Professional Documents
Culture Documents
Auditor's Comments
See cover letter
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
INTERNAL AUDIT CHECKLIST
Points
BLANK Not Applicable or Not Audited The procedure or process is not relevant to the vendor
0 No System The procedure and process is not included in the vendor's system.
The procedure or process is included in the system but planning and execution both require
1 System Deficient substantial improvement. The system is documented but not followed.
The system is in place but it is not properly documented or executed. There is a high probability that
the system will not produce consistent results. Improvements to the process documentation are
2 Improvement Needed required.
The procedure or process is included in the supplier's system. Planning and execution meet these
requirements. There is a high probability that the supplier's system will produce consistent results.
3 Acceptable The system can be manual or electronically automated.
The procedure or process is included in the system. Planning and execution are thorough and
exceed these requirements. It is certain that the system will produce exemplary results. Although not
4 Outstanding required, typically electronic data management is used.
2 of 1
INTERNAL AUDIT CHECKLIST
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
3 of 1
1 - COMPANY STRUCTURE ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
1.1 Has the Company established and maintained a heirarchy of control? Score Auditor's Comments
Organizational chart exists which reflects the current reporting structure and succession planning is documented.
Evidence exists which indicate organizational freedom to exercise authority and responsibility.
Job descriptions include responsibilities for supporting objectives.
There is a management representative with defined authority and responsibility for meeting customer compliance.
Qualified technical personnel available for design, process, product, and service support.
Manual has been developed which details the system of policies and procedures.
Procedures identify:
l Who is responsible for action
l What has to be done
l When the actions are required
Written procedures and instruction define the methods for performing work affecting quality for those:
l Managing the work
l Performing the work
l Verifying the work
1.2 Are there corporate goals for continuous quality improvement? Score Auditor's Comments
1.3 Is there a periodic review by management of the effectiveness of the quality management systems? Score Auditor's Comments
Goals are regularly reviewed by top management.
System in place to verify meeting objectives and policy.
Achievement of objectives a high priority in overall performance reviews.
1.4 Are internal audits performed and corrective actions implemented? Score Auditor's Comments
Internal audits are performed with defined reports/distribution.
External audits are performed regularly with deficiencies addressed in a timely manner
Internal audits are conducted semi-annually or scheduled on the basis of status and importance of activity.
Internal audit evaluates effectiveness of activity as well as conformance to procedures.
Management reviews are conducted on results of audits.
Corrective actions are timely, recorded, and evaluated for effectiveness.
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
Legal Compliance 4 of 15
2 - DOCUMENT AND DATA CONTROL ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
Documentation controlled.
Written procedures have been developed and implemented for controlling design and document control.
Procedures address responsibility and the approval process required to make changes.
Design changes documented and approved by authorized personnel before implementation.
There is a periodic audit of the process to confirm the specification control system functioning properly.
Are current documents (specifications, drawings artworks, etc.) available and readily accessible to all
2.2. Score Auditor's Comment
appropriate areas?
Master list of all controlled documents and the revision level are available.
Current documents are available and readily accessible in all appropriate areas.
There is evidence that the current documents are being referenced and utilized throughout the company to perform the activities required
2.3. Are obsolete documents removed from use? Score Auditor's Comment
Obsolete documents are removed from use.
Written policies and procedures are available to handle obsolete documents.
Obsolete documents are being destroyed in a timely and confidential manner.
There is a periodic audit of the process to conform that obsolete documents are being withdrawn from use.
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
5 of 15
9 - RECORDS ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
9.1 Are records maintained in accordance with governmental regulations and/or company policy? Score Auditor's Comment
Records and related documentation are retained for a specified time period.
There are documented record keeping rules.
Timely and periodic purging of the file system takes place to keep record keeping system up to date with current information.
Centralized filing system (hardcopy or electronic) is maintained in an appropriate environment to prevent deterioration, damage or loss.
9.2. Is there a system in effect to assure that records are reviewed? Score Auditor's Comment
Records are reviewed on a schedule as defined in a procedure or work instruction.
Records are reviewed for the purpose of the following:
l Process refinement/improvement
l Complinace with local/state/federal regulations
l Complinace with company policy
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and
intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
6 of 15
10 - TRAINING ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
10.1 Have procedures been established and used for identifying training needs? Score Auditor's Comment
Training procedures exist for training all levels, including hourly, technical, and management staff, in company policy and job specific
information.
Training procedures cover all of the following:
l Part-time and temporary employees.
l Procedures/Policies/Work Instructions.
l Safety.
l Equipment.
l Relevant local, state, federal regulations.
Training procedures address future training requirements, retraining, and refresher training.
Training effectiveness is periodically evaluated.
Annual reviews of training procedures and requirements are performed.
Annual training plans are addressed in budget requirements.
