Audits are conducted by Auditing Organizations approved by the Regulatory Authorities of the participating MDSAP members, including Australia, Brazil, Canada, Japan, and the United States.

The MDSAP is a way for medical device manufacturers to target multiple new markets and minimize business disruptions that can happen with several different regulatory audits.

In this article, we will discuss the MDSAP purpose, benefits, the participating regulatory authorities, the typical audit process, and how a modern Electronic Quality Management System (eQMS) can help your company prepare for the MDSAP.

An eQMS is one of the best ways to prepare for the MDSAP. SimplerQMS provides eQMS software for medical device companies to manage quality management processes, reduce workflow disruption, and make compliance easier to achieve. To learn more about how SimplerQMS can help your company book a demo and talk to one of our Quality Solution experts.

We will cover the following topics:

• What Is Medical Device Single Audit Program (MDSAP)?
• What Is the Purpose of MDSAP?
• What Are the Benefits of the MDSAP?
• Which Regulatory Authorities Are Participating in MDSAP?
• MDSAP Audit Cycle
• MDSAP Audit Process
• MDSAP Key Considerations
• Frequently Asked Questions
• The Role of eQMS Software in Preparation for MDSAP

What Is Medical Device Single Audit Program (MDSAP)?

The MDSAP is a program that allows medical device companies to face a single third-party audit conducted by authorized Auditing Organizations to satisfy the regulatory requirements of its participating members.

With MDSAP, medical device companies undergo a single audit for compliance with the regulatory requirements of five medical device markets: Australia, Brazil, Canada, Japan, and the United States.

What Is the Purpose of MDSAP?

The purpose of MDSAP is to accelerate international medical device regulatory harmonization and to promote an efficient and effective regulatory model.

The program was developed to enable a regulatory overview of medical device manufacturers’ QMS while reducing the regulatory burden on the industry. It aims to promote worldwide alignment of international requirements.

For instance, a medical device company sells 3-dimensional microscopes for reconstructive surgery. Complying with the requirements of MDSAP allows the company to market and sell the device in five major international markets.

What Are the Benefits of the MDSAP?

Being MDSAP certified presents many benefits to medical device manufacturers, patients, and regulatory authorities.

Benefits for medical device manufacturers:

• Single comprehensive audit: medical device companies can undergo a single audit process, not several individual audits. Being MDSAP certified reduces business disruptions and saves resources, such as time, finances, and training.
• Commitment to quality: MDSAP certification emphasizes to regulatory authorities and customers the company’s commitment to quality and compliance with international requirements.
• Predicted audit schedules: MDSAP has a comprehensive schedule for a three-year period. So, medical device companies have a clear understanding of their timeframes and resources.

Benefits for patients and end-users:

• Patient safety: By complying with MDSAP documents, medical device companies assure patients and end-users that all devices are safe and effective for the intended use.

Benefits for regulatory authorities:

• Multiple compliances: Regulatory authorities participating in the MDSAP are assured that auditing has been conducted in accordance with the agreed requirements. This reduces the workload of individual regulatory authorities.

Which Regulatory Authorities Are Participating in MDSAP?

The MDSAP is a program under the International Medical Device Regulators Forum (IMDRF).

IMDRF is a voluntary group of medical device regulators from around the world and aims to accelerate international medical device regulatory harmonization and convergence.

There are several countries in the IMDRF group. However, the international partners that are participating in the MDSAP include:

• Therapeutic Goods Administration of Australia
• Brazilian Health Regulatory Agency (Anvisa)
• Health Canada
• Ministry of Health, Labour and Welfare of Japan, and Japanese Pharmaceuticals and Medical Devices Agency
• US Food and Drug Administration

Therapeutic Goods Administration of Australia

The Australian Therapeutic Goods Administration (TGA) uses MDSAP audit reports and certificates as part of the evidence for compliance with medical device conformity assessment procedures and market authorization requirements.

Medical device manufacturers audited under MDSAP may, under some circumstances, avoid routine TGA inspections.

Brazilian Health Regulatory Agency (Anvisa)

Brazilian Health Regulatory Agency (Anvisa) utilizes MDSAP reports to constitute an important input on pre-market and post-market assessment procedures.

ANVISA may use MDSAP audits in place of a pre-market inspection for manufacturers intending to put higher-risk devices on the Brazilian market. For subsequent assessments, ANVISA continues to use its regular audits and inspections.

Health Canada

Health Canada started accepting MDSAP certificates at the beginning of January 2019.

This means that medical device companies do not have to undergo any additional audits in Canada regarding the QMS.

Japanese Regulatory Authorities

The Japanese Regulatory Authorities (Ministry of Health, Labour and Welfare of Japan, and Japanese Pharmaceuticals and Medical Devices Agency) accept MDSAP audit reports exempting some manufacturing sites from on-site inspection.

This reduces medical device manufacturers’ burden in QMS audit processes and may lead to the reduction of documentation required to be submitted for off-site inspection as well.

US Food and Drug Administration

The US FDA will accept the MDSAP audit reports as a substitute for FDA Establishment Inspection Reports (EIR).

The EIR describes what was observed during the FDA investigator’s visit to the company site, from introductions to inspectional observations.

It is worth mentioning that when US requirements are audited, FDA 21 CFR Part 820 for QMS regulation should appear on the certification document.

MDSAP Audit Cycle

The complete MDSAP has a three-year audit cycle consisting of the following:

• An Initial Audit (the Initial Certification Audit)
• Partial Surveillance Audits in years 2, 3
• Complete Re-Audit in year 3

The MDSAP audit model will review medical device companies’ QMS compliance with ISO 13485:2016 as well as the individual regulatory requirements of the participating countries where companies wish to market finished devices.

The Initial Audit will comprehensively audit the Medical Device Quality Management System.

It consists of two audit stages. The purpose of the Stage 1 Audit is a complete review of the QMS documentation required by ISO 13485:2016 and to evaluate preparedness for the next stage audit.

The goal of the Stage 2 Audit is to evaluate QMS implementation and effectiveness in accordance with ISO 13485:2016 and the requirements of the participating regulatory authorities.

A series of Surveillance Audits aims to ensure that all applicable requirements mentioned in the Initial Audit are continuously inspected during the three-year cycle.

Finally, a Re-audit (Recertification audit) aims to confirm the continued relevance, applicability, and suitability of the medical device company’s QMS as a whole. It can include a Stage 1 Audit if your QMS has undergone a critical change that was not sufficiently assessed previously.

In addition to these audits, medical device companies can undergo Special Audits that are not part of the planned audit cycle. A Special Audit may be conducted in response to an application to extend the scope of an existing certification, for example.

Another important audit is an Unannounced Audit. This audit can be conducted anytime during the three-year audit cycle. During this audit, the Auditing Organizations will randomly select a representative product and check whether it has been manufactured in accordance with your company’s QMS.

Recommended Reading

• ISO 13485:2016 Audit: Overview, Audit Types, and Execution
• Medical Device Audits: Overview and Tips

MDSAP Audit Process

This article will briefly discuss the MDSAP audit process.

We will also give examples of how an Electronic Quality Management System (eQMS), like SimplerQMS, can help your company successfully prepare for the MDSAP certification.

As stated before, the International Medical Device Regulators Forum (IMDRF) has recognized third-party auditors to conduct the MDSAP audit for medical device companies, known as Auditing Organizations (AO).

Each participating member has a list of approved AOs. For instance, the FDA has a list of recognized auditing organizations. Check each regulatory authority website to find the authorized AO list of your interest.

Four primary processes, one enabling process, and two supporting processes are part of the MDSAP audit.

Primary processes:

• Management
• Measurement, Analysis, and Improvement
• Design and Development
• Production and Service Controls

Enabling process:

• Purchasing

Supporting processes:

• Device Marketing Authorization and Facility Registration
• Medical Device Adverse Events and Advisory Notices Reporting

The auditors will start with the Management Process and then proceed to the second primary process, and so on.

The two supporting processes will fulfill the regulatory requirements of the participating jurisdictions.

Management Process

The top management of medical device companies must ensure that:

• Sufficient resources are provided for device design and manufacturing
• The quality management system is proper and effective
• Monitor the QMS and make adjustments when needed
• Define, document, implement, and maintain the QMS requirements via a representative.

It is essential that top management show commitment to quality. The quality commitment must be communicated across the company to assure employees and third-party stakeholders, such as the regulatory authorities and end-users, that finished medical devices are safe and efficient for their intended purpose.

The quality data obtained from different sources within and outside the company must be analyzed. With this information, companies can measure preparedness for the audit, make changes in processes if required, provide additional resources, and so on.

