Tech innovations are driving the rapid evolution of everything humans do, and auditing is no exception. Since 2020, remote or virtual audits have become commonplace, born out of necessity in a time when on-site audits were simply impossible. Due to the pressing circumstances, the transition from on-site to remote has been extraordinarily quick, and many auditees, as well as auditors, are still familiarizing themselves with the new procedures.
If your company is taking part in a remote audit, then you’re in the right place!
In this step-by-step guide, we’ll lay out everything you need to know to be fully prepared for your virtual audit.
Steps to prepare for undergoing
a remote audit
Before you do anything, it’s important to coordinate with the auditing body that will carry out the remote audit, so that your auditor can explain exactly what they need from you, and so that you have time to prepare accordingly and have any doubts resolved before audit day rolls around.
Typically, a few days or a week before the audit day, your auditor will host a pre-audit plan meeting where they will provide you with a detailed audit plan. The audit plan covers all the details of what is required from you beforehand, the rundown of what will happen (in what order, at which times, and on which audit days), who will attend from both sides, and which digital tools will be used. However, it’s prudent to check these details before the pre-audit plan meeting if possible, to give your company more time to prepare everything, as there are quite a few important things to do.
Your pre-audit checklist should therefore include, but not be limited to, the following:
1. Prepare all documents
Which documents should be sent digitally ahead of time, in what format, and when? Which documents are needed on audit day, and in what order will they be reviewed? Locate the necessary documents and ensure everything is updated, digitalized, and exported in the correct format. Categorize your documents into the order according to the audit plan.
2. Find out which digital tools will be used
Which digital tools will be used? Remote audits might make use of various separate digital tools for file sharing, video conferencing, screen sharing, etc. Or, your auditor may use an all-in-one platform. Confirm which tools will be used, and then carry out the appropriate risk assessment on your end to assure the chosen digital apps and software meet all your company’s security and privacy protocols.
3. Train and prepare your team
First, find out who of your team needs to be part of the audit. Your employees that will be present in the remote audit need to be briefed in the entire process, especially if remote auditing is new to them and may take a while to assimilate. Talk them through the step-by-step procedure to make sure everyone is aware of what’s going to happen and has their questions answered.
For virtual operations audits, it's important that the employees that will be filmed live on camera are notified and trained accordingly.
Secondly, you should train your team thoroughly in the tech and digital tools that will be used. Even if it seems trivial, check that everyone knows their way around the video software that will be used, can mute and unmute mics and cameras, enable and manage screen sharing, has login credentials, etc.
Don’t forget that there are many compliance issues possible in a remote audit environment, especially when you consider screen sharing on private computers, granting access to digital document folders or shared drives, and filming operations. Train everyone that will be present in how to stay compliant to prevent sensitive information being viewed or accessed.
4. Check your equipment and tech specs
An often overlooked but crucial step; double-check that your internet connection and devices can handle the virtual audit process, and establish a secure VPN.
For remote audits of operations, verify that the equipment and the facilities that will be monitored are ready to be filmed. If you’re not sure what the scope of your audit involves, you should ask your auditor well beforehand so you know both what they need to see and in what order.
In this case, it’s really valuable to carry out a pre-audit walkthrough of your facility and define exactly which processes, activities, employees, and sites can be audited remotely. Do a risk assessment of these as well. It’s vital to share this information with your team, and to inform them which sites are off-limits and why. Don’t forget to double check noise levels too.
If it’s going to be tricky for any reason to film operations live during an audit (for example, a camera may be prohibited inside of cleanrooms during active GMP operations) then you can ask to pre-record a video; this must always be agreed upon with auditors beforehand first.
5. Check the confidentiality agreement
Pretty much self explanatory, but important nonetheless. Be sure to read over any Non-Disclosure Agreements as well.
6. Check team schedules
Once you know which members of your team will be required in the opening meeting and on audit day(s), confirm they are actually available and clear their schedules if needed. It’s smart to have substitutes in place in case someone unexpectedly can’t attend.
If you’re due an operations audit, verify what on-site processes will be happening on audit day and who will be working on those days.
Ask your auditor beforehand who is required to attend the virtual closing meeting as well, and on which date this will be held if it’s not stated on the audit plan.
