Public speaking. Root canals. Buying a used car. Being audited. Which do you dread most?
Yes, there are unicorns out there who actually enjoy audits, but most medical device regulatory professionals endure them as part of the job. While preparing for an audit is less than fun, going through an audit for which you were unprepared elevates “unfun” to a whole new level. You can only hide under your desk (or remain off camera) for so long.
Of course, you know by now that MEDDEV 2.7/1 rev 4 and the EU Medical Device Regulation (MDR) significantly tightened the requirements for clinical evaluation reports (CERs). As companies get products certified to the EU MDR, Notified Bodies will begin conducting surveillance audits focused on your clinical data and processes. If you have not yet experienced such an audit focused on clinical processes, you will soon enough.
Your Notified Body will inform you of the scope of the audit, which commonly includes parts of:
The audit will focus primarily on your clinical-related processes under EU MDR and the ability of your team and quality management systems (QMSs) to support ongoing compliance. Here is a general overview of what areas you can expect your Notified Body to cover, although this will vary by Notified Body, device classification, and other factors.
Your Notified Body wants to know that your senior management team is fully aware of your clinical processes and that associated compliance with the EU MDR, ISO 14155, and ISO 13485 is being taken seriously. For starters, your auditor will want to review your quality policy, organizational chart, and management review documentation. You will probably be asked to produce copies of your internal audit plans and audit reports, a list of products along with their classification, and your clinical development plan. If you have had any communication with your Notified Body or Competent Authority since your previous audit, you will want to have that on hand as well.
You may think that your Notified Body auditor will focus entirely on processes and data, but they really want to make sure that you have qualified personnel in place to execute your processes effectively. As such, they are likely to ask you for resumes / CVs of your clinical evaluation team, people involved in clinical investigations, medical writers, etc. They are probably also going to ask you for copies of the job descriptions for those people to make sure that their qualifications are well-suited for the job. You need to demonstrate that you have documented requirements for qualification, training, and authorization of the team members involved in these processes, including your Person Responsible for Regulatory Compliance (PRRC).
Your auditor is not going to be very impressed with your well-articulated clinical procedures if they are not interlinked with risk management, postmarket surveillance (PMS), and other key areas of your QMS. This is a very important part of the audit and one that many companies underestimate. You can expect your auditor to take a close look at your Corrective and Preventive Actions (CAPA), risk and change management procedures, and interlinks with clinical aspects of your QMS, such as your quality plan, management review documentation, and internal audits. This examination may also look at your clinical data that are typically used for marketing your device and how you control the claims and updates of your instructions for use (IFU), website pages, sales tools, social media, etc.
Beyond the MDR, you should prepare a detailed list of every standard, technical report, or Medical Device Coordination Group (MDCG) guidance document you are following for your auditor, plus any relevant country-specific clinical guidelines.
Most likely, you do not do everything in-house and you involve outside contractors for a variety of clinical-related processes. This can involve anyone from your European Authorized Representative (if applicable) to a clinical research organization (CRO). Your auditor will want to see copies of your contractual agreements with these key suppliers and your requirements for selecting and qualifying them. You will also need to show proof that you perform a yearly evaluation of clinical suppliers, inclusive of any audits you have done of critical suppliers.
As if you were not having enough fun yet, this is where the auditor will really start to peel back the onion and reveal the health of your clinical processes. You will likely be asked to detail the types of clinical evaluations you are performing and which products they cover. You will be asked to produce a wide variety of documents, including:
Plus, procedures
In addition, your auditor may want to see an overview of the data that are held by the company. The depth of clinical evidence requested by the auditor may depend on how long the product has been in the marketplace. Naturally, you can expect that a high-risk Class IIb or III device that is newer to the EU market will invite more scrutiny. As a general rule, if the documentation is related in any way to your clinical processes, make sure you have it available for inspection.
If applicable, your auditor will certainly want to examine your clinical studies and postmarket clinical follow-up reports involving human subjects. Be prepared to review your procedures and templates for study planning and design, study risk assessment, statistical analyses, data management, monitoring efforts, and adverse event reporting. Your study, submissions, and approvals will also be examined, along with your supplier management agreements and procedures. Once again, demonstrating the interlinks with your clinical evaluation, PMS, risk management, and other processes is vital.
You are not alone. As you can see, the amount of information and preparation needed for a clinical audit is intense. No doubt assembling all this information and making sure you have your ducks in a row will take weeks of preparation. If you are unsure whether your clinical processes will hold up to Notified Body scrutiny, our clinical consultants can perform a EU MDR Notified Body Preassessment Audit to identify and correct gaps. Contact us to learn more.
US OfficeWashington DC
EU OfficeCork, Ireland
UNITED STATES
1055 Thomas Jefferson St. NW
Suite 304
Washington, DC 20007
Phone: 1.800.472.6477
EUROPE
4 Emmet House, Barrack Square
Ballincollig
Cork, Ireland
Phone: +353 21 212 8530