Collating data into a single source of truth is much easier using an eQMS system paired with powerful document controls such as SimplerQMS. It allows medical device companies to gather data from all departments and processes in a single cloud-based system.

Documents and related information can be easily linked, versioned, routed for review/approval, and retrieved during the audits.

Measurement, Analysis, and Improvement Process

In MDSAP, the QMS emphasizes identifying existing and potential causes of product and quality issues.

To take appropriate and effective corrective and preventive actions, these causes must be identified.

All these processes are carried out under the Measurement, Analysis, and Improvement process. Also, outcomes must be documented and reported to the relevant regulatory authority.

An eQMS solution helps medical device manufacturers manage nonconformance, complaint, and CAPA processes.

SimplerQMS software solution allows companies to keep track of all nonconformances, complaint resolution progress, CAPA status, and so on to easily manage and document all data with just a few clicks.

Design and Development Process

The Design and Development Process aims to control the design of a medical device and to assure that the device meets user needs, intended use, and its specified requirements.

The key steps that medical device companies are expected to follow are:

• Design and development planning: Have updated and approved plans for all manufactured medical devices.
• Design input: Have design input procedures to ensure the initial design for a given medical device corroborates with its actual use. A design must be reevaluated if there is ambiguity or incompleteness.
• Design output: Ensure the design output of every medical device conforms to the original design input.
• Design review: Monitor and conduct formal documented reviews of specific devices at selected intervals. Document the results in the Design History File (DHF).
• Design verification: Ensure the conformance of design output with design input with established QMS protocols.
• Design validation: Have compatibility between devices and related software with the intended use. Companies can use either stimulated or actual use conditions to validate.
• Design transfer: Ensure the device design is translated into correct product specifications.
• Design changes: Control design changes to improve the design of a medical device.
• Design history file: Use the medical device’s DHF to prove the device was manufactured following approved plans.

The design and development process requires creating, maintaining, validating, and circulating multiple files and documents between departments. This is easier to perform and track with an eQMS solution.

SimplerQMS’s design control software module helps medical device companies to keep all design control-related documents in one place, reducing the chances of errors due to manual paperwork.

Easily create documents using a template package based on Life Science requirements, link files to different design control archives without creating duplicates, assign tasks to specific people, drag and drop external documents inside the system, and migrate all existing files to a single cloud-based system.

Production and Servicing Controls

The purpose of auditing the Production and Servicing Control is to verify the development of processes used to manufacture products that meet specifications.

Medical device companies need to consider the processes regarding:

• Environmental controls: Any environmental changes can affect the finished device’s overall quality.
• Contamination controls: The manufacturing area of the plant and the equipment used must be clean and sterile, if applicable.
• Personnel controls: Staff health, cleanliness, and clothing need to be checked regularly.
• Building controls: Sufficient space should be available for every activity in the product lifecycle.
• Manufacturing materials control: Materials used for manufacturing specific devices must be suitably discarded if compromised in any way.
• Servicing controls: Determine if servicing activities are performed and documented following instructions and procedures.

This process emphasizes various crucial controls that are needed during the lifecycle of a medical device. Once more, an eQMS solution can help in ensuring these controls are in place.

With SimplerQMS, medical device companies can create document collections to compile technical documentation, DHF, DMR, and DHR. Our solution also allows companies to schedule periodic reviews of these documents, automatically notify relevant personnel when changes are made, and securely store all the needed documentation for each device in a cloud-based system.

Purchasing Process

The medical device company is expected to establish and maintain documented controls for planning and performing purchasing activities. This refers to third-party suppliers, including contractors and consultants, who supply components, materials, or services.

Using an eQMS solution with supplier quality management features, like SimplerQMS, facilitates selecting, evaluating, qualifying, and managing your suppliers.

You can create and maintain Approved Suppliers Lists (ASLs) and use templates based on Life Science requirements for various documents, such as contracts, surveys, evaluations, certificates, and incoming inspections. Easily assign and track supplier-related tasks while keeping the records of all suppliers secure in one place.

Recommended Reading: Medical Device Supplier Management Process (8 Steps)

Device Marketing Authorization and Facility Registration Process

Auditing these processes aim to verify that medical device companies performed the appropriate activities regarding device marketing authorization and facility registration with regulatory authorities participating in the MDSAP.

Medical Device Adverse Events and Advisory Notices Reporting

This process audit verifies that a post-market surveillance system is established and implemented in the medical device company and integrated into the QMS. Procedures and workflows are established to ensure the correct and prompt identification of adverse events.

For instance, a batch of implantable pacemakers is malfunctioning, and several healthcare facilities filed complaints. The company needs to identify the root cause of the issue, ensure it does not repeat it, and report to the relevant regulatory authority.

For that, medical device companies need the capability to continuously collect and analyze data generated from every medical device manufactured and marketed.

An eQMS, such as SimplerQMS, with in-built complaint management capabilities, can make the process easier.

For example, using SimplerQMS, companies can report incidents to regulatory authorities in case the nonconformance presents a potential risk to patients or results in injury or death.

MDSAP Key Considerations

Medical device companies planning on undergoing the MDSAP should note the following points:

• Audit duration: The audit cycle of MDSAP has three years. It consists of an Initial Audit (in two separate stages), two Surveillance audits in the next two years, and a Recertification Audit in the third year.
• Audit requirements: Since MDSAP is a comprehensive audit program involving multiple inspectors, companies should be well-prepared with trained personnel. They should be available to answer the inspectors’ queries and provide the required documents and records.
• Resources: MDSAP audits have a cost for medical device companies to be certified. Companies must have the appropriate resources.
• Documentation and record keeping: There is a need to have a robust QMS with efficient documentation and record-keeping implemented.

Traditional paper-based or hybrid QMS can present challenges, such as lost documents, delays in document management activities, lack of traceability, etc.

So, it is important to consider transitioning to an eQMS. SimplerQMS solution facilitates efficient document management. You can store all records securely in one place, easily search and retrieve documents, assign tasks, automatically notify personnel, and so on.

Frequently Asked Questions

What is the Difference Between ISO 13485:2016 and MDSAP?

The difference between ISO 13485:2016 and MDSAP is that ISO 13485:2016 is an international quality standard, and MDSAP is an audit program.

Furthermore, ISO 13485:2016 is a regulatory medical device QMS standard utilized worldwide. On the other hand, MDSAP is currently conducted in five countries: Australia, Brazil, Canada, Japan, and the United States.

Does FDA Recognize MDSAP?

The US Food and Drug Administration (FDA) is one of the participating members of the MDSAP. It accepts MDSAP audit reports as a substitute for FDA Establishment Inspection Reports (EIR) for on-site inspections.

Is the EU Part of MDSAP?

The European Union (EU) is an official observer of MDSAP and may attend MDSAP meetings, assessments, and other activities. However, MDSAP is not accepted in the EU to replace or supplement its regulatory scheme.

Who Can Perform MDSAP Audits?

MDSAP audits are performed by Auditing Organizations (AOs). These organizations are authorized by the participating Regulatory Authorities to audit under MDSAP requirements. Medical device manufacturers that wish to be MDSAP certified must refer to their national AO list.

Is MDSAP a Certification?

The MDSAP provides a certification that allows a medical device manufacturer’s QMS to be audited using a single audit and accepted in five countries: Australia, Brazil, Canada, Japan, and the United States.

What are the Principles of MDSAP?

MDSAP is based on ISO 13485:2016 requirements. In addition, medical device manufacturers must comply with specific country regulatory requirements for Australia, Brazil, Canada, Japan, and the United States, depending on the intended market.

What Processes Include the MDSAP Audit Scope?

The MDSAP audit scope has a total of seven processes.

There are four primary processes: Management Process, Measurement, Analysis, and Improvement; Design and Development; and Production and Service Controls.

One enabling process: Purchasing.

And there are two additional supporting processes: Medical Device Adverse Events and Advisory Notices Reporting and Device Marketing Authorization and Facility Registration.

The Role of eQMS Software in Preparation for MDSAP

The Medical Device Single Audit Program is a unique opportunity for medical device manufacturers to access up to five international markets with a single QMS audit.

However, medical device companies do need to extensively prepare for a comprehensive, time-consuming, and expensive audit keeping in mind the requirements of multiple jurisdictions.

When using paper-based or hybrid QMS systems, challenges may arise in the form of lost documents and records, physical storage issues, unauthorized access to files, human errors, and so on.

Considering that an MDSAP audit requires extremely meticulous documentation and record-keeping, a purpose-built medical device eQMS solution can be an excellent asset for any medical device company.

An eQMS provides traceability of documents, time-stamped audit trails, automated notifications, liking documents, assigning tasks, and so on.

