The MDCG issued a new Guidance for notified bodies on the use of MDSAP (Medical Device Single Audit Program) audit reports in the context of surveillance audits carried out under the Medical Devices Regulation (MDR) or In Vitro Diagnostic medical devices Regulation (IVDR).
It provides guidance to notified bodies on how to take into account audit reports issued by MDSAP auditing organisations when performing surveillance audits under the MDR and IVDR, especially, when the manufacturer would like to present the MDSAP audit in the context of the regular surveillance audits performed in accordance to the new Regulations.
”For example, the positive quality management system conformity appraisal through MDSAP might lead to a reduction of the focus on aspects already covered by MDSAP audit reports. The notified body may then focus their surveillance audit on specific MDR/IVDR requirements which are either not covered or only partially covered by the MDSAP audit report.
Non-exhaustive list of examples (alphabetical order):
-clinical evaluation/performance evaluation process (including post-market clinical/performance follow-up),
-EU authorised representative contractual provisions,
-EU UDI assignments within the quality management system,
-manufacturer financial coverage in respect of potential liability,
-person responsible for regulatory compliance qualification and role,
-records control, -system for risk management,
-vigilance and post market surveillance activities, including the associated corrective actions and preventive actions.
Similarly, non-conformities identified in recent MDSAP audit reports can trigger the notified body to pay particular attention to those aspects in the MDR/IVDR planned surveillance audit.”
The MDCG nevertheless highlights:
- The taking into account of MDSAP audit reports is not applicable to initial quality management system audits required for the issuing of EU QMS certificates. Notified bodies designated under the MDR/IVDR would always need to conduct these audits in their entirety.
- The taking into account of MDSAP audit reports is not applicable to MDR/IVDR unannounced audits.
- Reports of MDSAP unannounced audits or special audits should not be taken into account in the narrowing of focus in MDR/IVDR surveillance audits.
- Regular surveillance audits would still take place on a yearly basis. However, the positive QMS conformity appraisal through an MDSAP audit may lead to a limitation of the surveillance focus from aspects already covered by the MDSAP audit reports.
- When MDSAP audit reports are considered as input to the planning of an MDR/IVDR surveillance audit, these reports should be taken into account in their complete form, including all associated attachments. Both positive and negative statements about the conformity of the manufacturer should be incorporated in the planning of the MDR/IVDR audit.
- If there is concern about the functioning of the quality management system, for instance due to information gathered through the assessment of vigilance cases or post market activities, previous surveillance audits or technical documentation assessments, a complete surveillance audit should be carried out.
The Annex to the Guidance identifies and analyses aspects within MDSAP audit reports that are relevant in relation to the EU requirements.
- Part I focuses on providing an explanation of where to find relevant information in MDSAP audit reports that could be used to a greater or lesser extent as supporting evidence for MDR/IVDR quality management system requirements.
- Part II provides examples on how correlations between MDR requirements to sections of MDSAP audit reports may be established in the notified bodies’ additional guidance or procedures. Although the examples in Part II focus on MDR requirements, the same methodology could be applied for the IVDR.
You can find the whole document in our Library of documents – icon ”NOTIFIED BODY” and ”MDCG”, both under MDR and IVDR.