MDSAP Audit Report may be used as reference during MRD/IVDR Audit

Requirements of the MDR/IVDR

  • The MDR/IVDR clearly state that all manufacturers need to have a quality management system in place so as to ensure that devices manufactured in series are in conformity with the requirements of the respective regulation and that experience from the use of devices is taken into account in the production process (MDR Recital 32/IVDR Recital 31). This becomes an explicit requirement for manufacturers to establish, document, maintain, keep up to date and continually improve quality management systems so that to ensure compliance with the Regulations (MDR Article 10 (9)/IVDR Article 10(8)).

  • Notified bodies are charged with the assessment of quality management systems of devices in accordance with MDR Article 52 and IVDR Article 48. Specifically, notified bodies are responsible for auditing and certifying manufacturers’ quality management systems (MDR/IVDR Annexes IX and XI and Annex VII section 4.5 ), following up with appropriate surveillance audits (MDR/IVDR Annex IX section 3 and Annex VII section 4.5.1, 4.10) as well as conducting unannounced audits (MDR/IVDR Annex VII section 4.5.1). Notified bodies are also responsible for the development of their appropriate procedures for conformity assessments according to the MDR /IVDR.

  • The MDR/IVDR specifically state that notified bodies’ audit programmes should clearly identify the number and sequence of activities required to demonstrate complete coverage of a manufacturer’s quality management system (MDR/IVDR Annex VII 4.5.2) and that surveillance audits need to be carried out on at least an annual basis (MDR/IVDR Annex VII section 4.10 and Annex IX section 3.3). For each surveillance audit identified in the audit programme, the objectives, criteria and scope of the surveillance audit are defined in an audit plan which adequately addresses and takes into account specific requirements for the devices, technologies and processes involved (MDR/IVDR Annex VII section 4.5.2(a) – third bullet point). Surveillance audits are expected to gather sufficient information to verify the proper implementation of the quality management system and ensure that it continues to comply with the requirements of the MDR/IVDR.

When and how to take MDSAP audit reports into account

  • It is important to stress that the MDR/IVDR remain applicable in their entirety. The use of MDSAP audit reports within the EU legislative framework is possible only where the MDSAP audit covers similar or equivalent MDR/IVDR requirements. Designated notified bodies maintain the full authority over their judgement, conclusion and final decision about the conformity of quality management systems to the relevant provisions of the MDR/IVDR and the safety and performance of medical devices and IVDs intended to be placed on the market in the EU.

  • Given that surveillance audits, their periodicity and EU auditors’ competencies are mandated by law, yearly surveillance audits need to be maintained. However, it could be possible to take into account the scope and outputs of manufacturers’ recent MDSAP audit reports as an input for developing surveillance audit programmes. The taking into account of MDSAP audit reports could define in a more precise manner the activities to be performed during a surveillance audit. For example, the positive quality management system conformity appraisal through MDSAP might lead to a reduction of the focus on aspects already covered by MDSAP audit reports. The notified body may then focus their surveillance audit on specific MDR/IVDR requirements which are either not covered or only partially covered by the MDSAP audit report. Non-exhaustive list of examples (alphabetical order):

  1. clinical evaluation/performance evaluation process (including post-market clinical/performance follow-up)

  2. EU authorised representative contractual provisions,

  3. EU UDI assignments within the quality management system,

  4. manufacturer financial coverage in respect of potential liability,

  5. person responsible for regulatory compliance qualification and role,

  6. records control

  7. system for risk management

  8. vigilance and post market surveillance activities, including the associated corrective actions and preventive actions.

Similarly, non-conformities identified in recent MDSAP audit reports can trigger the notified body to pay particular attention to those aspects in the MDR/IVDR planned surveillance audit.

Unless requirements are not similar or equivalent between both program, there are some other exception.

  • The MDSAP audit reports are not applicable to initial quality management system audits for EU QMS certificated;

  • MDR/IVDR unannounced audit;

  • MDSAP unannounced audits or special audits reports.

Source: Federal Register

Contact us at:

Recent Posts