Best QMS software solutions for life sciences support a vast array of core QMS processes, such as document control, change management, training management, complaint handling, supplier management, and CAPA management, that are closely related to processes evaluated during MDSAP audits.

So, investing in a robust and powerful medical device eQMS, such as SimplerQMS, can make the challenging path of preparing for an MDSAP audit much smoother and simpler.

If you are interested in calculating the investment of a QMS software solution, download our eQMS Business Case Template. It will help you understand the cost of such a solution and provide the tools to present it to senior stakeholders and decision-makers.

Final Thoughts

The medical device industry is highly regulated. Companies must comply with multiple regulatory requirements to legally market and sell their devices in different countries.

To be certified according to these requirements, medical device companies must undergo third-party audits, which can be time-consuming and expensive.

Aiming to conduct a single regulatory audit of a medical device manufacturer’s QMS that satisfies the requirements of multiple regulatory jurisdictions, the Medical Device Single Audit Program was created. It has five participating members: Australia, Brazil, Canada, Japan, and the United States.

The MDSAP is a way that medical device companies can be audited once for compliance with the standard and regulatory requirements of these five different markets.

During audits, having a paper-based or hybrid QMS can present challenges, such as lost documents, human errors, physical storage limitations, unauthorized access to documents, and so on.

An eQMS offers a solution to all those issues. And SimplerQMS Software helps medical device manufacturers to streamline all audit-related activities. You can create documents using a template package based on Medical Device requirements, link relevant documents, directly escalate nonconformances to CAPA, set up automatic reminders for tasks’ due dates, and more.

Book a personalized demo and talk to our experts if you want to learn more about how SimplerQMS can support your company QMS.

The post MDSAP: Medical Device Single Audit Program appeared first on SimplerQMS.

Let us take the example of metformin (the most commonly used prescription for type 2 diabetes) that your pharmaceutical company is planning to manufacture and sell in a new market. It is only based on regular quality audits that you, the regulatory agencies, and the public, will have the assurance that this product is safe and efficacious for use.

Quality audits can be daunting, but by understanding what will be audited, having accurate documentation, and preparing for questions from the auditor, you can make the process less stressful and more efficient.

This article introduces pharmaceutical audits and offers tips on how to prepare for them.

We will look at the following in more detail:

• What Is a Pharmaceutical Quality Audit?
• Types of Audits in the Pharmaceutical Industry
• Major Pharmaceutical Audits
• Ways in Which Pharmaceutical Audits Are Conducted
• What Does a Pharmaceutical Audit Examine?
• How to Prepare for a Pharmaceutical Audit?
• 10 Tips to Help You Make Auditing Smooth
• Pharmaceutical Audit Management Software Solution

What Is a Pharmaceutical Quality Audit?

A pharmaceutical quality audit is a systematic and independent examination wherein you will establish whether the activities that your company performs are compliant with standard regulations. You will also determine whether they are effectively implemented to achieve the required objectives.

Quality audits, whether internal or external, are essential to a good pharmaceutical quality management system. With the help of quality audits, your pharmaceutical company will effectively evaluate compliance with regulatory requirements and get the required feedback, which is needed for improvement.

With the help of the SimplerQMS audit management software solution, you can significantly reduce the time and effort needed to pass audits by automating audit-related tasks, such as document routing, data collection, notifications, approvals, and escalation of activities.

Types of Audits in the Pharmaceutical Industry

In general, your pharmaceutical company will face three types of quality audits:

• Internal audits
• External audits
• Unannounced audits

Internal Audits

As a pharmaceutical company, you will audit your facilities, systems, and standard operating procedures (SOPs) under a process called internal auditing. These audits are conducted regularly, and you must have procedures and programs available for conducting such audits.

Depending on the complexity of the internal auditing process, it can be categorized into multiple categories:

• Tier 1
• Tier 2
• Tier 3

Using an audit management solution, you can facilitate planned internal audit activities by managing audit schedules, creating regular assignments, setting due dates, and automatically sending out notifications to the right people at the right time.

Tier 1 Internal Audits

These audits are the least complex of the internal audits. They are conducted by personnel of the concerned department or section.

These audits are normally of short duration, are frequent, and concentrate on issues such as auditing the housekeeping or documentation of a particular department or section.

For example, personnel in the manufacturing section may audit the thorough cleaning of all scoops, vessels, and sieves used there.

Even for tier 1 auditing, the personnel assigned to do the auditing need to have received basic training before auditing.

Tier 2 Internal Audits

Tier 2 internal audits are more complex when compared to tier 1 internal audits. They focus more on the system and the frequency is less when compared to tier 1 audits.

For example, this could include auditing the purity of the products developed by the R&D department constitutes a tier 2 example.

These audits, by their nature, will be of longer duration, and the auditors need to have rigorous training with an emphasis on the quality systems and techniques. Also, the auditors will be personnel independent of the concerned department or section.

Tier 3 Internal Audits

Tier 3 internal audits are the most complex and least frequent of the internal audits.

They can be carried out to assess the readiness of the pharmaceutical company for a forthcoming regulatory audit. Additionally, tier 3 internal audits may be conducted before beginning a crucial activity within the company.

For example, if your company is going to start manufacturing metformin for the first time, a tier 3 internal audit is advocated.

The auditors for tier 3 internal audits need to be highly trained with the necessary expertise and knowledge of all regulatory requirements in the pharmaceutical industry.

You can also bring in external consultants to do these types of audits. If you are interested in learning more about how to choose the right consultant, we suggest reading the article on the key areas when selecting a pharmaceutical consultant.

External Audits

External audits are also referred to as second and third-party audits.

Second-Party Audits

Second-party audits are conducted by parties interested in the audited company.

They could be both customers and suppliers.

Supplier audits come under second-party audits because as a manufacturer, you must know your supplier(s) thoroughly.

With integrated audit management capabilities like SimpleQMS you can also manage relevant information derived from supplier audits, and other supplier-related activities such as deviations, non-conformance reports, supplier corrective action requests (SCARs), CAPAs, and quality information in one centralized location.

Recommended Reading: The Simple Guide to Supplier Qualification in Life Sciences

Third-Party Audits

Third-party audits are conducted by external independent organizations, such as notified bodies or authorities.

Regulatory audits conducted by regulatory agencies also come under third-party audits. For example, national regulatory bodies such as the Medicine Control Agencies (MCA) of the UK and the US FDA will mandatorily conduct third-party audits.

In addition, regulatory bodies of one country may audit manufacturers based in other countries. For example, the FDA will audit your manufacturing plant located in Europe, if you are supplying medicines in the US.

It should be highlighted that third-party regulatory inspectors are comprehensively trained and highly knowledgeable.

Unannounced Audits

Manufacturers of pharmaceutical products are subject to random unannounced audits by regulatory agencies. Such audits can also include your third-party vendors who supply crucial raw materials for your products (i.e., unannounced supplier audits).

Such audits are carried out both in the European Union and the US, usually with some months of notice to allow for scheduling and traveling.

The frequency of such audits depends on the complexity of the products that you manufacture and may be anywhere between 3 to 5 years.

Major Pharmaceutical Audits

The major pharmaceutical audits that your company will face can be grouped under internal and external audits.

Major Internal Audits

EU GMPs 1.4 (xvii) states that:

“The system of Quality Assurance appropriate for the manufacture of medicinal products should ensure that (xvii) there is a procedure for self inspection and/or quality audit which regularly appraises the effectiveness and applicability of the quality assurance system.”

ICH Q7 D. Internal Audits (Self Inspection) (2.4) states that:

“To verify compliance with the principles of GMP for APIs, regular internal audits should be performed in accordance with an approved schedule. Audit findings and corrective actions should be documented and brought to the attention of responsible management of the firm. Agreed corrective actions should be completed in a timely and effective manner.”

Your pharmaceutical company should perform regular internal audits in accordance with an approved schedule. These internal audits will check the effectiveness of your QMS and document all audit findings.

If necessary, agreed corrective actions should be completed in a timely and effective manner.

External Audits

EU GMPs 7.5 states that:

“The Contract Giver is responsible for assessing the competence of the Contract Acceptor to carry out successfully the work required and for ensuring by means of the contract that the principles and guidelines of GMP as interpreted in this Guide are followed.”

Before outsourcing to a third-party vendor, your company needs to assess the legality, suitability, and competence of the vendor. You will also ensure that the vendor diligently follows the principles and guidelines of GMP.

Directive 2004/27/EC (19) states that:

“The quality of medicinal products for human use manufactured or available in the Community should be guaranteed by requiring that the active substances used in their composition comply with the principles of good manufacturing practice in relation to those medicinal products. It has proved necessary to reinforce the Community provisions on inspections and to compile a Community register of the results of those inspections.”

