Update: With the COVID-19 pandemic and travel restrictions, certain audits can now take place in a virtual setting, as ruled by the MDCG. Here’s an article on remote audits.
Until now, under the MDD (Medical Devices Directive), Notified Bodies could pay unannounced visits to a manufacturer, but they were not legally bound to perform them. Under EU MDR law, however, unannounced audits and physical tests on devices will become mandatory and therefore a lot more common. The goal of these audits is to ensure continuous compliance and patient safety. Here’s how unannounced audits work and how you can better prepare for them.
What is an unannounced audit?
Unannounced audits are additional inspections for which Notified Bodies do not announce the actual date to manufacturers in advance. This means that auditors commissioned by a Notified Body will arrive at the manufacturer’s site or plant that is to be audited and conduct the audit without giving the manufacturer any prior notice. Only Notified Bodies designated under the MDR rules will be able to issue MDR CE-mark certificates as a result of audits.
This type of audit comes in addition to the initial, surveillance or renewal audits of the three-year certification cycle. European Commission Recommendation 2013/473/EU defines their objectives and procedures for execution as from September 24, 2013.
By the way, here’s a list of all MDR-certified Notified Bodies in the EU.
What are the criteria for unannounced audits?
- …must be performed at least once every three years
- …last at least for one whole day
- …should be carried out by a team of at least two auditors
- …may take place on the manufacturer’s own premises, or at their critical subcontractors or suppliers.
How do unannounced audits work?
Let’s say you’re a manufacturer of a class IIa medical device and have been recently certified under MDD or MDR. To maintain your certificate, your company will be monitored via planned, annual audits. These regular audits will be carried out by your certified Notified Body.
For the purpose of this example, let’s imagine you as a manufacturer have three critical suppliers. One version of your medical device is obtained as an OEM version from Original Equipment Manufacturer “A”. A second version is manufactured by your contract manufacturer “B”, and is finally sterilized by the contract sterilizer “C”. If all three critical suppliers are sufficiently certified, there is no need to audit them as part of your own regular annual audit.
How will this change in the future?
The European Commission recommendation states that, in addition to the annual audits, your Notified Body must carry out an unannounced audit at least once every three years. As a manufacturer, you are obliged to keep your Notified Body continuously informed about specific times when the devices under the scope of the certification will not be manufactured – since it would not make sense to carry out an audit under such circumstances.
What do Notified Bodies test as part of an audit?
The subject of an unannounced audit is both your certified quality management system (QMS) and the medical device or product you manufacture. The audit team will take a sample from your product to check its conformity with your technical documentation and with set legal requirements. If necessary, your Notified Body can also request your product to be tested, either in a test laboratory, by you, or by critical suppliers, under its supervision.
Do your manufacturing processes match what’s written in your QMS?
With unannounced audits, your Notified Body will verify whether your manufacturing processes are in line with corresponding procedures written in your quality management documentation. As part of this process, at least two critical processes should be checked, such as material specification, design control, purchasing and control of incoming components, assembling, batch release, packaging, product quality control etc.
Managing your certification agreements
To carry out unannounced audits at your company or at your critical suppliers, the certification agreements between you and your Notified Body, as well as between you and your critical suppliers must be modified accordingly.
Remote Audits times of COVID-19
Im April 2020, the European MDCG (Medical Device Coordination Group) decided that Notified Bodies would be able to carry out remote audits during the pandemic. Learn more via MedTech Dive.
Want to learn more about how to prepare for the new EU MDR demands? We can help you get your Post-Market Surveillance (PMS) and Post-Market Clinical Follow-up (PMCF) ready for the new regulation with a scalable, automated software! Get in touch for a free, personalized demo.