Last Updated on September 25, 2025 by Melissa Lazaro

Introduction: Why an ISO 13485 Internal Audit Checklist Matters

Here’s the truth—most ISO 13485 audit findings could be caught long before the auditor shows up if internal audits were done properly. In my experience, companies either rush through internal audits or treat them as a checkbox exercise. The result? Gaps stay hidden until Stage 1 or Stage 2, and by then, it’s a lot more stressful (and costly) to fix them.

That’s where an ISO 13485 internal audit checklist becomes invaluable. It gives your team a structured way to review every clause of the standard, capture evidence, and spot weak points early. Instead of wondering, “Did we cover everything?” you’ll know exactly where you stand before the certification body ever walks in the door.

This article will walk you through:

• What an ISO 13485 internal audit is and why it matters.

• The key areas you need to check.

• How to get the most from using a checklist.

• And yes—the link to download a ready-to-use checklist you can start with right away.

Think of it as your audit prep safety net. If you use it consistently, you’ll walk into certification audits with far fewer surprises and a lot more confidence.

What is an ISO 13485 Internal Audit?

An internal audit is essentially a health check for your Quality Management System (QMS). ISO 13485 requires organizations to run internal audits at planned intervals to make sure processes are not only documented but also working in practice.

Here’s how it fits in:

• Purpose: To verify that your QMS conforms to ISO 13485 requirements and your own internal procedures.

• Timing: Internal audits must be performed regularly (most companies do them annually or per process cycle).

• Scope: Unlike Stage 1 or Stage 2 external audits, internal audits are run by your own team or an independent consultant. They cover everything—documentation, training, CAPA, risk, supplier management, and more.

Pro Tip: Treat internal audits as opportunities, not obligations. The best companies use them to find issues early, fix them quickly, and walk into external audits knowing there are no surprises waiting.

Common mistake: Many companies rush through internal audits just before certification, hoping to “check the box.” Auditors spot this instantly, especially when audit reports are thin and don’t include meaningful findings.

In short, an internal audit is your chance to practice before the big game. And with the right checklist, you’ll cover every requirement systematically, instead of relying on memory or scattered notes.

Key Areas Covered in an ISO 13485 Internal Audit Checklist

A strong internal audit checklist should mirror the standard and guide you clause by clause. But in practice, most audit findings fall into the same core areas. Here’s what your checklist should always include:

1. Document Control & Record Keeping

• Are all procedures controlled, up to date, and approved?

• Are obsolete versions removed from circulation?

• Are records complete, signed, and stored properly?
  Pro Tip: Keep a document master list—it makes it easy to show auditors what’s current.

2. Risk Management (ISO 14971 Integration)

• Is risk management applied throughout the product lifecycle?

• Are risk files updated with complaints, CAPAs, and design changes?

• Are controls implemented and verified?
  Common mistake: Risk files created once during design and never touched again.

3. CAPA and Nonconformity Handling

• Are CAPAs documented with root cause analysis and effectiveness checks?

• Are nonconformities logged, trended, and closed on time?
  Example: Auditors want to see issues discovered internally, not just during external audits.

4. Supplier Controls

• Are suppliers qualified and re-evaluated regularly?

• Do records show performance monitoring (delivery, defects, complaints)?
  Pro Tip: Keep a supplier scorecard—it instantly shows ongoing oversight.

5. Training and Competence

• Are training records complete and current?

• Can employees explain the quality policy and their role in it?
  Pitfall: Training without competence evaluation—auditors will ask staff questions.

6. Production & Process Controls

• Are Device Master Records (DMR) and Device History Records (DHR) complete?

• Are special processes (e.g., sterilization) validated?

• Are changes controlled and documented?

7. Internal Audits and Management Reviews

• Have all processes been audited within the cycle?

• Do management reviews include all required inputs and outputs?

• Are follow-up actions documented and tracked?

These areas form the backbone of any ISO 13485 internal audit checklist. If you can show evidence for each one, you’ll eliminate most common non-conformities before they ever make it into an external audit report.

How to Use the ISO 13485 Internal Audit Checklist Effectively

Having a checklist is one thing—using it well is another. I’ve seen companies download a template, skim through it once, and then put it in a drawer. That won’t help you when the auditor comes knocking. The real value comes from making it part of your internal audit process.

Here’s how to get the most out of it:

1. Plan your audit schedule

   • Spread audits across the year instead of cramming everything into one session before certification.

   • Rotate auditors (or use external consultants) to keep reviews objective.

2. Audit clause-by-clause

   • Use the checklist to match ISO 13485 requirements against your documented procedures and records.

   • Don’t just ask, “Do we have this procedure?”—ask, “Can we prove it’s implemented?”

3. Capture evidence, not just answers

   • Write down file names, record IDs, and employee interviews as you go.

   • This way, when you’re asked about compliance, you have proof ready.

4. Assign corrective actions

   • Turn findings into actions with owners and deadlines.

   • Track them in CAPA or a simple log so nothing gets lost.

Pro Tip: Run one or two “surprise” audits on specific processes during the year. They usually reveal issues people overlook when they know the audit is scheduled.

When used this way, the ISO 13485 internal audit checklist isn’t just a piece of paper—it’s your roadmap to a stronger, audit-ready QMS.

Download Your ISO 13485 Internal Audit Checklist (Free Resource)

If you’ve read this far, you already know that having a structured checklist can make the difference between a smooth audit and one filled with surprises. That’s exactly why I’ve put together a ready-to-use ISO 13485 Internal Audit Checklist—so you don’t have to start from scratch.

Inside the checklist, you’ll find:

• A clause-by-clause breakdown of ISO 13485 requirements.

• Space to capture evidence and findings during your audit.

• Reminders of common pitfalls and what to look for.

• A simple, professional format you can adapt to your business.

💡 Pro Tip: Use the checklist as a working document. Print it or run it digitally, and update it each time you perform an internal audit. Over time, it becomes a powerful record of how your QMS is maturing.

👉 [Click here to download the ISO 13485 Internal Audit Checklist (Free PDF/Excel)]

FAQs on ISO 13485 Internal Audit Checklist

Q1. Do internal audits have to cover every clause of ISO 13485?
Yes. Over the course of your audit cycle, every clause must be covered. Some companies audit all at once, others spread it out across the year—but nothing can be skipped.

Q2. How often should ISO 13485 internal audits be performed?
Most organizations run a full cycle at least once per year. However, high-risk processes (like sterilization or complaint handling) may need to be audited more frequently.

Q3. Who should perform an ISO 13485 internal audit?
Auditors should be objective and impartial—meaning they can’t audit their own work. Many companies train staff from other departments or bring in external consultants for independence.

Conclusion: Prepare Smarter with the ISO 13485 Internal Audit Checklist

Internal audits aren’t just a requirement—they’re your best chance to catch problems before an external auditor does. The most common non-conformities (documents, CAPA, risk management, training, supplier controls) are all things you can find and fix early with the right checklist.

In my experience, the companies that succeed with ISO 13485 don’t treat internal audits as a checkbox. They treat them as a tool for continuous improvement. The difference shows—both to your team and to your auditor.

Your next step: Download the checklist, plan your audit schedule, and start using it with your team. If you can check off every clause with real evidence, you’ll walk into certification audits with confidence.

[Download the ISO 13485 Internal Audit Checklist Here]