With the COVID-19 pandemic and the consequent travel restrictions and remote working conditions faced by millions, medical device manufacturers are still expected to comply with quality system regulations and standards. This, of course, includes audits by Notified Bodies.
The following article outlines why virtual audits have become necessary, how they work, what additional documentation medical device manufacturers can refer to and how manufacturers and Notified Bodies perceive the matter.
Why Remote Audits?
Even under the extraordinary conditions we currently face around the globe, the availability of safe medical devices on the market must be guaranteed, as must the prevention of potential device shortages, which could be life-threatening for some patients.
Therefore, in April 2020, the European Commission’s Medical Device Coordination Group (MDCG) announced that it would allow Notified Bodies to run “remote” or “virtual” audits in the face of the pandemic under specific circumstances. It is recommended that Notified Bodies decide whether a manufacturer is eligible on a case-by-case basis.
In December 2020, the group published a Questions & Answers document with further information related to MDCG 2020-04.
In January 2021, the European Commission published a further Notice on the application of Sections 2.3 and 3.3 of Annex IX to Regulation (EU) 2017/745 and Regulation (EU) 2017/746 with regard to Notified Bodies’ audits performed in the context of quality management system assessment. This notice focuses on legal requirements, the exceptional circumstances created by the COVID-19 pandemic and further considerations by the Commission.
How do Remote Audits work?
If a remote audit is permitted according to MDCG guidance, a Notified Body may make use of the technical means at their disposal to conduct a remote assessment. Among other things, Notified Bodies can conduct remote audits to:
- Carry out an off-site assessment of relevant documents and records
- Use results from audits run under the Medical Device Single Audit Program (MDSAP)
Remote audits should be carried out using the most advanced available technologies while adhering to legislation on information security and data protection. Furthermore, when it comes to existing and new critical suppliers or subcontractors, remote audits under the Directives may be conducted using the principles and guidance outlined in MDCG 2020-4.
Some exceptions where remote audits should be avoided include:
- Unannounced audits (which will become more frequent under EU MDR law)
- Special audits which require on-site assessment (e.g. for verifying the implementation of specific corrective actions that can only be assessed on-site)
- Initial certification audits or audits to extend the scope of certification under the Directives, unless deemed necessary by the Notified Body, e.g. in cases where devices are considered relevant to ensure medical care, especially if clinically necessary during the period of COVID-19 restrictions.
Source: MDCG 2020-4
According to Martin Witte of TÜV SÜD, his Notified Body hasn’t seen a great difference when it comes to virtual audits, particularly in cases where there is already a well-established system already in place. Some limitations occur with regard to production, where any remote activities and inspections are, of course, limited. Other than that, however, remote audits for TÜV SÜD have gone quite smoothly so far.
Nonetheless, the fact that Notified Bodies cannot carry out initial EU MDR audits in a remote setup is a huge obstacle according to Martin Witte. In these cases, they cannot rely on previous assessments, and must do everything on-site for the initial audit. So any current MDR projects are blocked by this.
Typical activities carried out during a remote audit
According to a recent survey by Team Notified Bodies, here are some of the main activities conducted by auditors:
- Conducting interviews with operators, regulatory managers, quality inspectors etc
- Reviewing specific documents on-screen
- Inspecting equipment, records and manufacturing areas via a webcam
- Running pre-audit verification, agreement, compatibility of IT solutions
- Carrying out a pre-audit document review
- Reviewing all available information, such as the last report or technical documentation of medical devices
How are Remote Audits Perceived by Manufacturers and Notified Bodies?
Both manufacturers and Notified Bodies have expressed their support for remote audits in light of the pandemic and travel restrictions. In June 2020, MedTech Europe, the European trade association for the medical technology industry, published a position paper on “the need for ‘virtual audits’ under the Medical Device and In Vitro Diagnostic Regulations in the context of a pandemic, such as COVID-19”.
They urged the European Commission and Member States to publish guidance clarifying that, instead of on-site audits, Notified Bodies should be able to conduct audits under the EU MDR and IVDR in a virtual setting by using available technologies. They also stated that the scope of these virtual audits should not only be limited to COVID-19 related devices alone.
According to MedTech Europe, remote audits would support manufacturers in their efforts to provide breakthrough technologies and solutions to patients while complying with current legislations. If clear guidelines and a clear risk-based approach are followed, remote audits can take place in a manner that maintains patient safety and device performance.
Furthermore, the survey conducted by Team NB in October 2020 among 37 Notified Bodies shed some additional light on the authorities’ experiences when conducting virtual audits. Here are some of the results:
- The majority of respondents had generally had a “successful” or “very successful” experience with remote audits
- Some of the main advantages of virtual audits included less need for travel, ease of participation of specific Notified Body experts, the improvement of classic audit formats, the use of modern IT solutions and the fact that remote audits are environmentally sustainable
- Among the obstacles observed when conducting remote audits, Notified Bodies named poor network connections, limited IT skills on the manufacturer’s side, excessive time in obtaining responses, poor preparation, timezone differences and a more superficial image of the company being audited
- Over 80% of respondents had never been denied access to a remote audit, while just over 60% had been denied access to an on-site audit (e.g. due to site closures or lack of on-site resources).
- On average, 82% of Notified Bodies raised an equal number of non-conformities during remote audits compared to on-site audits
- Nevertheless, more than half of respondents (57%) said that they needed more time to complete remote audits compared to on-site audits
While remote audits have their limitations, they represent a huge step forward for the healthcare industry and overall seem to be working quite well in the areas where they are permitted.
COVID-19 has been a clear wake-up call for healthcare, showing that many processes are in dire need of a digital makeover. Virtual audits are an important component of this new digital era for MedTech companies and Notified Bodies, and could even prove useful once the travel restrictions have ended.
The lack of Notified Bodies was already causing bottlenecks and now with COVID-19, actors are further blocked. With the EU MDR postponement, manufacturers won some time, but they should try to avoid backlogs mounting up before the new May 2021 deadline. It is also advisable to not work based on MDD or AIMDD, since these certificates will only be valid for three years and matters will be even more expensive for high-risk devices.