In most cases, an audit of the quality management system by a notified body is a prerequisite for manufacturers of medical devices to be allowed to market their devices in Europe.
The FDA also audits quality management systems but refers to inspections rather than audits.
Content
On this page, you will find articles on:
ISO 9000:2015 defines the term audit as follows:
systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Depending on the focus of an audit, there are:
A distinction is also made between
System audits/audits of the QM system are the most important ones for medical device manufacturers. If successful, they will receive a certificate authorizing them to place their devices on the market in Europe.
Please also note the overview article on QM systems and the FAQ on QM systems and certifications.
An audit by a notified body is the prerequisite for the notified body to issue a certificate (in accordance with ISO 13485 or Annex IX). This certificate in turn is the prerequisite for placing devices on the market, at least for products of higher risk classes.
Manufacturers may only place their devices on the market on the basis of certificates from a notified body. There are other certification bodies whose ISO 13485 certificates are worthless. There are also providers who are not even accredited for ISO 13485.
The FDA now also requires conformity with ISO 13485 but does not require certificates. It reviews conformity as part of FDA-inspections. However, unlike audits, inspections do not end with a certificate if they are successful.
The International Medical Device Regulators Forum (IMDRF) has launched the Medical Device Single Audit Program MDSAP: An MDSAP audit can be used to fulfill the regulatory requirements for audits and inspections of QM systems.
ISO 19011 describes the requirements for audits (i.e., their planning, implementation and documentation) and for auditors.
Further determinations specify the duration of audits.
If an auditor certifies a “non-conformity”, this can lead to the notified bodies refusing or withdrawing the certificate. In principle, what the auditor checks is known (see Fig. 1):
Fig. 1: Auditors check during the audit the conformity of the QM system with normative and legal requirements as well as the conformity with the company’s own QM system.
In a notice, the EU has regulated in more detail when and how notified bodies may carry out remote audits:
Calls for the possibility to take temporary extraordinary measures, including remote audits, related to notified body on-site audits under the medical devices Regulations have been made by industry as well as notified bodies.
The MDCG has published a Guidance on temporary extraordinary measures related to medical device Notified Body audits during COVID-19 quarantine orders and travel restrictions.
In it, it allows facilitations, e.g:
Do you still have questions, for example about setting up your QM system? Then take advantage of our free micro-consulting service.
The consultants at the Johner Institute not only support you in setting up QM systems, but also audit these systems and prepare you for audits (e.g., with mock audits and mock inspections).
Are you interested? Then contact us right away.
This seminar will give you the competence you need to act as an internal auditor.
QM certification refers to the certification of a quality management system (QM system or QMS) by a certification body. The certification confirms to the certified company that its QM system meets a standard (e.g., ISO 9001, ISO 13485) or a law (e.g., MDR, IVDR).
Regulatory affairs managers take care of the approval of medical devices. In this article, you will learn, Update: Impact of the digital transformation on the tasks of regulatory affairs managers added!
DetailsISO 19011 is the international guideline for auditing management systems. Therefore, your notified body considers ISO 19011 state-of-the-art when it checks during your ISO 13485 certification audit whether you are conducting your internal and supplier audits effectively. Consequently, those responsible for quality management, in particular, should be familiar with and consider ISO 19011. This article…
DetailsDocument control is a documented procedure that specifies how documents are created, reviewed, approved, labeled, distributed, and updated. Organizations certified according to ISO 9001 or ISO 13485 are obliged to document control.
DetailsInternal audits are inspections of the quality management system (QM system) and its processes by the organization itself. This is why they are also called 1st party audits. ISO 13485 requires internal audits like its “sister standard,” ISO 9001, and other standards and regulations. Therefore, internal audits are also a subject of external audits and…
Details“Remediation” is often synonymous with maximum stress: Notified bodies or authorities such as the FDA have discovered significant deviations that must be remedied with the highest priority and without regard to the workload of employees or budgets. This article will help you to complete such “remediation projects” in such a way that
DetailsISO/IEC 42001 is titled “Information technology – Artificial intelligence – Management system.” The first medical device manufacturers have set out to be certified according to this standard. But are the efforts required to do so justified? Does ISO/IEC 42001 help to meet the requirements of the AI Act? This article provides answers.
DetailsManufacturers who wish to place medical devices on the market in the EU must comply with the European Medical Device Regulation MDR. This Regulation (EU) 2017/745 on Medical Devices, as it is officially titled, also imposes requirements on notified bodies, distributors, importers, and health institutions such as hospitals.
DetailsThe DAkkS, the German Accreditation Body, is Germany’s national accreditation authority.
The MDR and IVDR, as well as ISO 13485:2016, just like the FDA, set out clear requirements regarding supplier evaluation, supplier selection, and supplier monitoring. This article not only gives you an overview of the regulatory requirements. It also gives you tips on how to implement them and tells you when a supplier audit is necessary.
Details