: 7.3.7)


Photo Comment

19. If device contains software, confirm software was validated? (ISO 13485:2016: 7.3.2, 7.3.7)


Photo Comment

20. Initial production units (or equivalents) were used for design validation? (ISO 13485:2016: 7.3.7)


Photo Comment

21. Risk management activities were performed? (ISO 13485:2016: 7.1)


Photo Comment

22. Design changes were controlled and validated (or where appropriate, verified)? (ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9)


Photo Comment

23. Design changes have been reviewed for effect on components and product previously made? (ISO 13485:2016: 7.3.2, 7.3.6, 7.3.9)


Photo Comment

24. Design reviews were conducted at appropriate stages of design & development? (ISO 13485:2016: 7.2.2, 7.3.2, 7.3.5)


Photo Comment

25. Design review attendees were appropriate for stage and included independent reviewer? (ISO 13485:2016: 7.3.2, 7.3.5)


Photo Comment

26. Design was correctly transferred to production? (ISO 13485:2016: 7.3.2, 7.3.8)


Photo Comment

27. DHF contains design control documentation? (ISO 13485:2016: 7.3.10)


Photo Comment
Corrective And Preventive Actions (CAPA)

1. CAPA procedures comply with regulatory requirements? (ISO 13485:2016: 4.1, 4.2, 8.5)


Photo Comment

2. Non-conforming product and CAPA procedures determine the need for investigation and notification? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

3. Non-conforming product and CAPA procedures define responsibilities for review and disposition? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

4. Procedures for rework, retesting, and re-evaluation of nonconforming product exist and are followed? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

5. Appropriate records of quality problems have been created and used? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

6. Trend analysis data indicates quality problems? Data used for CAPA decisions? 9ISO 13485:2016: 8.1, 8.2.5, 8.4, 8.5)


Photo Comment

7. CAPA data is complete, accurate, and timely? Compare results across multiple data sources to identify quality problems. (ISO 13485:2016: 8.4, 8.5)


Photo Comment

8. Appropriate statistical techniques are implemented? (ISO 13485:2016: 8.1, 8.2.5, 8.4)


Photo Comment

9. Device failure investigations determine root cause? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

10. Failure investigations are commensurate with risks? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

11. Controls exist to prevent non-conforming product from being released? (ISO 13485:2016: 8.3)


Photo Comment

12. Appropriate actions were taken for quality problems? (ISO 13485:2016: 8.2.5, 8.5.2, 8.5.3)


Photo Comment

13. CAPA actions were effective, verified, validated, documented, and implemented appropriately? (ISO 13485:2016: 8.5)


Photo Comment

14. CAPAs and nonconformities were disseminated to personnel responsible for ensuring quality and prevention of problems? (ISO 13485:2016: 8.3, 8.5)


Photo Comment

15. Quality issues and CAPAs were disseminated for Management Review? (ISO 13485:2016: 5.6.3, 8.3, 8.5)


Photo Comment

16. Firm has procedures for handling complaints and investigation of advisory notices / recalls? Ensure provisions exist to feed in CAPA system. (ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3)


Photo Comment
Medical Device Reporting (MDR)

1. Medical Device Reporting (MDR) procedures comply with regulatory requirements? (ISO 13485:2016: 8.5.1)


Photo Comment

2. Firm maintains MDR event files that comply with regulatory requirements? (ISO 13485:2016: 8.5.1)


Photo Comment

3. Appropriate MDR information is identified, reviewed, reported, documented, and filed? (ISO 13485:2016: 8.5.1)


Photo Comment

4. Firm is effective in identifying MDR reportable events? (ISO 13485:2016: 8.5.1)


Photo Comment

5. Firm has established procedures for receiving, reviewing, and evaluating complaints? (ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1)


Photo Comment

6. Firm maintains complaint files and that they are reasonably accessible? (ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1)


Photo Comment

7. Complaints are evaluated to determine if an event should be a MDR? (ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.2.3, 8.5.1)


Photo Comment

8. Complaint investigations include the device name, date of complaint, device identification number, contact information of complainant, details of complaint, date and results of investigation, any corrective actions, and replies to complainant? (ISO 13485:2016: 7.2.3, 8.2.1, 8.2.2, 8.5.1)


Photo Comment
Production And Process Controls (P&PC)

1. Product realization processes are planned? Confirm that risk management occurs throughout product realization. (ISO 13485:2016: 7.1)


Photo Comment

2. Planning of product realization is consistent with requirements of other processes of QMS? (ISO 13485:2016: 7.1)


Photo Comment

3. Requirements have been defined for suppliers, contractors, and consultants; ensure suppliers, contractors, and consultants are selected on ability to meet requirements? (ISO 13485:2016: 7.1, 7.4.2)


