ISO 13485内部审计专家指南：医疗器械QMS审计计划、执行与不符合项管理

qms-audit-expert by alirezarezvani/claude-skills

153 周安装量

6,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/alirezarezvani/claude-skills --skill qms-audit-expert

质量管理医疗科技法律合规

🇨🇳中文介绍

QMS 审计专家

适用于医疗器械质量管理体系的 ISO 13485 内部审计方法。

审计计划工作流

规划基于风险的内部审计计划：

列出所有需要审计的 QMS 过程
为每个过程分配风险等级（高/中/低）
审查以往的审计发现和趋势
根据风险等级确定审计频率
指派合格的审计员（验证独立性）
创建年度审计计划
将计划传达给过程负责人
验证： 在一个周期内覆盖所有 ISO 13485 条款

基于风险的审计频率

风险等级	频率	标准
高	每季度	设计控制、CAPA、生产确认
中	每半年	采购、培训、文件控制
低	每年	基础设施、管理评审（如果稳定）

按条款划分的审计范围

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

条款	过程	关注领域
4.2	文件控制	文件批准、分发、作废控制
5.6	管理评审	输入完整、决策有记录、行动有跟踪
6.2	培训	能力定义、记录完整、有效性验证
7.3	设计控制	输入、评审、V&V、转移、变更
7.4	采购	供应商评价、来料检验
7.5	生产	作业指导书、过程确认、DHR
7.6	校准	设备清单、校准状态、超差
8.2.2	内部审计	计划符合性、审计员独立性
8.3	不合格品	识别、隔离、处置
8.5	CAPA	根本原因、实施、有效性

方法	用途	文件记录
文件审查	程序、记录	文件编号、版本、日期
访谈	过程理解	受访者姓名、角色、摘要
观察	实际实践	观察到的内容、地点、时间
记录追溯	过程流	记录 ID、日期、关联性

按条款划分的审计问题

文件控制 (4.2):

向我展示文件总清单
你们如何控制作废文件？
向我展示文件变更批准的证据

设计控制 (7.3):

向我展示 [产品] 的设计历史文件
谁参与设计评审？
向我展示设计输入到输出的可追溯性

向我展示包含未关闭项的 CAPA 日志
你们如何确定根本原因？
向我展示有效性验证记录

完整的审计问题集请参见 references/iso13485-audit-guide.md。

记录每个发现项，包含：

Requirement: [具体的 ISO 13485 条款或程序]
Evidence: [观察、审查或听到的内容]
Gap: [证据如何未能满足要求]

Requirement: ISO 13485:2016 Clause 7.6 requires calibration
at specified intervals.

Evidence: Calibration records for pH meter (EQ-042) show
last calibration 2024-01-15. Calibration interval is
12 months. Today is 2025-03-20.

Gap: Equipment is 2 months overdue for calibration,
representing a gap in calibration program execution.

对审计发现进行分类和管理：

根据分类标准评估发现项
分配严重程度（主要/次要/观察项）
用客观证据记录发现项
传达给过程负责人
为主要/次要发现项启动 CAPA
跟踪至关闭
在后续跟进中验证有效性
验证： 只有在有效的 CAPA 完成后，发现项才被视为关闭

类别	定义	需要 CAPA	时间线
主要	系统性失效或要素缺失	是	30 天
次要	孤立性失误或部分实施	建议	60 天
观察项	改进机会	可选	酌情而定

Is required element absent or failed?
├── Yes → Systematic (multiple instances)? → MAJOR
│   └── No → Could affect product safety? → MAJOR
│       └── No → MINOR
└── No → Deviation from procedure?
    ├── Yes → Recurring? → MAJOR
    │   └── No → MINOR
    └── No → Improvement opportunity? → OBSERVATION

发现项严重程度	CAPA 深度	验证
主要	完整的根本原因分析（5-Why、鱼骨图）	下次审计或 6 个月内
次要	立即原因识别	下次计划审计
观察项	不需要	下次审计时记录

详细指南请参见 references/nonconformity-classification.md。

为认证机构或监管机构审计做准备：

完成所有计划的内部审计
验证所有发现项已通过有效的 CAPA 关闭
审查文件的时效性和准确性
将审计作为输入进行管理评审
准备设施和人员
进行模拟审计（全范围）
向人员简要介绍审计规程
验证： 在外部审计前解决模拟审计发现项

审计前准备情况检查清单

质量手册最新
程序反映实际实践
记录完整且可检索
以往的审计发现项已关闭

关键人员在审计期间可到场
已识别主题专家
人员已了解审计规程
已指派陪同人员

工作区域整洁有序
使用点的文件是最新的
设备校准状态可见
不合格品已隔离

使用外部审计员或合格的内部审计员
覆盖即将进行的外部审计的全部范围
模拟实际审计条件（时间、正式程度）
像真实审计一样记录发现项
在外部审计前解决所有主要和次要发现项
向管理层简要介绍准备状态

