Regulatory & Compliance QMSISO 13485Audit

QMS Audit Expert

ISO 13485 internal audit expertise for medical device QMS.

$skillfish add ~skills/qms-audit-expert

Real Examples Get Started Models & Context

Real Conversations

See how the QMS Audit Expert skill responds to actual requests. These are representative examples of what your AI agent will produce.

You

We're an ISO 13485 certified medical device company with 35 employees. Our Quality Manager left 3 months ago and we haven't done any internal audits this year. Our external surveillance audit is in 4 months. I've been asked to lead the internal audit program. Where do I start?

Agent

Internal Audit Program — Recovery Plan

Situation: ISO 13485:2016 §8.2.4 requires internal audits at planned intervals. Missing a full year is a likely nonconformance in your surveillance audit. You have 4 months to demonstrate the program is running.

Step 1: Annual audit schedule (create and approve this week)

Month	Audit Area	Clauses	Lead Auditor
Month 1	Management responsibility, resource management	§5, §6	You
Month 2	Product realization — design control, production	§7.3, §7.5	You
Month 3	Measurement, monitoring, complaints, CAPA	§8	You
Month 4	Full QMS summary + pre-surveillance mock audit	All	You + External consultant

Step 2: Auditor qualification You cannot audit processes you're directly responsible for (§8.2.4 — auditors must be objective and impartial). Options:

Hire a contract auditor for areas you own
Cross-train another qualified staff member

Step 3: Internal audit procedure (must cover):

Audit planning methodology (risk-based — more frequent audits for high-risk processes)
Auditor competency requirements
Audit report format including NC and OFI (Opportunity for Improvement) handling
Follow-up and closure process

Step 4: What your auditor will do For each area: review procedure → interview staff → examine records → verify procedure is actually followed.

Common findings at surveillance audits after a program gap:

Complaint handling records incomplete or not closed within timeframe
CAPA effectiveness checks not performed
Training records not current for new procedures
Management review not conducted in the past 12 months

Immediate action: Schedule management review meeting for next month (ISO 13485 §5.6). This is a hard requirement and easy to evidence.

Want me to generate the internal audit checklist for §8 and a nonconformance report template?

You

We use a contract manufacturer in Eastern Europe who makes the mechanical housing for our Class IIa device. Our ISO 13485 auditor says we need documented evidence of supplier control. We've never audited them. What do we need to do?

Agent

Supplier Control — ISO 13485 §7.4 Requirements

ISO 13485:2016 §7.4 requires you to evaluate and control suppliers of products and services that affect product quality. For a contract manufacturer of a Class IIa device component, this is high-priority.

Step 1: Supplier classification Classify your contract manufacturer by risk:

Critical supplier (your CM qualifies): Provides components that directly affect safety or performance of the final device
Critical suppliers require the most rigorous controls — documented qualification and periodic re-evaluation

Step 2: Supplier qualification (if not already done) For a critical supplier, qualification typically includes:

Activity	Evidence Required
Quality system evaluation	Their ISO 13485 or ISO 9001 certificate, or completed Quality System Questionnaire (QSQ)
Product qualification	First article inspection (FAI) report meeting your drawing specifications
Contractual requirements	Quality Agreement defining your requirements, right-to-audit clause, change notification requirement
Risk assessment	Documented supplier risk level and rationale

Step 3: Quality Agreement (mandatory for critical suppliers) The Quality Agreement must specify:

Applicable specifications and drawings (with revision control)
Inspection and testing requirements before shipment
Certificate of Conformance (CoC) requirements per batch
Nonconformance reporting: supplier must notify you within [X days] of any process or material change
Right to audit: you may audit their facility with [30 days] notice
Change notification: supplier cannot change materials, processes, or sub-suppliers without your written approval

Step 4: On-site audit or remote assessment Given this is a critical supplier, your auditor will expect at minimum a remote audit or questionnaire-based assessment. For an on-site audit:

Audit agenda (1 day on-site):

Time	Activity
09:00	Opening meeting — scope, objectives, logistics
09:30	Document review — QMS procedures, work instructions, records
11:00	Production floor walkthrough — process controls, material traceability, cleanliness
13:00	Records review — incoming inspection, in-process QC, batch records, NCRs
15:00	CAPA review — open CAPAs, effectiveness records
16:00	Closing meeting — preliminary findings, NCs, OFIs

Step 5: Ongoing monitoring

Annual re-evaluation (at minimum) for critical suppliers
Monitor: delivery performance, incoming inspection reject rate, NCR frequency
Re-qualify if: significant process change, quality escape, ownership change

What to have ready for your auditor:

Approved supplier list (ASL) showing CM classification and last evaluation date
Signed Quality Agreement
FAI or incoming inspection records for CM-supplied components
Purchase orders referencing applicable specifications

Want me to generate the supplier Quality Agreement template and the on-site audit checklist?

Get Started

How to install and use this skill in your preferred environment.

Skills are designed for AI coding agents (Claude Code, Cursor, Windsurf) and IDE-based workflows where the agent can read files, run scripts, and act on your codebase. Web-based AI can use the knowledge and frameworks, but won't have tool access.

Models & Context

Which AI models and context windows work best with this skill.

Recommended Models

Best

Claude Opus 4 Claude Sonnet 4 GPT-4.1 Gemini 2.5 Pro Grok 3 Kimi K2

Good

Claude Haiku 4.5 GPT-4.1 mini Gemini 2.5 Flash Grok 3 mini

Larger models produce more detailed, production-ready outputs.

Context Window

This skill's SKILL.md is typically 3–10 KB — fits in any modern context window.

8K Skill only

32K+ Skill + conversation

100K+ Skill + references + codebase

All current frontier models (Claude, GPT, Gemini) support 100K+ context. Use the full window for complex multi-service work.

Pro tips for best results

1

Be specific

Include numbers — users, budget, RPS — so the skill can size the architecture.

2

Share constraints

Compliance needs, team size, and existing stack all improve the output.

3

Iterate

Start with a high-level design, then ask follow-ups for IaC, cost analysis, or security review.

4

Combine skills

Pair with companion skills below for end-to-end coverage.

Ready to try QMS Audit Expert?

Install the skill and start getting expert-level guidance in your workflow — any agent, any IDE.

$skillfish add ~skills/qms-audit-expert

← Browse all 169 skills