10.2. Are qualification and training records maintained for all personnel? Score Auditor's Comment
Qualification and training records are maintained for all personnel and include all of the following:
l Type of training-equipment, method, procedure, or subject.
l Date of training.
l Results of training.
l Date of refresher training, if required.
Training records and results are used as management reviews to assure that training requirements are met.
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and
intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
7 of 15
11 - FACILITIES ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
11.1 Does the supplier practice good housekeeping? Score Auditor's Comment
The following good housekeeping points are practiced:
l Facilities are clean with no trash around.
l Facilities walking surfaces and fire exit routes are clear.
11.2 Are lighting and utilities sufficient to perform the required operations? Score Auditor's Comment
Acceptable lighting is found in all areas:
Electrical supply is sufficient to handle production requirements.
Back-up generators are installed to handle power outages.
11.3 Is the working environment safe & secure? Score Auditor's Comment
Safety procedures are fully developed.
Fire alarm system is place.
Exit doors are clearly marked and lock from the inside.
OSHA reports are all acceptable or issues have been resolved.
No environmental pollution potential.
Security systems are in place and require use of badge access
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
8 of 15
12 - CUSTOMER SERVICE ASSUREX HEALTH INTERNAL DEPARTMENT AUDIT
12.1 Are customer or field complaints received, reviewed, and investigated? Score Auditor's Comment
Customer complaints are addressed, recorded, and maintained in a corrective action database.
Verification of customer satisfaction is recorded after corrective action has been implemented.
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and
intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
5 - BCP/DR ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
5.2. Company is able to continue supplying/servicing Assurex Health in the event of a disaster? Score Auditor's Comment
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding
confidentiality and intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior
management approval.
10 of 15
3 - IT MANAGEMENT ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
3.1 ISO 27001 & ISO 27002 certified? Score Auditor's Comment
3.3 Breaches are monitored 24/7 & responded to immediately? Score Auditor's Comment
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
11 of 15
6 - LAB ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
6.1 Processes are documented Score Auditor's Comments
Documented process and quality instruction procedures, including applicable standards reflect current practices.
All instruction procedures are controlled documents and are signed off by appropriate personnel.
A formal procedure exists, which details the responsibility for procedure development and approval processes.
All written instruction procedures are routinely reviewed for application of processing methods and accuracy of requirements.
All process changes are documented, reviewed, and approved by appropriate personnel before change is made.
Control plans are routinely reviewed for effectiveness and updated as required.
6.2 Achievement of quality goals Score Auditor's Comments
Consistently meets/exceeds quality goals
Quality goals are regularly reviewed and supported by top management.
6.3 A preventive maintenance program has been documented and implemented. Score Auditor's Comments
Complete preventive maintenance and repair records are readily available for all process equipment.
Preventive maintenance program is structured and performed based on time requirements.
6.4 Does the company maintain a root cause corrective action system that provides for prompt identification and correction of error? Score Auditor's Comments
Written Corrective Action procedures are documented as part of the quality manual.
Corrective Action reports address basic information for identification of problem.
Written Corrective Action procedures address:
l Analyzing data to determine root cause of non-conformance.
l Documenting and reporting corrective action.
Non-conformance reports (e.g. product quality, deviation, audit results, quality records, etc.) used to develop preventive actions.
Supplier maintains a historical database for all Corrective Actions.
Corrective Action procedures are reviewed regularly for continuous improvement.
6.5 Is follow-up action performed to verify the effectiveness of corrective action? Score Auditor's Comments
Written Corrective Action procedures address verification for effectiveness of corrective action.
Effectiveness of Corrective Action is verified and documented.
Effectiveness of Corrective Action is verified by routine audits of original problem.
6.6 Test methods and equipment have been validated for their use. Score Auditor's Comments
Validation is performed on all test methods and equipment.
Validation is documented.
Written validation procedures are available for all test methods and equipment.
All products have been validated for the test method or equipment used.
System in place to provide review and revalidation of test methods or equipment.
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
12 of 15
4 - PRODUCTION LINE
ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
4.3. Outgoing Goods- All products are checked for quality prior to leaving the production facility Score Auditor's Comment
Non-conforming products/components/materials clearly identified and segregated to prevent distribution
Finished products are inspected either 100% or at random
Consistently meets/exceeds quality goals
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding confidentiality and intellectual
property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior management approval.
Page 13 of 15
7 - OPEN ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding
confidentiality and intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior
management approval.
14 of 2
8 - OPEN ASSUREX HEALTH VENDOR DUE DILIGENCE AUDIT
This document may contain confidential information and is considered proprietary information. Use of this document is covered by the corporate agreement regarding
confidentiality and intellectual property. This document is not to be shared with third parties or with employees outside of normal business conduct without prior
management approval.
15 of 15