Once you’ve worked your way through the pre-audit checklist, make sure to update all your procedures in line with any new practices implemented. This is a regulatory requirement, according to ISO 9001 and ISO 13485. These regulations state that any process should have an updated procedure, if a company has started to conduct that process in a different way. For example, transforming audit practices from on-site to remote. In this case, each change and different practice should be written in the local procedures. |
What to expect during a remote audit
You’ve checked off your remote audit to-do list, and are good to go! So what does a typical remote audit day, or days, look like? There are three parts to any audit, including a virtual one.
The virtual opening meeting
Every audit commences with an opening meeting, in which the auditor will normally present a simple slideshow covering all the details of the audit. This involves naming the auditors, explaining the scope of the audit, providing necessary links and login information, and providing the audit rundown, including when brakes are planned and on what days and times the audit and closing meeting will be held.
In the opening meeting, your auditor may ask you to present a brief informative slideshow about the company. It’s good to keep an up-to-date company presentation ready for this.
The remote audit
Auditors, in most cases two, will share the responsibilities and follow the plan that was shared with your company prior to audit. Auditors usually audit related departments and processes separately, following their own checklists and taking their own notes. When the auditor is satisfied with their audit, they’ll move on to the next subject in order of the audit plan.
As we mentioned in the preparation checklist, it’s useful if you as the auditee have prepared all the necessary documentation in the right order of the audit plan.
In the case of operations audits, a member of your team must be responsible for taking the auditors around the facilities virtually. In other words, someone on your team will walk around holding a smartphone or tablet with the camera, streaming live video footage to the auditors! Make sure you keep the noise of any machinery down on audit days if possible.
Audits can be done in a day if your company has been preapproved, such as in supplier audits. That means you’ve sent all necessary documentation beforehand and it’s all been approved as compliant to regulations by the auditing company. In this case, the remote audit is merely protocol and a quick formality.
If a company is being audited for the first time by a particular auditing organization, especially if it's an operations audit, an audit may take 2-4 days to complete, depending on the size of the facility and scope of the audit.
The virtual closing meeting
In general, the closing meeting is where auditors share the notes they’ve taken during the audit. Usually, the auditor prepares and presents a short report which includes findings (if any), observations, possible improvements, best practices, and more.
All of the same attendees of the opening meeting, as well as the responsible employees that were present, or were audited, during the audit must usually attend the closing meeting. The reason behind this requirement is that their activities might be mentioned. Typically, the closing meeting is therefore quite (virtually!) crowded, and busier than the opening meeting. However, it’s the auditor who ultimately decides, and it’s also just as possible that they only want to host the closing meeting with top management.
After the audit, you’ll receive a full and more detailed audit report digitally for your records and on which you can base your next steps to solve any findings or carry out improvements. Quality and Management team should review the findings if any, and archive all documents and records in the audit folder according to FDA CFR 21 Part 820.22 - Quality audit.
How Scilife helps breeze you through remote audits
Scilife makes the whole audit process easy; from audit preparation right through to the audit itself, and on to taking action on issues and findings after the audit. In fact, the platform gets you ready for any kind of audit - even if you’re performing one!
Our all-in-one digital platform let’s you manage everything from one central, cloud-based hub. The platform is fully compliant with FDA 21 CFR Part 11 and is prevalidated according to GAMP5, which will make auditors happy.
You can use Scilife to set up and maintain your quality processes according to any relevant regulation. Why? Because in essence, any of the other life science regulations more or less dictate the same requirements, and we've built our platform based on the most stringent ones.
To get ready for audits, you can use Scilife’s Document Control module to digitalize and organize your documents and export them in the correct format you need. The Scilife Training module takes care of keeping your team trained at all times, so they’re always audit ready.
Ready for incoming, outgoing, and internal audits
Scilife offers a dedicated audits module to host or perform any audit. The module intelligently adapts itself to the type of audit you need to manage in line with ISO 19011, so you can handle supplier qualifications, supplier audits, internal audits, and incoming audits successfully.
After an audit, you’ll need to conduct any findings according to ISO 9001 and ISO 13485, and FDA 21 CFR 820.22 and 820.100. Here, Scilife continues to be useful. Mitigate findings directly within the audits module, or integrate with the CAPAs module to handle audit findings there. Non-conformities can be created automatically according to findings within the Events module, which allows you to benefit from the entire Events workflow to push the findings through investigation, risk assessment, and approval stages.
You can also use the audits module to oversee supplier qualifications in a separate workflow and decide if an audit is required. The Audits module helps you keep track of suppliers, qualifications, and the necessary audits efficiently.