ISO 13485 审计指南

references/iso13485-audit-guide.md 包含：

逐条款审计方法
每个条款的示例审计问题
证据收集要求
按条款划分的常见不符合项
发现项严重程度分类

references/nonconformity-classification.md 包含：

严重程度分类标准和决策树
影响与发生频率矩阵
CAPA 整合要求
发现项记录模板
按严重程度划分的关闭要求

审计计划优化器

# Generate optimized audit schedule
python scripts/audit_schedule_optimizer.py --processes processes.json

# Interactive mode
python scripts/audit_schedule_optimizer.py --interactive

# JSON output for integration
python scripts/audit_schedule_optimizer.py --processes processes.json --output json

生成基于风险的审计计划，考虑：

过程风险等级
以往的发现项
自上次审计以来的天数
关键性评分

优先排序的审计计划
季度分布
逾期审计警报
资源建议

{
  "processes": [
    {
      "name": "Design Control",
      "iso_clause": "7.3",
      "risk_level": "HIGH",
      "last_audit_date": "2024-06-15",
      "previous_findings": 2
    },
    {
      "name": "Document Control",
      "iso_clause": "4.2",
      "risk_level": "MEDIUM",
      "last_audit_date": "2024-09-01",
      "previous_findings": 0
    }
  ]
}

跟踪审计计划有效性：

指标	目标	测量方式
计划符合性	>90%	按时完成的审计
发现项关闭率	>95%	在截止日期前关闭的发现项
重复发现项	<10%	连续审计中的相同发现项
CAPA 有效性	>90%	在后续跟进中验证有效
审计员利用率	4 天/月	每位合格审计员的审计天数

🇺🇸English

QMS Audit Expert

ISO 13485 internal audit methodology for medical device quality management systems.

Audit Planning Workflow
Audit Execution
Nonconformity Management
External Audit Preparation
Reference Documentation
Tools

Audit Planning Workflow

Plan risk-based internal audit program:

List all QMS processes requiring audit
Assign risk level to each process (High/Medium/Low)
Review previous audit findings and trends
Determine audit frequency by risk level
Assign qualified auditors (verify independence)
Create annual audit schedule
Communicate schedule to process owners
Validation: All ISO 13485 clauses covered within cycle

Risk-Based Audit Frequency

Risk Level	Frequency	Criteria
High	Quarterly	Design control, CAPA, production validation
Medium	Semi-annual	Purchasing, training, document control
Low	Annual	Infrastructure, management review (if stable)

Audit Scope by Clause

Clause	Process	Focus Areas
4.2	Document Control	Document approval, distribution, obsolete control
5.6	Management Review	Inputs complete, decisions documented, actions tracked
6.2	Training	Competency defined, records complete, effectiveness verified
7.3	Design Control	Inputs, reviews, V&V, transfer, changes
7.4	Purchasing	Supplier evaluation, incoming inspection
7.5	Production	Work instructions, process validation, DHR
7.6	Calibration	Equipment list, calibration status, out-of-tolerance
8.2.2	Internal Audit	Schedule compliance, auditor independence
8.3	NC Product

Auditor Independence

Verify auditor independence before assignment:

Auditor not responsible for area being audited
No direct reporting relationship to auditee
Not involved in recent activities under audit
Documented qualification for audit scope

Audit Execution

Conduct systematic internal audit:

Prepare audit plan (scope, criteria, schedule)
Review relevant documentation before audit
Conduct opening meeting with auditee
Collect evidence (records, interviews, observation)
Classify findings (Major/Minor/Observation)
Conduct closing meeting with preliminary findings
Prepare audit report within 5 business days
Validation: All scope items covered, findings supported by evidence

Evidence Collection

Method	Use For	Documentation
Document review	Procedures, records	Document number, version, date
Interview	Process understanding	Interviewee name, role, summary
Observation	Actual practice	What, where, when observed
Record trace	Process flow	Record IDs, dates, linkage

Audit Questions by Clause

Document Control (4.2):

Show me the document master list
How do you control obsolete documents?
Show me evidence of document change approval

Design Control (7.3):

Show me the Design History File for [product]
Who participates in design reviews?
Show me design input to output traceability

CAPA (8.5):

Show me the CAPA log with open items
How do you determine root cause?
Show me effectiveness verification records

See references/iso13485-audit-guide.md for complete question sets.

Finding Documentation

Document each finding with:

Requirement: [Specific ISO 13485 clause or procedure]
Evidence: [What was observed, reviewed, or heard]
Gap: [How evidence fails to meet requirement]

Example:

Requirement: ISO 13485:2016 Clause 7.6 requires calibration
at specified intervals.

Evidence: Calibration records for pH meter (EQ-042) show
last calibration 2024-01-15. Calibration interval is
12 months. Today is 2025-03-20.