Photo Comment

4. Firm maintains records of acceptable suppliers, contractors, and consultants? (ISO 13485:2016: 7.4.1)


Photo Comment

5. Data supporting supplier requirements is maintained? Verify that suppliers, contractors, and consultants agree to notify firm of changes in products and/or services. (ISO 13485:2016: 7.4)


Photo Comment

6. Procedures for identifying product during all stages of receipt, production, distribution, and installation are in place? (ISO 13485:2016: 7.5.8, 7.5.9)


Photo Comment

7. Firm maintains procedures and records for traceability of each unit, lot, or batch of finished devices and components? NOTE: may not be required for all devices. (ISO 13485:2016: 7.5.9)


Photo Comment

8. Process is controlled and monitored? (ISO 13485:2016: 7.5, 7.6, 8.2.5, 8.2.6, 8.4)


Photo Comment

9. Equipment used has been adjusted, calibrated, and maintained? (ISO 13485:2016: 7.5)


Photo Comment

10. Control and oversight activities identified? Ensure control of inspection, measuring , test equipment, and calibration. (ISO 13485:2016: 7.6, 8.4)


Photo Comment

11. Firm has established procedures for production and process changes? Ensure changes are verified or validated, as needed. (ISO 13485:2016: 7.3.9, 7.5.6)


Photo Comment

12. Device history record (DHR) to identify rejects and/or non-conformances? (ISO 13485:2016: 8.3)


Photo Comment

13. Defects, rejects, non-conformances, and removal of materials were handled properly? (ISO 13485:2016: 8.3)


Photo Comment

14. Processes that cannot be fully verified are validated? (ISO 13485:2016: 7.5.6)


Photo Comment

15. Automated or software driven processes are validated for intended uses? (ISO 13485:2016: 7.5.6)


Photo Comment

16. Validations are documented and conducted by qualified personnel? (ISO 13485:2016: 7.5.6)


Photo Comment

17. Personnel are trained per manufacturing processes and aware of potential defects? (ISO 13485:2016: 6.2)


Photo Comment

18. Monitoring and control methods, data, date performed, individuals performing the process, and the major equipment used is documented? (ISO 13485:2016: 7.1, 8.4)


Photo Comment

19. Linkages to other processes determined? (ISO 13485:2016: 4.1, 4.2)


Photo Comment

20. Infrastructure and work environment are appropriate and controlled? (ISO 13485:2016: 6.3, 6.4)


Photo Comment

21. Maintenance schedules, routine inspections, and adjustments to equipment occur? (ISO 13485:2016: 6.3, 7.5.1, 7.5.6, 7.6)


Photo Comment

22. Procedures are in place for contamination control and cleanliness? (ISO 13485:2016: 6.4.2, 7.5.2)


Photo Comment

23. Verification of purchased products is adequate? (ISO 13485:2016: 7.4.3, 8.4)


Photo Comment

24. Procedures define receiving, in-process, and final acceptance activities? (ISO 13485:2016: 7.5.11, 8.4)


Photo Comment

25. Receiving, in-process, and final acceptance activity records exist? (ISO 13485:2016: 8.4)


Photo Comment

26. Procedures exist and that acceptance status of product is indicated? (ISO 13485:2016: 7.1, 8.2.6)


Photo Comment

27. Procedures define labelling activities, including integrity, inspection, storage, operations, and control numbers? (ISO 13485:2016: 7.5.11)


Photo Comment

28. Product packaging and shipping containers adequately protect device during processing, storage, handling, shipping, and distribution? (ISO 13485:2016: 7.5.11)


Photo Comment

29. Procedures exist to prevent mix-ups, damage, deterioration, contamination, or other adverse effects to product during handling? (ISO 13485:2016: 7.5.11)


Photo Comment

30. Procedures exist for product distribution; confirm distribution records include name and address of consignee, identification and quantity shipped, date of shipment, and identification numbers? (ISO 13485:2016: 4.2.3, 7.1, 7.5.8, 7.5.9.2, 7.5.11)


Photo Comment

31. Installation and inspection procedures exist (if applicable)? Verify installation records are maintained. (ISO 13485:2016: 7.5.3)


Photo Comment

32. Servicing procedures exist (if applicable)? Verify servicing records are maintained. (ISO 13485:2016: 7.5.4)


Photo Comment

33. Firm identifies, verifies, protects, and safeguards customer property under its care? (ISO 13485:2016: 7.5.10)


Photo Comment
Sterilization Process Controls

1. Review sterilization process procedures. Sterilization process is validated? (ISO 13485:2016: 7.5.7)


Photo Comment

2. Review sterilization control and monitoring activities. Processes, equipment, and calibration are current? (ISO 13485:2016: 7.5.5)


