Objective Evidence: Objective evidence in the audit
Laws and standards (e.g., FDA, ISO 13485) require “objective evidence.”
In most cases, an audit of the quality management system by a notified body is a prerequisite for manufacturers of medical devices to be allowed to market their devices in Europe.
The FDA also audits quality management systems but refers to inspections rather than audits.
Content
On this page, you will find articles on:
ISO 9000:2015 defines the term audit as follows:
systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Depending on the focus of an audit, there are:
A distinction is also made between
System audits/audits of the QM system are the most important ones for medical device manufacturers. If successful, they will receive a certificate authorizing them to place their devices on the market in Europe.
Please also note the overview article on QM systems and the FAQ on QM systems and certifications.
An audit by a notified body is the prerequisite for the notified body to issue a certificate (in accordance with ISO 13485 or Annex IX). This certificate in turn is the prerequisite for placing devices on the market, at least for products of higher risk classes.
Manufacturers may only place their devices on the market on the basis of certificates from a notified body. There are other certification bodies whose ISO 13485 certificates are worthless. There are also providers who are not even accredited for ISO 13485.
The FDA now also requires conformity with ISO 13485 but does not require certificates. It reviews conformity as part of FDA-inspections. However, unlike audits, inspections do not end with a certificate if they are successful.
The International Medical Device Regulators Forum (IMDRF) has launched the Medical Device Single Audit Program MDSAP: An MDSAP audit can be used to fulfill the regulatory requirements for audits and inspections of QM systems.
ISO 19011 describes the requirements for audits (i.e., their planning, implementation and documentation) and for auditors.
Further determinations specify the duration of audits.
If an auditor certifies a “non-conformity”, this can lead to the notified bodies refusing or withdrawing the certificate. In principle, what the auditor checks is known (see Fig. 1):
Fig. 1: Auditors check during the audit the conformity of the QM system with normative and legal requirements as well as the conformity with the company’s own QM system.
In a notice, the EU has regulated in more detail when and how notified bodies may carry out remote audits:
Calls for the possibility to take temporary extraordinary measures, including remote audits, related to notified body on-site audits under the medical devices Regulations have been made by industry as well as notified bodies.
The MDCG has published a Guidance on temporary extraordinary measures related to medical device Notified Body audits during COVID-19 quarantine orders and travel restrictions.
In it, it allows facilitations, e.g:
Do you still have questions, for example about setting up your QM system? Then take advantage of our free micro-consulting service.
The consultants at the Johner Institute not only support you in setting up QM systems, but also audit these systems and prepare you for audits (e.g., with mock audits and mock inspections).
Are you interested? Then contact us right away.
This seminar will give you the competence you need to act as an internal auditor.
Laws and standards (e.g., FDA, ISO 13485) require “objective evidence.”
The Medical Device Single Audit Program (MDSAP) was initiated to satisfy a wish of many medical device manufacturers: To replace the various audits and inspections by authorities from different countries with one audit. Participating in the MDSAP shall suffice for verifying effectiveness and conformity of QM systems (e.g., with ISO 13485 or 21 CFR part 820). In…
DetailsDeviations, nonconformities, errors, findings, observations, and other terms are often used mistakenly synonymously. Even standards explicitly contradict each other when defining individual terms. This article clarifies,
DetailsIn 21 CFR part 820, the FDA formulates the requirements for the quality management systems of medical device manufacturers, among others. Thus, 21 CFR part 820 (Quality System Regulation QSR) is or was the counterpart to ISO 13485.
This FAQ provides answers to the most common questions that companies such as medical device manufacturers have about quality management systems (QM systems) and ISO 13485.
Software maintenance is the phase in which software is further developed, e.g., with the objective of According to the FDA, 79% of all bugs occur during software maintenance. Accordingly, some regulations address this topic.
DetailsThis article describes when and why manufacturers must affix a CE mark, what is meant by CE marking, and what manufacturers must do up to that point.
The Quality Management Representative (QMR) is also called the quality representative or “management representative” by ISO 13485. In this article, you will learn which tasks the person with this role is responsible for within an organization and which regulatory requirements must be observed.
DetailsLaws and standards formulate requirements on how medical device manufacturers must define and document the development process. Notified bodies check these requirements during audits. This article on the development process provides tips on how to design the process and how to align it with other processes, such as the risk management process.
DetailsThe MDR and IVDR use the terms device category and generic device group without fully defining them. ISO 13485:2016 introduces the medical device family. Finally, the MDCG uses the term device range. The definitions of these terms determine the allocation of UDIs and the sampling of product files during certification. Therefore, it is important for…
DetailsWe need your consent before you can continue on our website. If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. You can revoke or adjust your selection at any time under Settings.
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.