Your pharmaceutical company will ensure the quality of the products you manufacture by ensuring that the active substances used in their manufacture and manufactured in accordance with GMP.

SimplerQMS audit management software helps you comply with various regulatory requirements applicable to internal and external quality audits for organizations in the pharmaceutical industry.

Ways in Which Pharmaceutical Audits Are Conducted

There are three ways in which pharmaceutical audits are conducted:

• On-site audits
• Remote audits
• Self-audits

Let’s discuss each one in more detail.

On-Site Audits

As the name suggests, during the on-site audit, the concerned regulatory agencies will come to your company and will review all documents, tour the company’s premises, interview your staff, and verify that your pharmaceutical company meets all regulatory requirements.

Let us look at the example of metformin that your company wants to sell in a new market. The regulatory agency of that country will make an on-site audit and ensure that you have met all necessary regulatory requirements.

Remote Audits

As we know, the COVID-19 pandemic has upended life. It has put a lot of restrictions on both individuals and companies alike. However, one of the plus points has been a renewed interest in remote auditing.

Remote auditing is like on-site auditing regarding the document review, staff interviews, tour of your manufacturing sites, etc. The difference is that the regulatory agency will connect with you virtually using different types of technology.

Your organization will need to use various tools for file sharing, video conferencing, screen sharing, and/or Electronic Quality Management System (eQMS), like SimplerQMS, to share and review the required documents with the regulatory agencies.

To learn more about remote auditing, check out our guide on remote auditing best practices.

Self-Audits

Self-audits are also called internal audits. As discussed before, your pharmaceutical company will conduct internal audits regularly as part of complying with regulatory standards.

These audits are valuable exercises that ensure that the documents and QMS of your company are efficiently and effectively maintained. You should ensure that self-audits are conducted by staff who are not directly involved with the audited matters.

Let us revisit the metformin example. When you start marketing this drug, you will need to conduct regular self-audits to ensure that the medication is manufactured as per documented and planned protocols. This will ensure its safety and efficacy.

What Does a Pharmaceutical Audit Examine?

The quality audits that your pharmaceutical company will undergo will assure the regulatory agencies and public at large that your organization is compliant with all the necessary requirements.

By looking at the typical ways in which audits are conducted, we will get a better understanding of what pharmaceutical audits examine.

On-Site Audits

During on-site audits, some of the typical questions that the regulatory inspectors will ask your company are as follows:

• Do the pharmaceutical facility and the various departments of your company operate under a state of control?
• Does the QA department of your pharmaceutical company review all production records routinely to ensure that protocols and procedures are followed and documented properly?
• Is there sufficient equipment, laboratory space, and qualified personnel on hand?
• Are all QA procedures approved?
• Are all production batch records and release test results first reviewed for completeness and accuracy before the release of a batch of finished products?

Remote Audits

Remote audits are similar to on-site audits, except that they are virtually conducted.

This includes a virtual tour of the entire facility. Other areas/processes that are typically audited during the remote audit include the review of documents, protocols, and policies.

Self-Audits

During the self-auditing process, the personnel selected to conduct this will typically ask the following questions:

• Are the personnel working in the sterile filling area properly trained?
• Are all protocols and procedures up-to-date and authorized?
• Is there any cross-contamination of raw materials or finished products?
• Are the warehouses cleaned according to schedule?
• Are all batch record entries duly filled and signed?

How to Prepare for a Pharmaceutical Audit?

The key points that your pharmaceutical company needs to focus on while preparing for an audit are as follows.

Review All Documents

First of all, you will need to review documents from past audits.

Based on this, you will next need to prepare a detailed list of all relevant documents, including, but not limited to:

• Batch records
• Master formula records
• Standard operation protocols
• Change controls
• Deviations

These documents must be reviewed to ensure that they are validated and current. Also, ensure that all supporting documents and records are available.

It is at this stage wherein an efficient QMS software with robust document control capabilities such as SimplerQMS becomes most useful. All documents are digitized and automatically named, numbered, and versioned, following best practices of pharmaceutical document management. This will help you ensure compliance with the relevant standards and regulations of your industry.

Select Personnel and Delegate Responsibilities

You will need to select one or more individuals from every department as key people for the forthcoming audit.

The responsibilities for the various aspects of the audit will be delegated amongst them.

This personnel will have the requisite knowledge about the auditing, documents, records, systems, and protocols in place.

Prepare an Audit Plan

The third step in your plan of action is for the selected personnel to prepare an audit plan which outlines the flow of the audit.

This plan of action will be provided to the auditing inspectors.

With the SimplerQMS audit management solution, you can group all the upcoming audits under an audit plan and collect all the important details, including title, scope, objective, criteria, auditors, location, and others.

At this point, you need to note the strengths and weaknesses of the various departments. Ensure that the strongest departments are focused first, to highlight the strengths of your company.

Conduct an Internal Audit

The next logical step is to conduct an internal audit.

This will ensure that all relevant personnel is confident and that any loopholes are fixed. You may consider bringing in external experts for this part of the auditing process.

Be Prepared for Remote Audits

The COVID-19 pandemic has shown that remote auditing is here to stay.

Be prepared for remote auditing with file sharing, video conferencing, screen sharing, and an efficient eQMS solution.

10 Tips to Help You Make Auditing Smooth

Pharmaceutical Audit Management Software Solution

If your pharmaceutical company is still using paper-based systems and processes, there are limitations and challenges that you are likely to face regularly.

Recording on paper-based systems is a lengthy process. At times, the information may no longer be relevant at the time it is transcribed.

Documentation errors can lead to regulatory non-compliance. This can prove to be costly for the company in terms of brand name, time, and money.

With the help of the SimplerQMS audit management software solution, you will save the time and effort that is needed to successfully pass your audits.

The system automates audit-related activities so that you can reduce the time and effort needed to successfully pass audits.

With SimplerQMS, you can easily collect documents and reports across the product life cycle, in a single location. This makes it easy to share information with external partners. The system also allows you to easily link a response such as a nonconformance, supplier corrective action request (SCAR), or CAPA. This makes it easy to track and resolve quality issues.

Final Thoughts

Quality audits in the pharmaceutical industry are essential to ensure compliance with regulatory requirements and give confidence to the public that your products are of the best quality and efficacy.

When you invest in an efficient eQMS such as SimplerQMS, you will save both time and effort with the entire auditing process. You will find that it’s much easier to ensure regulatory complaince and will benefit from a host of other features.

Book a demo today and talk to our experts to see how we can help you streamline your audit management process and help you work more efficiently with your documentation.

The post Guide to Quality Audits in the Pharmaceutical Industry appeared first on SimplerQMS.

For example, during their audit, regulatory bodies can check to see whether laboratory testing records are genuine or have been altered. If they find any dubious records, they can issue a warning.

This article introduces you to typical laboratory audits and various types. It also gives you some valuable tips that will help you in succeeding in your external audit and discusses the advantages of using digital audit management tools.

But first, let’s go through the basics:

• What is a Laboratory Audit?
• What Does a Laboratory Audit Examine?
• Tips to Ensure Your Laboratory Is Audit-Ready
• How to Perform an Internal Laboratory Audit
• How Often Are Laboratories Audited?
• Laboratory Audit Management Software Solution

What is a Laboratory Audit?

A laboratory audit is an assessment performed to demonstrate that the laboratory’s operations are according to regulatory standards and accreditation regulations, such as ISO 15189 and ISO 17025. It also detects any deviation in their processes that could affect the quality system in medical device and pharmaceutical company operations.

There are two types of laboratory audits – external and internal audits.

External Laboratory Audits

Third-party agencies perform external audits outside of laboratories. Their main purpose is to get accreditation or certification so that the laboratory can operate in the relevant markets. If the inspection bodies observe that the laboratory has established a laboratory quality management system (QMS) according to applicable requirements, the auditors recommend the accreditation to the laboratory.

For example, if a laboratory offering testing services for a medical device company plans to start its business in EU member countries, it must first invite the relevant accreditation and regulatory bodies for inspection. If it gives accreditation, the company is allowed to start its business. Otherwise, it cannot.

Internal Laboratory Audits

Internal audit is performed by employees or staff of the same laboratory but in different departments. The main purpose of an internal audit is to perform a quick assessment of the laboratory’s current quality practices.

It is an effective way to prepare for external audits and identifies any critical non-conformity that could create severe consequences at the time of external audits.

What Does a Laboratory Audit Examine?

The audit is carried out to assure the organization’s compliance with the requirements and law. If the auditors find any non-compliance, it could result in a warning or operation suspension.

