A representative of a notified body reported that they would take care, especially in unannounced audits, to check whether the documentation is up to date and whether the products actually comply with the criteria. The first point concerns the development a lot more, the second the production.
This prioritisation is understandable: after all, one wants to ensure that medical device manufacturers do not, in preparation for regular audits, bring everything to order and in doing so, not comply with the requirements of its own quality management system, or even deliberately violate them. With an unannounced audit the manufacturer has no chance, for example,
- to update or improve outdated or missing developing documents
- to conceal missing product tests
- to falsify records of product testing.
How often do unannounced Audits take place?
A representative of a notified body revealed to me what criteria they use to choose the manufacturer and to determine the frequency with which they audit individual manufacturers. There are three parameters:
- The risk that arises from the products. In this case, the notified body orientates itself above all on the classifications in accordance with MDD (I, IIa, IIb, III).
- The problems that it has had with the product or product category in recent years. It is irrelevant whether this information originates from the manufacturers themselves or from other sources such as the BfArM reports.
- The extent to which producers make themselves suspicious, especially in an audit. Auditors have a good feel whether or not manufacturers act honestly. They notice, even if they can not always prove it, whether the quality management system is practiced or if it's just a Potemkin village.
The EU demands are more specific:
The notified bodies should carry out unannounced audits at least once every three years. They should increase the frequency of unannounced audits when the products pose a significant risk, when the type of products in question are often not compliant or when certain information suggests that there is a non-conformity of the products or from the manufacturer. The schedule of unannounced audits should be unpredictable. Basically, an unannounced audit should not take less than a day and should be carried out by at least two examiners.
The Medical Device Regulation writes in Annex IX, chapter 3.4:
The notified body shall randomly perform at least once every five years unannounced audits on the site of the manufacturer and, where appropriate, of the manufacturer's suppliers and/or subcontractors, which may be combined with the periodic surveillance assessment referred to in Section 3.3. or be performed in addition to that surveillance assessment.
Assistance in preparing for unannounced audits
If the thought of unannounced audits scares you, then sign up. With our team of auditors and risk management, quality management, usability and software experts we can help you to quickly check the compliance of your products and your development with the relevant laws and standards (IEC 62304, IEC 62366, ISO 14971 and ISO 13485).
We also help you with specific, actionable advice to quickly iron out potential errors; so you can look forward to unannounced audits.