The following audit checklist has been prepared by ChatGPT, as described in my article, 'How to Create Audit Checklists with ChatGPT.' This checklist is based on ISO 14971:2019, the relevant standard for Risk Management of Medical Devices and Combination Products.
A downloadable PDF version can be found below the table.
Chapter 1: Audit Checklist as per ISO 14971:2019
| Section/ Subsection/ Bullet point | Audit Question | Documentation to be Reviewed |
|---|---|---|
| 4.1 a) | Has the scope of the planned risk management activities been defined and described in the Risk Management Plan? | Risk Management Plan |
| 4.1 b) | Have the responsibilities and authorities been assigned in the Risk Management Plan? | Risk Management Plan |
| 4.1 c) | Are there requirements for review of risk management activities in the Risk Management Plan? | Risk Management Plan |
| 4.1 d) | Have criteria for risk acceptability been defined in the Risk Management Plan? | Risk Management Plan |
| 4.1 e) | Is there a method to evaluate the overall residual risk in the Risk Management Plan? | Risk Management Plan |
| 4.1 f) | Are activities for verification of the implementation and effectiveness of risk control measures defined in the Risk Management Plan? | Risk Management Plan |
| 4.1 g) | Are activities related to the collection and review of relevant production and post-production information included in the Risk Management Plan? | Risk Management Plan |
| 4.2 | Has a risk management file been established and maintained for each medical device? | Risk Management File |
| 4.3 | Has the manufacturer identified interfaces and other responsibilities with other manufacturers if the device is used in combination with other devices? | Risk Management File, Agreements/Contracts with other manufacturers |
| 5.1 | Has a risk analysis been performed for the medical device, and are the results recorded in the risk management file? | Risk Management File |
| 5.1 a), b), c) | Does the risk analysis documentation include the identification and description of the medical device, identification of the person(s) and organization who carried out the risk analysis, and the scope and date of the risk analysis? | Risk Management File |
| 5.2 | Has the manufacturer documented the intended use and any reasonably foreseeable misuse of the medical device? | Risk Management File |
| 5.3 | Has the manufacturer identified and documented those characteristics that could affect the safety of the medical device? | Risk Management File |
| 5.4 | Has the manufacturer identified and documented known and foreseeable hazards associated with the medical device? | Risk Management File |
| 5.5 | Has the manufacturer estimated the associated risk(s) for each identified hazardous situation? | Risk Management File |
| 6 | Has the manufacturer evaluated the estimated risks and determined if the risk is acceptable or not? | Risk Management File |
| 7.1 | Has the manufacturer determined risk control measures to reduce the risks to an acceptable level? | Risk Management File |
| 7.2 | Have the risk control measures been implemented and their effectiveness verified? | Risk Management File |
| 7.3 | After the risk control measures are implemented, has the manufacturer evaluated the residual risk? | Risk Management File |
| 7.4 | Has the manufacturer performed a benefit-risk analysis if a residual risk is not judged acceptable? | Risk Management File |
| 7.5 | Has the manufacturer reviewed the effects of the risk control measures to check if new hazards are introduced or the estimated risks for previously identified hazardous situations are affected? | Risk Management File |
| 7.6 | Has the manufacturer reviewed the risk control activities to ensure that all risks from all identified hazardous situations have been considered? | Risk Management File |
| 8 | After all risk control measures have been implemented and verified, has the manufacturer evaluated the overall residual risk posed by the medical device? | Risk Management File |
| 9 | Has a review of the execution of the risk management plan been done prior to release for commercial distribution of the medical device? | Risk Management File |
| 10.1 | Has the manufacturer established a system to actively collect and review information relevant to the medical device in the production and post-production phases? | Risk Management File, Production and Post-Production Records |
| 10.2 a)-f) | Has the manufacturer collected information generated during production, by the user, by those accountable for the installation, use and maintenance of the medical device, by the supply chain, publicly available information, and information related to the generally acknowledged state of the art? | Risk Management File, Production Records, User Feedback Records, Maintenance Records, Supply Chain Records, State of the Art Documents |
| 10.3 | Has the manufacturer reviewed the information collected for possible relevance to safety? | Risk Management File |
| 10.4 | If the collected information is determined to be relevant to safety, has the manufacturer reviewed the risk management file and determined if reassessment of risks and/or assessment of new risks is necessary? | Risk Management File |