Here are some examples of areas that an auditing body might be interested in:

• Previous Audit Findings
• Processes and Operating Procedures
• Staff Competence and Training
• Equipment
• Environmental Conditions

Let’s discuss each one in more detail.

Previous Audit Finding

Sometimes, the audit is conducted based on past audit findings.

It is conducted to observe whether the laboratory has implemented enough corrective and preventive actions (CAPAs) to remove the non-conformances identified by previous auditors.

Processes and Operating Procedures

The auditors check whether the process is carried out are according to quality principles. 

For example, Standard Operating Procedures (SOPs) are necessary for executing every process in the laboratory. The auditors could check whether laboratory processes follow the approved SOPs or not.

Staff Competence and Training

The laboratory staff should be competent to understand the necessities and requirements of a laboratory environment. The laboratory is responsible for its staff training to keep them updated about laboratory practices, current quality principles, latest processes, and regulatory requirements.

For example, a training plan should be devised for all the staff working in a laboratory. The training plan should include training topics, training schedule, training material, and who will conduct training. The training plan is created for the whole year and is approved before starting staff training.

Equipment

All equipment should be in proper working condition, and its usage should not exceed the equipment’s standard operating specifications.

Routine maintenance is also necessary, including equipment calibration.

For example, an equipment log must be developed indicating its usage and filled out every time a staff performs the test. Another example could be calibration records and certificates. Their original must be obtained from the calibration performing agency and made part of the laboratory records. You must be able to present necessary calibrations records at the time of an audit.

Environmental Conditions

The environmental conditions must be adequate for performing the work and performing tests. The laboratory environment should prevent sample deterioration and the environment should not affect the tests being performed.

For example, a log containing values of environmental parameters such as Temperature and Humidity must be properly documented, maintained, and presented at the time of an audit.

Tips to Ensure Your Laboratory Is Audit-Ready

External auditors typically inform laboratories before conducting audits. However, it is not unusual to conduct an audit without prior information, these are called unannounced audits.

In any case, it is in the laboratory’s benefit to always remain audit-ready so that external auditors cannot issue any major warning or non-compliance to the laboratory.

Secondly, if the laboratory remains audit-ready, it builds credibility to the external auditors if they decide to conduct an unannounced audit without prior information.

Let’s discuss some tips that can help your laboratory remain audit-ready instead of leaving your audit preparation to chance.

1. Conduct Regular Equipment Calibration Activities

As mentioned before, calibration is one of the critical parameters that regulatory bodies inspect. Calibration indicates equipment’s accuracy and preciseness in performing measurements. The equipment should be calibrated with a regular calibration plan, and proper records should be maintained with relevant approvals and signatures.

All the above-mentioned tasks related to calibration can be easily handled using the equipment management module built into SimplerQMS. It allows you to manage documentation for each piece of equipment, create tasks and assign them to relevant personnel, and send email notifications when the calibration activity becomes due.

2. Follow a Regular Equipment Maintenance Plan

Regular equipment maintenance is one of the most effective ways to tackle the audit team.

Thus, you need to prepare a preventive maintenance plan and strictly stick to it. After each preventive maintenance, complete all the documents, such as the maintenance checklist with proper authorization and signatures.

3. Facilitate Staff Training

Inspectors inspect whether the staff working in the department is capable enough to carry out day-to-day routine activities such as safety principles, sample handling, and other activities. Laboratory management is responsible for conducting training programs.

Using QMS software such as SimplerQMS to automate training is a worthwhile investment in this regard, as it allows you to efficiently handle all functions from planning training to execution.

It allows you to easily schedule employee training by their respective designation and role. It tracks when training is due, distributes the needed training material, and sends notifications when new trainable material is released. Finally, at the end of the training, it generates a certificate of training with an electronic signature.

4. Ensure Standard Operating Procedures (SOPs) Are Up to Date

Ensure that SOPs are updated every time a new process is implemented, or new equipment is installed.

Similarly, laboratory staff should follow all the SOPs in their routine operations.

5. Facilitate Validation Processes

Ensure all the validation activities are completed with relevant documentation.  

For example, Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) should be executed before using newly installed equipment.

6. Implement a Secure Database System

Lab data systems must be secure and withstand any hacking or breaching attempts. Appropriate user levels must be created with password protection. Additionally, it should include audit trails, backups, disaster recovery, as well as 21 CFR Part 11 compliant electronic signatures.

Furthermore, an essential aspect of audits is the timely availability of the relevant data to the auditors. Otherwise, it can pose serious consequences to the laboratory.

A QMS software like SimplerQMS can provide various solutions for the aforementioned issues.

Some of the solutions that SimplerQMS provides are time-stamped audit trails, document versioning, 21 CFR Part 11 and GxP compliant electronic signatures, centralized repository, linking of documents, secure Microsoft Azure cloud storage, and more.

7. Perform Regular Internal Audits

Regular internal audits are also beneficial in preparing laboratories for external audits.

It helps in pinpointing any shortcomings that could result in severe warnings or non-conformances.

How to Perform an Internal Laboratory Audit

As mentioned previously, an internal audit provides an opportunity for the laboratories to assess their own shortcomings, and most importantly, it is also a compliance requirement. 

Let’s look at the necessary steps that are critical to a successful and compliant internal audit.

1. Scope

The scope identifies the area of interest for the audit team and is used to define the limits. 

For example, is the audit team auditing any process or a laboratory standard?

2. Audit Checklist

Checklists are critical points or processes that auditors intend to audit. Commonly, they are reference guidelines by regulatory bodies to which the laboratory is accredited.

For example, if the auditors are inspecting calibration procedures for a laboratory, the checklist would include the relevant processes from the ISO/IEC 17025 – general requirements for the competence of testing and calibration laboratories.

3. Team Selection

As mentioned above, an internal audit is carried out by the staff of the same laboratory. Therefore staff working in other departments or sections should be selected for conducting an audit to avoid conflict of interest.

For example, if the auditors inspect the sampling department, staff working in the testing department can be selected in the audit team.

4. Scheduling

Create a schedule for conducting an audit and provide information to the relevant department so that they can make arrangements and prepare.

For example, a schedule can include allocating the first half of the day for auditing the processes, personnel, and equipment. The second half of the day could be dedicated to auditing documentation and the final meeting.

5. Audit

Start audit by the initial meeting with the departmental representatives, including a brief introduction with the audit teams, their roles, and responsibilities.

After the introduction, start collecting and analyzing information. The audit should remain within its scope and should not exceed it.

Conclude audit with the final meeting, and share results with the departmental staff.

6. Audit Report

After completing the audit, generate a detailed audit report. In the audit report, provide details of non-conformities with the evidence and recommend an improvement for rectifying the non- conformities.

Lastly, you will need to present the audit report to the management to implement the recommendation and improvement.

7. Laboratory Record

As mentioned above, the internal audit is a regulatory requirement.

So for presenting to the inspectors of regulatory bodies, ensure you make the internal audit report part of your laboratory records and be ready to present it during an external laboratory audit.

How Often Are Laboratories Audited?

External audits are initially conducted when a laboratory seeks accreditation with the relevant regulators or standardization bodies. After the initial audit, these accreditation bodies periodically conduct inspections to make sure their arrangements are regular and do not deviate from their guidelines.

It is necessary to conduct an internal audit once a year.

However, this does not mean that all processes or functions should be inspected in a single audit. Small sections or procedures can be individually audited anytime in a year, but an internal audit for a whole laboratory must be completed once a year.

Overall audit completion time depends on the laboratory size and functions. Small size laboratory audits can be concluded in just one day, whereas audits for large-scale laboratories can take days.

Laboratory Audit Management Software Solution

The manual paper-based system always poses a difficult situation during the audit, no matter how well papers are arranged and personnel deployed for handling documentation. Unavailability of required documents, version miss-match between control and department copy, and documents without signatures or approvals are one of many serious problems. In addition, manual documentation requires days to prepare for the audits.

Investing in the audit management software from SimplerQMS relieves you from collecting, sorting, and arranging documents. It provides you with a centralized repository of all your documents so that you can easily access them. The documents are stored in the cloud and can be accessed from every location with a network-compatible computing device.

Final Thoughts

All the laboratories must prepare for audits. It results in quality processes, customer trust, and increased revenue for the laboratory.

Today’s laboratories are burdened with strict regulatory requirements and increasing costs.

Adopting the latest technology helps laboratories tactically face the auditor’s requirements, including audit management software by SimplerQMS. It allows you to focus more on planning rather than worrying about arrangements.

If you are interested in learning more about how SimplerQMS can help you streamline your audit-related activities and help you pass audits successfully, we recommend you book a personalized demo and talk to our experts.