Gap: Equipment is 2 months overdue for calibration,
representing a gap in calibration program execution.

Nonconformity Management

Classify and manage audit findings:

Evaluate finding against classification criteria
Assign severity (Major/Minor/Observation)
Document finding with objective evidence
Communicate to process owner
Initiate CAPA for Major/Minor findings
Track to closure
Verify effectiveness at follow-up
Validation: Finding closed only after effective CAPA

Classification Criteria

Category	Definition	CAPA Required	Timeline
Major	Systematic failure or absence of element	Yes	30 days
Minor	Isolated lapse or partial implementation	Recommended	60 days
Observation	Improvement opportunity	Optional	As appropriate

Classification Decision

Is required element absent or failed?
├── Yes → Systematic (multiple instances)? → MAJOR
│   └── No → Could affect product safety? → MAJOR
│       └── No → MINOR
└── No → Deviation from procedure?
    ├── Yes → Recurring? → MAJOR
    │   └── No → MINOR
    └── No → Improvement opportunity? → OBSERVATION

CAPA Integration

Finding Severity	CAPA Depth	Verification
Major	Full root cause analysis (5-Why, Fishbone)	Next audit or within 6 months
Minor	Immediate cause identification	Next scheduled audit
Observation	Not required	Noted at next audit

See references/nonconformity-classification.md for detailed guidance.

External Audit Preparation

Prepare for certification body or regulatory audit:

Complete all scheduled internal audits
Verify all findings closed with effective CAPA
Review documentation for currency and accuracy
Conduct management review with audit as input
Prepare facility and personnel
Conduct mock audit (full scope)
Brief personnel on audit protocol
Validation: Mock audit findings addressed before external audit

Pre-Audit Readiness Checklist

Documentation:

Quality Manual current
Procedures reflect actual practice
Records complete and retrievable
Previous audit findings closed

Personnel:

Key personnel available during audit
Subject matter experts identified
Personnel briefed on audit protocol
Escorts assigned

Facility:

Work areas organized
Documents at point of use current
Equipment calibration status visible
Nonconforming product segregated

Mock Audit Protocol

Use external auditor or qualified internal auditor
Cover full scope of upcoming external audit
Simulate actual audit conditions (timing, formality)
Document findings as for real audit
Address all Major and Minor findings before external audit
Brief management on readiness status

Reference Documentation

ISO 13485 Audit Guide

references/iso13485-audit-guide.md contains:

Clause-by-clause audit methodology
Sample audit questions for each clause
Evidence collection requirements
Common nonconformities by clause
Finding severity classification

Nonconformity Classification

references/nonconformity-classification.md contains:

Severity classification criteria and decision tree
Impact vs. occurrence matrix
CAPA integration requirements
Finding documentation templates
Closure requirements by severity

Tools

Audit Schedule Optimizer

# Generate optimized audit schedule
python scripts/audit_schedule_optimizer.py --processes processes.json

# Interactive mode
python scripts/audit_schedule_optimizer.py --interactive

# JSON output for integration
python scripts/audit_schedule_optimizer.py --processes processes.json --output json

Generates risk-based audit schedule considering:

Process risk level
Previous findings
Days since last audit
Criticality scores

Output includes:

Prioritized audit schedule
Quarterly distribution
Overdue audit alerts
Resource recommendations

Sample Process Input

{
  "processes": [
    {
      "name": "Design Control",
      "iso_clause": "7.3",
      "risk_level": "HIGH",
      "last_audit_date": "2024-06-15",
      "previous_findings": 2
    },
    {
      "name": "Document Control",
      "iso_clause": "4.2",
      "risk_level": "MEDIUM",
      "last_audit_date": "2024-09-01",
      "previous_findings": 0
    }
  ]
}

Audit Program Metrics

Track audit program effectiveness:

Metric	Target	Measurement
Schedule compliance	>90%	Audits completed on time
Finding closure rate	>95%	Findings closed by due date
Repeat findings	<10%	Same finding in consecutive audits
CAPA effectiveness	>90%	Verified effective at follow-up
Auditor utilization	4 days/month	Audit days per qualified auditor

Weekly Installs

153

Repository

alirezarezvani/…e-skills

GitHub Stars

6.9K

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code137

gemini-cli113

opencode113

codex104

cursor101

github-copilot91

技术债务管理工具 - 系统识别、分类、优先级排序与修复计划 | 开发效率提升

587 周安装

ISO 13485内部审计专家指南：医疗器械QMS审计计划、执行与不符合项管理

🇨🇳中文介绍

QMS 审计专家

目录

审计计划工作流

基于风险的审计频率

按条款划分的审计范围

相关 Skills

审计员独立性

审计执行

证据收集

按条款划分的审计问题

发现项记录

不符合项管理

分类标准

分类决策

CAPA 整合

外部审计准备