Regulatory Open Forum

For clients for whom I've done and am doing internal audits to meet the requirements of Europe's IVDR (2017/746) and MDR (2017/745), I employ an integrated two-fold approach involving 1) QMS auditing against core QMS requirements like management responsibility, risk management, complaint handling/communication, post-market surveillance, vigilance, clinical evaluation, etc., adapted as appropriate for Europe's unique requirements; and/or 2) assessing compliance with IVDR / MDR conformity assessment requirements (e.g., Technical Documentation, CE marking, Declaration of Conformity, etc.).

Basic auditing methods and techniques should be done in accordance with recognized paradigms like EN ISO 19011.

For clients for whom I've done and am doing internal audits to meet the requirements of Europe's IVDR (2017/746) and MDR (2017/745), I employ an integrated two-fold approach involving 1) QMS auditing against core QMS requirements like management responsibility, risk management, complaint handling/communication, post-market surveillance, vigilance, clinical evaluation, etc., adapted as appropriate for Europe's unique requirements; and/or 2) assessing compliance with IVDR / MDR conformity assessment requirements (e.g., Technical Documentation, CE marking, Declaration of Conformity, etc.).

Basic auditing methods and techniques should be done in accordance with recognized paradigms like EN ISO 19011.

The EU-MDR does not have an explicit audit requirement. However, it is implicit in Art. 10(9)(m) where the QMS has "processes for monitoring and measurement of output, data analysis, and product improvement".

The goal of an EU-MDR implementation is bring all of the requirements into the company's system. I think of this as beyond just the Art. 10(9) QMS requirements.

There are three phases, each with associated audits.

The first phase determines the gaps between the current system and the EU-MDR requirements. While CEN/TR 17223:2018 can help, it does not cover everything. Do a gap analysis audit in which you identify each EU-MDR requirement and the procedure (by number, revision, and section) that implements the requirement. When you cannot identify the requirement you will have a gap.

The second phase is after submitting the application to the NB. They will conduct both QMS audits and product audits. Conduct a mock audit following the conformity assessment path that you selected. If the conformity assessment path allows NB sampling, don't sample. Include the technical file for each device or device family.

The third phase is after implementation. Don't conduct an explicit EU-MDR audit. You will have incorporated all the requirements into your procedures. The audit program should audit these procedures to ensure the company implements them. This way you will have audited EU-MDR, FDA QSR, etc.

The EU-MDR does not have an explicit audit requirement. However, it is implicit in Art. 10(9)(m) where the QMS has "processes for monitoring and measurement of output, data analysis, and product improvement".

The goal of an EU-MDR implementation is bring all of the requirements into the company's system. I think of this as beyond just the Art. 10(9) QMS requirements.

There are three phases, each with associated audits.

The first phase determines the gaps between the current system and the EU-MDR requirements. While CEN/TR 17223:2018 can help, it does not cover everything. Do a gap analysis audit in which you identify each EU-MDR requirement and the procedure (by number, revision, and section) that implements the requirement. When you cannot identify the requirement you will have a gap.

The second phase is after submitting the application to the NB. They will conduct both QMS audits and product audits. Conduct a mock audit following the conformity assessment path that you selected. If the conformity assessment path allows NB sampling, don't sample. Include the technical file for each device or device family.

The third phase is after implementation. Don't conduct an explicit EU-MDR audit. You will have incorporated all the requirements into your procedures. The audit program should audit these procedures to ensure the company implements them. This way you will have audited EU-MDR, FDA QSR, etc.