The post Laboratory Audits: Overview, Guide, and Tips appeared first on SimplerQMS.

This article will introduce medical device audits and cover the following sections:

• What Is an Audit in the Medical Device Industry?
• Ways in Which Medical Device Audits Are Conducted
• What Are the Major Medical Device Audits?
• What Are the Types of Medical Device Audits?
• How to Prepare for Medical Device Audits?
• Audit Management Software for Medical Devices

What Is an Audit in the Medical Device Industry?

As per ISO 19011:2018 (section 3.1), an audit is defined as:

“Systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria  are fulfilled.”

This means that the international regulatory agencies will evaluate your medical devices company to find out whether the products you manufacture and market are in agreement with regulatory prerequisites and GxPs. This is referred to as a “medical device industry audit”.

Let us look at the example of the absorbable sutures mentioned at the beginning of this article. You will first be audited by regulatory agencies of the countries you wish to sell the product, before actually marketing it.

Ways in Which Medical Device Audits Are Conducted

The audits of your medical devices company can be in one of three ways:

• On-site audits
• Remote audits
• Self-audits

On-Site Audits

This type of audit comes under stage II of the certification audit by the regulatory agency. Once the agency has suitably determined that your company is ready for the main audit (stage I), it will do an on-site audit wherein all documented information will be reviewed, your staff will be interviewed, and it will verify that your company meets all required regulatory requirements.

Let us look at the example of absorbable sutures. If your company is planning to market these in the EU, you will need to get an ISO 13485:2016 certification. The second step in this process is the on-site auditing by Notified Bodies.

Remote Audits

A remote audit is similar to on-site auditing. Here, the auditor connects with you using different types of technology to review your documents, tour the premises, interact with your staff, and attend all presentations.

You will need to use various tools for file sharing, video conferencing, screen sharing, and/or Electronic Quality Management System (eQMS) for sharing or reviewing all required documents with the regulatory agency.

We recommend you read an article on remote auditing best practices in life sciences, which offers tips on remote auditing. Especially with the ongoing pandemic that has put a lot of restrictions on people and companies alike.

Self Audits

Self-audits or internal audits are conducted regularly by medical devices companies as part of compliance with regulatory standards. Such audits are also valuable exercises to ensure that your company’s documents and QMS are effective. Internal audits must be conducted by staff not directly involved with the audited matters.

For instance, when you start marketing your absorbable sutures, you will be required to conduct regular self-audits to ensure that the products are manufactured as per planned and documented arrangements.

You can manage your audit-related documentation including audit plans, audit reports, audit findings more efficiently by using a QMS software solution with a built-in audit management software module like SimplerQMS. It automates audit-related tasks and allows you to easily link audits with a non-conformance, CAPA, or supplier corrective actions request (SCAR).

What Are the Major Medical Device Audits?

Major medical device audits faced by companies include the US FDA 21 CFR Part 820 and ISO 13485:2016.

FDA 21 CFR Part 820: This FDA regulation refers to medical device Quality System Regulations (QSR) for manufacturers of medical devices. The document emphasizes the design, manufacture, packaging, labeling, storage, installation, and servicing of all finished products that are intended for human use. This also includes your facilities and designs that are applicable for said products.

ISO 13485:2016: This international standard specifies the requirements for a QMS when a medical device manufacturer has to demonstrate their ability to provide medical devices and related services that unfailingly meet both customer and pertinent regulatory requirements.

When you market your products only in the US, you will need to comply with FDA 21 CFR Part 820. This is a legal obligation and non-compliance will lead to citations, fines, and even litigation.

If you are marketing only in the US, ISO 13485:2016 certification is not mandatory. However, if you are planning to market in the EU, you are required to get the ISO 13485:2106 certification.

Following this, you must apply for the CE mark. This is a mandatory requirement for all items sold within the European Economic Area (EEA) since 1985.

EU Notified Body Audits

You will be audited by the Notified Bodies in the EU, depending on the classification of the medical devices that you manufacture.

The Notified Body will assess the medical device quality management system (QMS) of your company based on ISO 13485:2016 requirements and give the necessary certification against MDR or IVDR. With this certification, you can apply for the CE marking.

Certification audits are generally conducted in two stages. In stage I, the auditor will review all documents and determine whether you are ready for the main audit. In stage II, which is always on-site, the auditor will review all documents and processes, interview staff, inspect facilities, and verify whether you meet ISO 13485:2016 standards.

Recommended Reading: ISO 13485:2016 Audit: Overview, Audit Types and Execution

As already mentioned, once you are certified, you can go ahead with applying for the CE marking.

At this stage, we recommend you consider implementing medical device QMS software such as SimplerQMS. With such software, you will be able to securely store and manage all the required CE marking or other regulatory submission documentation for each and every product that your company manufactures.

The certification audits are then followed by surveillance audits wherein the auditor will ensure that you are continuing to comply with ISO 13485:2016 in a given timeframe. Also, you will need to undergo recertification audits once every three years after the initial certification audit has been completed.

The frequency and scope of the audits depend on the class of medical device that your company manufactures and markets. If you want to learn more about medical device classes, check out our guides on FDA medical device classification and EU MDR medical device classification.

FDA Audits

When you market your products in the US, you come under FDA regulations, specifically FDA 21 CFR Part 820. The FDA conducts several types of inspections:

• Pre-Approval Inspections (PAI)
• Routine Inspections
• Compliance Follow-Up Inspections
• “For Cause” Inspections

Pre-Approval Inspections (PAI)

With pre-approval inspections (PAI), the FDA is assured that your manufacturing site named in the application can manufacture the product and that the data you have submitted is both complete and accurate. The result of such an inspection is that the FDA inspectors may or may not recommend approval.

Routine Inspections

As per law, routine inspections will be every two years for your Class II and Class III medical devices.

The FDA follows the Quality System Inspection Technique (QSIT) that identifies the following subsystems in your quality management system (QMS):

• Management Controls
• Design Controls
• Corrective and Preventive Actions (CAPAs)
• Production and Process Controls

Compliance Follow-Up Inspections

When a regular FDA inspection of your company has resulted in a Warning Letter or significant 483 observations, the FDA will conduct a compliance follow-up inspection.

Herein, they will verify the actions that you have taken in response to those observations.

“For Cause” Inspections

If an issue has been reported to the FDA regarding one of your medical devices, a “for cause” inspection will be conducted.

 These issues can be reported by:

• The company itself (a product recall)
• A user
• An employee of your company

While such inspections usually focus only on the specific problem reported, they could lead to inspection of apparently disparate operations.

Medical Device Single Audit Program (MDSAP)

Another type of certification preferred by some medical device companies goes by the name of the Medical Device Single Audit Program (MDSAP).

The manufacturer will receive a single audit that will achieve up to five regulatory quality system requirements, all within the cost of one audit. If you wish to have such an audit conducted, you will need to approach an Auditing Organization (AO) that is authorized by the regulatory agency.

What Are the Types of Medical Device Audits?

There are three types of medical device audits internal, external, and unannounced audits. Let’s look at each in more detail.

Internal Audits

Internal audits are required by both FDA 21 CFR Part 820.22 and ISO 13485:2016 (section 8.2.4) requirements.

As the name suggests, employees of your company, who are not directly associated with the medical device product, can conduct the auditing. You can also have third-party consultants carry out these audits.

External Audits

External audits are also labeled as second-or third-party audits. An outside party who has a stake in your company, be it a supplier or a customer, can conduct a second-party audit. Third-party audits are conducted by external independent agencies, namely, Notified Bodies or regulatory authorities.

When your company audits an existing or a potential supplier, it is referred to as a supplier audit. This is to ensure that all quality standards are met. There are multiple benefits with external audits, some of which are increasing efficiency, reducing risks, ensuring compliance with regulations, and increasing confidence in supplier agreements.

Let us revisit your absorbable sutures. Your company is looking for a potential supplier for polyglycolic acid (PGA) with which the product is made. Therefore, you must do a supplier audit of the potential supplier before signing a contract to ensure that the materials are of the highest standards.

Unannounced Audits

Furthermore, notified bodies or regulatory agencies can conduct audits of your company without prior notice. These are called unannounced audits and their frequency will depend on the class of medical devices that your company manufactures. It can take place at least once every three years. The same rules will apply to supplier audits.

Going back to our example, once you have a regular supplier for polyglycolic acid (PGA), you will conduct unannounced audits at least once in three years to ensure that all quality standards are in place for the production of this material.

How to Prepare for Medical Device Audits?

When preparing for medical device audits, certain areas are very important.

Review All Documents

“Documents, documents, documents.”

You will need to review all documents pertaining to previous audits and also review all systems and processes.

