ISO 13485:2016 contains 12 uses of the word ‘audit’. None of them are found in Clause 3. Definitions. What this standard does do, is reference ISO 19011 for Internal Audits.
ISO 19011:2018 does define an ‘Audit’ under subclause 3.1 Audit as, “The systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”
Keep in mind that ISO 19011 is the standard of Guidelines for Auditing Management Systems, not ‘guidelines for auditing medical device manufacturer’s quality management systems’. However, as an International Standard, 19011 is globally recognized as a bar to which auditing and auditors can be held. I know that personally, it was the base for both of the Lead Auditor classes I have been through.
Different Authorities Having Jurisdiction are also free to define what they accept within their own jurisdiction. The U.S. FDA, through 21 CFR 820.3 Definitions, defines what the U.S. FDA considers to be a ‘Quality Audit’:
“(t) Quality audit means a systematic, independent examination of a manufacturer’s quality system that is performed at defined intervals and at sufficient frequency to determine whether both quality system activities and the results of such activities comply with quality system procedures, that these procedures are implemented effectively, and that these procedures are suitable to achieve quality system objectives.”
Are these terms identical? No. Do they mean the same thing? Not exactly. They are not identical twins, but they definitely have a family resemblance.
For your own quality system, you will need to determine which regulatory bodies that you must comply with. For example, if you will not market a device under the U.S. FDA’s jurisdiction, it does not matter what they define as an audit. However, if you must comply both with 21 CFR 820 Quality System Requirements and ISO 13485:2016, then you need to figure out a way to meet the requirements of both simultaneously.