Photo Comment
Purchasing Controls

1. Suppliers are evaluated for ability to meet specified requirements? (ISO 13485:2016: 7.4.1)


Photo Comment

2. Adequacy of specifications of materials and/or services provided by supplier is confirmed? (ISO 13485:2016: 7.4.2)


Photo Comment

3. Purchasing information identifies requirements for approval of product, procedures, processes, and equipment, requirements for personnel qualification, and QMS requirements? (ISO 13485:2016: 7.4.2)


Photo Comment

4. Supplier evaluation records are maintained? (ISO 13485:2016: 7.4.1)


Photo Comment

5. Verification and acceptance of purchased materials and/or services is adequate? (ISO 13485:2016: 7.4.3)


Photo Comment
Documentation And Records

1. Documents and changes are approved prior to use? (ISO 13485:2016: 4.2.4)


Photo Comment

2. Documents and records are legible and identifiable? (ISO 13485:2016: 4.2.4(e), 4.2.5)


Photo Comment

3. Documents of external origin are identified with controlled distribution? (ISO 13485:2016: 4.2.4(f))


Photo Comment

4. Firm maintains a quality system record (QSR) which includes or refers to location of procedures? (ISO 13485:2016: 4.2.1(c), (e))


Photo Comment

5. Documents and records are retained for required length of time (this includes retention of obsolete controlled documents and records)? (ISO 13485:2016: 4.2.1, 4.2.4, 4.2.5)


Photo Comment

6. Change records are reviewed and approved by the same functions that performed original review and approval? (ISO 13485:2016: 4.2.4, 7.3.9)


Photo Comment

7. Change records include a description of change, identification of affected documents, approval signatures, approval date, and effective date? (ISO 13485:2016: 7.3.9)


Photo Comment

8. Documents are available at point of use and obsolete document are not in use? (ISO 13485:2016: 4.2.4(d), (h))


Photo Comment

9. Firm maintains DMRs for each type of device? (ISO 13485:2016: 4.2.1)


Photo Comment

10. DMRs contain or make reference to device specifications, production process specifications, quality assurance procedures and specifications (including acceptance criteria), packaging and labelling specifications (including acceptance criteria), and installation, maintenance, and servicing procedures? (ISO 13485:2016: 4.2.1)


Photo Comment

11. DHRs are maintained and devices are manufactured according to DMR? Realization processes and product meet requirements? (ISO 13485:2016: 7.1, 8.2.6)


Photo Comment

12. DHRs contain or make reference to dates of manufacture, quantity manufactured, quantity released for distribution, acceptance records demonstrating the device was manufactured per DMR, primary identification label and labelling used for each unit, and device identification and/or control numbers used? (ISO 13485:2016: 8.2.6)


Photo Comment

13. Firm maintains records for education, training, skills, and experience of resources? (ISO 13485:2016: 6.2 (e))


Photo Comment

14. Firm maintains purchasing and supplier records? (ISO 13485:2016: 7.4.1, 7.4.3)


Photo Comment

15. Sterilization process parameters and records are maintained for each batch? Ensure sterilization validation records are maintained. (ISO 13485:2016: 7.5.5, 7.5.7)


Photo Comment
Customer Requirements

1. Review product requirements. The intended use, customer requirements, and regulatory requirements are addressed? (ISO 13485:2016: 7.2.2)


Photo Comment

2. Incoming contracts and orders are reviewed to resolve conflicting information and that customer requirements can be met? (ISO 13485:2016: 7.2.2)


Photo Comment

3. Procedures and systems exist for customer communications and feedback? Ensure integration with CAPA system. (ISO 13485:2016: 7.2.3, 8.2.1)


Photo Comment
Technical Files

1. Review technical file procedures (ISO 13485:2016: 4.2.1(d))


Photo Comment

2. Documents need to ensure planning, operation, and control of technical file processes? (ISO 13485:2016: 4.2.1(d))


Photo Comment

3. Documentation addresses a general description of product, intended use(s), and any variants, accessories, or other devices used in combination with product? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

4. Design specifications, standards applied, and results of risk analysis are present? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

5. Principal requirements have been fulfilled? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

6. Techniques used to verify design and validate product(s) clinical data? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

7. Documentation defines sterilization method and validation? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

8. Documentation includes instruction manual(s) and labelling? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

9. Major subcontractors have been documented? (ISO 13485:2016: 7.1, 7.2, 7.3.4)


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.