Not only will you have to review batch records, design history files, device master records, device history records, change controls, SOPs, non-conformances, and others, you will also need to ensure that all supporting documents and records are accessible.

Since there will be a huge number of documents and records, an eQMS will be most useful. Some of the key document control capabilities a QMS software provides include a centralized repository, version control, time-stamped audit trails, electronic signatures, and more. Furthermore, your QMS subsystems like Design Controls and NC/CAPA Management can be linked in the eQMS for improved traceability.

Recommended Reading: Medical Device Document Control: What It Is & How to Simplify It

Prepare an Audit Plan

You need to have a plan of action ready that will outline the different stages in the auditing, culminating with the certification.

With the help of the audit management software module, you can easily bundle all upcoming audits under a single audit plan and streamline audit-related tasks by automating data collection, follow-ups, escalation of activities, and email notifications to the right personnel.

Train the Team and Delegate Responsibilities

Select the most conversant of your employees in each department and train them to answer all the potential questions the auditor can ask.

You will also delegate tasks to appropriate personnel in each department. Give them the audit plan and ensure that all tasks are completed on time.

By using QMS software automated workflows like SimplerQMS, you can ensure that the relevant persons are notified when they are assigned a specific task.

Get Ready for Both On-Site and Remote Auditing

The initial stages of the audit may be conducted either on-site or remotely. The latter is particularly true during the ongoing pandemic, considering the restrictions on people and companies alike.

In both types of audits, the auditors will probe your company in alignment with the scope of the audit.

Remote auditing (or electronic auditing) is a virtual audit conducted using electronic systems to acquire evidence. To learn more about remote auditing, check out our guide on remote auditing best practices.

While auditing can be stressful for the company, you can mitigate this by ensuring that you have a plan of action for the inspection ready and the necessary digital tools to respond to the auditor’s questions successfully.

Audit Management Software for Medical Devices

If you are still using the traditional paper-based systems for your documentation and auditing purposes, you would have realized that it is cumbersome and time-consuming.

Rather, you can shift to the cloud-based QMS software solution with powerful audit management capabilities that can help you automate audit-related documentation processes so that you can pass audits successfully.

These days, an audit management software solution is essential for any medical device organization looking to increase efficiency and ensure compliance with all applicable regulations. It automates tedious audit-related tasks, seamlessly integrates with your quality management system (QMS). This ensures that documentation remains accurate and complete, moreover, allowing you to greatly reduce time spent on these endeavors in comparison with manual approaches!

Final Thoughts

Being in the medical devices industry, you understand that your products touch the lives of multitudes of people across the globe. Hence, you must abide by the highest industry standards. This is ensured by being certified by international regulatory agencies and standards such as the US FDA 21 CFR Part 820 and ISO 13485:2016. For the purposes of certification, you will be audited, and as we discussed in this article, there are different types of audits, namely internal, external, and unannounced audits.

A lot of documents and records need to be maintained for these purposes.

By investing in the SimplerQMS audit management software, you have a ready-to-use solution for automating audit-related documentation activities and streamlining the entire process. If you are interested in learning more about how the SimplerQMS software solution can help you become audit-ready, we recommend booking a personalized demo and talking to your experts.

The post Medical Device Audits: Overview, and Tips appeared first on SimplerQMS.

Let us say that you are a medical device manufacturer based in the US. You, therefore, need to be compliant with FDA rules and regulations (especially FDA 21 CFR Part 820). Now, you are broadening your market and wish to sell your best-selling percutaneous catheters in Europe. You will realize that to do so, you need to be compliant with ISO 13485:2016.

ISO 13485:2016 is the latest edition of ISO 13485, which, as we know is the principal international QMS (Quality Management System) standard for medical devices companies. All medical device companies wishing to sell their devices in the European Union (EU) must pass an ISO 13485:2016 audit that is conducted by a Notified Body.

In this article we will take a deeper look at the following:

• What Is the ISO 13485:2016 Audit?
• ISO 13485:2016 vs. FDA 21 CFR Part 820
• ISO 13485:2016 Audit Types
• How Often is ISO 13485:2016 Auditing Done?
• How to Prepare for ISO 13485:2016 Audits?
• How Are the ISO 13485:2016 Audits Conducted?
• How to Facilitate ISO 13485:2016 Compliance with QMS Software?

What Is the ISO 13485:2016 Audit?

An ISO 13485:2016 audit helps determine that the medical device company complies with an international standard acceptable in global regions such as the EU.

All medical device companies that sell their products in the EU must pass an ISO 13485 audit that is conducted by a Notified Body. As a medical device company, you will need to pass the ISO 13485:2016 certification audit and acquire the CE mark before you can sell your products in the EU.

ISO 13485:2016 vs. FDA 21 CFR Part 820

If you are selling your medical device products only in the US, you come under the rules and regulations of the US FDA. You will need to comply with 21 CFR Part 820.

21 CFR Part 820 cites the medical device Quality System Regulations (QSR) for medical device manufacturers. This document covers ‘The design, manufacture, packaging, labeling, storage, installation, and servicing of all finished products that are intended for human use’. This also comprises the facilities and designs applicable to these products.

Please note that 21 CFR Part 820 is a legal necessity and non-compliance can result in citations, recalls, fines, or litigation. You can obtain ISO 13485 certification, but it is not an obligation in the US.

On the other hand, if you are planning to sell your medical devices in the EU, you need to conform to the standards defined by ISO 13485:2016. If you do not get an ISO 13485:2016 audit done, you cannot sell your products in certain international markets.

ISO 13485:2016 Audit Types

Under ISO 13485:2016, you can expect three types of audits:

• Internal audits
• External audits
• Unannounced audits

Internal Audits

As per ISO 13485:2016 requirements, you will perform regular internal audits to appraise conformity, identify areas for improvement, and check the effectiveness of your QMS. Your company needs to have a formal internal audit program in place and meticulously document all policies, protocols, and records of internal audits done.

External Audits

These audits under ISO 13485:2016 standards include:

• Customer audits
• Supplier audits
• Certification audits
• Recertification audits
• Surveillance audits

Let’s look at each in more detail.

Under customer audit, a customer (existing or potential) will audit your company to make sure you are meeting their requirements.

For example, if you are selling your percutaneous catheters to a top hospital chain in the EU, they are likely to audit your company before purchasing the product.

Under supplier audit, your company will audit a potential or existing supplier to ensure that quality standards are met.

For instance, you may wish to audit a potential supplier of the materials needed for your percutaneous catheter before going ahead.

A certification audit is conducted by a selected registrar to verify that you are conforming with the ISO 13485:2016 standard before you are issued with the official ISO 13485:2016 certificate.

There are two stages in this process:

• In stage I the auditor will determine whether your company is ready for the main audit. These can be remotely conducted.
• Stage II audits are always on-site and the auditor(s) will review all documented information, interview your staff, etc, to verify that your company meets all the required ISO 13485:2016 standards.

Recertification audits are conducted every 3 years by the selected auditor.

Once you are certified, the registrar will periodically check on your company (usually once a year). These are called surveillance audits, and ensure that you are maintaining all QMS (Quality Management System) and ISO requirements.

Once you have the ISO 13485:2016 certification, you can then apply for the Conformitè Europëenne (CE) Mark. The CE mark is the EU’s mandatory conformity marking that regulates all items that are sold within the European Economic Area (EEA) since the year 1985.

The Medical Device Single Audit Program (MDSAP) is another type of certification that some medical device companies prefer. This allows you, the manufacturer, to receive a single audit so that you meet up to five regulatory quality system regulatory requirements, all at one cost. Such an audit is performed by Auditing Organizations (AOs) and is authorized by the Regulatory Authorities.

The advantage is that with a single MDSAP, you are audited for compliance with ISO 13485 and other regulatory necessities.

Unannounced Audits

When Notified Bodies or regulatory authorities in the EU or the US FDA conduct an audit of your medical device company without prior notice, it’s called an unannounced audit.

The frequency of these audits depends on the medical device class and takes place at least once every three years. These rules apply to supplier audits as well.

Let us say that a company’s medical device is found to be substandard on auditing. Although the company has stated that the product is now safe and efficacious, notified bodies will carry out unannounced audits until they are satisfied with the product.

To help you manage your audit documentation such as audit plans, audit findings, audit reports, etc. in an efficient way, you can use an audit management module in a medical device QMS software solution like SimplerQMS. This will help you automate audit tasks and integrate your audits with non-conformance and CAPA management.

How Often is ISO 13485:2016 Auditing Done?

Once the initial certification audits are completed, regular surveillance audits take place once a year to ensure that your company is compliant with ISO 13485:2016.

Recertification audits take place every three years once the initial certification audits are completed.

