Life Sciences Insights

Sharing expert knowledge via our latest blog posts

Quality Audits Management: Quality Audits managed according to QMS 

GxP audits are the backbone of compliance and improvement. From risk-based planning to meticulous execution and compliance review, each step ensures organizational excellence. Embracing a PDCA (plan, do, check, act) life cycle approach streamlines processes and fosters consistency.
Audits blog QMS

The Quality Audits should be managed according to the Quality Management System requirements, which should include:

  • A risk-based planification system for audits to be performed within a certain period.
  • Effective training and qualification programs for the auditors, including clear requirements for their approval.
  • A well-defined system for planning, performing, reporting, and evaluating audits.
  • An efficient system for handling non-compliance until its closure.

Figure 1 – Quality Management System requirements

In order to improve the audits management and to achieve consistent results, audits should be managed using a PDCA life cycle approach (see Figure 2). 

Figure 2PDCA life cycle approach

Audits Plan

At the beginning of each auditing cycle, usually every year, an Audit Plan has to be defined, including the type of audits to be performed, their timings, reference documents required, and the responsible auditors.

Both internal audits  and  external audits (audits to suppliers and subcontractors) should be planned. Third-party audits (audits and inspections from authorities and official bodies), expected to be held in the company during the Auditing Cycle, could also be included in the Plan, to provide a wider overview and to allow a better resource allocation. All these audits could be scheduled in the same Audit Plan, or different Audit Plans can be prepared for each type of audit

First-party audits program

All Quality Management System standards require conducting internal audits on a regular basis, to verify the level of compliance of the QMS with the standard requirements and to provide tools for continuous improvement. Most of the time, these internal audits are expected to be scheduled at least every year, although the frequency can be increased in case needed (e.g. when major changes are planned, or when the audits results show a poor level of control).

Thus, the complete system should be reviewed minimally once a year, but this revision could be split up into partial assessments during the auditing period. This allows a better fit of the audit to the requirements related to the activities of the company, a better selection of specialized auditors, and a more specialized approach to the different areas to be audited. Moreover, according to results obtained in different areas, a specific follow-up can be scheduled, including additional off-program audits in case needed.

Keeping this in mind, partial audits can be programmed along the year as well, assigning the most suitable auditors at the right time.

Second-party audits program

According to GXP requirements, critical suppliers should be included in the audit plan. In some cases, there are clear regulatory requirements or expectations that stipulate the minimum frequency of audits to be included in the Audit Plan (e.g. API suppliers should be audited at least every 3 years).

However, there are so many different types of suppliers, with no specific existing requirements, but with direct or indirect impact over the product/data quality, that should also be assessed and approved, and perhaps even included in the Audits Management System. The approval criteria and auditing frequency for all these types of suppliers should be established by using a Risk Based Approach.

Different risk factors should be considered during the assessment, including, of course, criticality of supplies or services provided, having an existing QMS in place, and official certifications or the continuous quality assessment of services and products provided. This risk-based approach will provide the necessary elements to create a calendar for the suppliers and subcontractors audits, considering their level of concern and their priority within the global picture.

Audits performance 

Throughout the year, programmed audits will be carried out according to internal procedures, and by qualified auditors. Each audit carried out will be recorded and followed up as described in the auditing policies of the company.

Audits can be performed using their resources or can be outsourced to specialized auditors or auditing companies. In both cases, the auditors’ qualification, the operating procedures, and the generated documents and records must be compliant with the internal policies of the company. It is important to remember that this type of providers shall also be included in the suppliers’ assessment and approval, and may be included in the auditing program too.

Audits Plan compliance review

At the end of each auditing cycle, compliance with the Audit Plan shall be verified, to check that all the scheduled audits for a specific period of time have been properly completed. In the event of non-compliance with the provisions, the cause of the non-compliance should be stated and justified.

Based on the results of the revision, the new Audit Plan for the next auditing cycle will be prepared. Areas requiring special attention based on previous audits, non-conformity reports or corrective action reports, will be considered for scheduling additional audits.

Audit Services

QbD Group offers to take on your external or internal audit program with our certified Lead Auditors or trained internal auditors

Did you find this article interesting? Thanks for sharing it with your network:

Subscribe to the Blog
Here you will find interesting articles and news related to your industry.

Table of Contents

Stay up to date with the latest in life sciences

Come visit our booth at CPHI Barcelona 2023

Come to see the QbD Group at stand #3G73 at CPHI Conference in Barcelona. And after the conference…Eat & Connect with lifescience professionals at our QbD’s CPHI Networking Drink.