If you are launching a new medical device in the EU, you will face an initial certification audit, followed by annual surveillance audits, and recertification audits once in three years.

How to Prepare for ISO 13485:2016 Audits?

Let’s imagine that now you are ready to go for ISO 13485:2016 certification since you intend to sell your percutaneous catheters in the EU market.

First of all, you will purchase the ISO 13485:2016 standard and conduct a gap analysis.

The gap analysis will establish whether your QMS meets the required standards or not. The next steps would be to implement a plan of action for achieving compliance with ISO 13485:2016.

Your company will put together a cross-functional team in place for delegating tasks and for taking the necessary actions.

Once the teams and procedures are in place, consider an internal audit or a mock audit to see whether you are ready or not. Once you are ready for ISO certification, go ahead and contact a Notified Body for conducting the audit.

Considering that the COVID-19 pandemic has upended life as we know, you should be ready for remote auditing and follow best practices. This will require the setting up of the right IT systems, video conferencing software, file-sharing platforms, and an eQMS.

How Are the ISO 13485:2016 Audits Conducted?

The typical steps that a medical devices company takes for ISO 13485:2016 auditing are as follows.

Your company will contact a Notified Body to conduct the audit. The Notified Body will assess you in two stages as mentioned before an off-site document review and the on-site audit.

The off-site review of all your quality documentation will determine whether or not your QMS conforms to all necessary requirements for ISO 13485:2016. The Notified Body not only will check every QMS document, but will also check that all QMS procedures and protocols are in place throughout the lifecycle of the product.

During the on-site auditing, the Notified Body will corroborate your compliance via interviews with employees and factual observations. This is to ensure that your company is following all the quality system processes.

If you want to learn more about audits in the medical device industry, check out our guide on medical device audits.

How to Facilitate ISO 13485:2016 Compliance with QMS Software?

If your company is still going the traditional way and using a manual paper-based process for documenting QMS, you will know that it is both time-consuming and difficult.

An efficient eQMS such as SimplerQMS software allows for automated data collection, routing, notifications, follow-ups, approvals, and much more. You can digitize and automate all documentation processes for DHF, DMR, and DHR with robust design control software.

Cloud-based QMS software allows you to access all the required documentation and present the same to the auditor with only a couple of clicks.

Recommended Reading: ISO 13485 Quality Management System [Role of an eQMS]

Final Thoughts

ISO 13485 certification is necessary for all medical devices companies that wish to target the European market.

For the purposes of auditing, you will require a Notified Body to conduct the same. Once the certification is obtained, you will need to undergo surveillance audits annually and recertification once every three years.

With the help of efficient eQMS such as SimplerQMS, you will be able to automate audit-related activities, as a result, reduce the time and effort needed to successfully pass audits. If you are interested to make audit readiness your competitive advantage by using an eQMS, we recommend booking a personalized demo and talking to our experts.

The post ISO 13485:2016 Audit: Overview, Audit Types and Execution appeared first on SimplerQMS.

Especially amongst the current travel restrictions due to the pandemic.

Although, there is no denying that the COVID-19 pandemic forced every organization to quickly adopt the new way of conducting audits, causing new challenges.

This article presents the advantages and disadvantages of remote auditing, as well as standard remote auditing best practices, life science organizations should follow.

In this article, we will cover:

• What Is a Remote Audit?
• Advantages of Remote Auditing
• Disadvantages of Remote Audits
• Remote Audit Best Practices
• Remote Auditing Checklist
• Remote Auditing Tools
• Frequently Asked Questions About Remote Auditing

What is a Remote Audit?

A remote audit, also known as an electronic audit (e-audit) or virtual audit is a way of conducting an audit using electronic systems to acquire audit evidence.

The goal of an audit is to evaluate the presented evidence and objectively determine the extent to which it complies with the specific audit criteria. The overall process of remote audits is like in an on-site audit, where auditors will ask relevant questions, aligned with the scope of the audit.

During a remote audit, a variety of electronic systems are used – file sharing, video conferencing, screen sharing tools, and Electronic Quality Management System (eQMS), for sharing and the review of the necessary documents.

Note that remote audits are typically carried out for processes that do not require an on-site visit, for example, post-market surveillance audits.

In some situations, for manufacturing new sites and facilities that have not been inspected or where an inspection is required, to obtain GMP certifications during the COVID-19 pandemic, a remote inspection may be carried out.

If an organization has not resolved issues from the previous audit, a remote audit may not be suitable.

Although it depends on the accreditation bodies, oversight bodies that govern standards, and their definition of remote audit eligibility, specific conditions apply for an audit that can be performed.

Advantages of Remote Auditing

There are various benefits of conducting a remote audit for both auditors and auditees. Below, are presented some of the most notable remote auditing advantages.

Ability to Conduct Audits From Anywhere

One of the most prominent advantages of remote audits is the possibility to share, review and analyze documentation, and processes, make observations and conduct interviews from anywhere in the world.

Saved Time and Money by Using Technology

The utilization of modern technology for file sharing and video conferencing also saves time and money. Documents are typically stored in the cloud for a low fee and can be accessed from anywhere. Moreover, travel costs and time an auditor spends on commuting are non-existent.

More Efficient Audits

The auditor then can spend more time on the most valuable activities. For instance, document review, process analysis, and writing comprehensive audit reports that outline the findings and opportunities for improvement. Due to no need for commuting to the site location, remote audits allow more flexible scheduling. They also allow more people to attend the online meeting and provide more expertise on a particular question.

Disadvantages of Remote Auditing

On the other hand, there are multiple issues both an audited organization and an auditor might face when conducting a remote audit.

Lack of Direct Interaction

Of course, during the remote audits, direct interaction is non-existent. Therefore, it is difficult to read body language, interpret emails, and online conversations. This typically means that the same topic could be redefined several times to ensure that the communication is clear.

Potential Issues With Technology

As we all experienced issues with technology, whether it is a poor network connection or audio quality, the same can happen during virtual audits. A slow network connection can result in the meeting being interrupted until the network problems are fully resolved.

Similarly, problems with audio, video quality, and/or access to the database where documents are stored can result in an unpleasant remote audit experience.

Difficulty to Inspect Physical Processes and Equipment

Arguably the biggest disadvantage of remote audits is the difficulty to conduct an audit of physical processes and equipment. Of course, only if the accreditation bodies, oversight bodies that govern standards, define remote audits as eligible for physical process inspections.

These tasks are particularly difficult to conduct online.

Some viable solutions could be:

• Making sure that all of the manufacturing locations are covered with video cameras that can be viewed through your streaming platform
• Using a GoPro camera to live stream with precision

Another thing to consider when it comes to remote audits is gathering all the necessary evidence needed for the scope of an audit, scanned in an electronic format. This would typically involve a lot more preparation work for an organization that has a paper-based QMS in comparison to an enterprise using a Quality Management Software (eQMS).

Remote Audit Best Practices

There are different ways to prepare for remote audits that make them as smooth and efficient as possible. Here are some of the best practices.

Document Preparation

Whereas for an on-site audit, when having a paper-based QMS you would get the binders ready, for a remote audit ensure that all the necessary documents are ready to be shared on-screen or through a file-sharing platform or an eQMS. This means that all the required documents must be scanned and in an electronic format for them to be accessible remotely.

Think about the total preparation time and have that solid preparation in place, depending on the scope of an audit. Remember that you do not want to scan everything.

Consider establishing an audit workflow where you define who gets requests for documents, checks them in the file archive or eQMS, and finally shows the necessary documents.

In a scenario when you do not have a specific document scanned you want someone to quickly find it for you, scan it and upload it. You do not want an auditor sitting and waiting for the document they requested.

Good Connectivity and Technology

Align with the auditor on what IT platforms will be used for file sharing, video conferencing, and screen sharing or through an eQMS.

Make sure to have a network with a good enough bandwidth to support multiple connected people in an online meeting. Ensure every participant of your audit team is equipped with a proper video camera and microphone. Consider having necessary staff support before and during an audit in case there are any issues with the technology.

Eventually, also make sure to have a secured VPN (Virtual Private Network) system that can be connected to your chosen IT platforms.

Audit Team Training & Availability

Double-check if all audit participants are invited and can access the video conference and participate in remote audit when needed. Furthermore, it is important to ensure that everyone is aware of how to use the technology to avoid any kind of interruption.

Planning and Time Management

Much like on-site audits, remote audits require a detailed audit timetable and the agenda shared with all audit participants. Interviews should be scheduled well in advance although you should be ready to have an ad-hoc interview if needs arise.

Giving Auditors Access to an eQMS

If you already have Quality Management Software in place, should you give the auditor full access?

Well, most companies would not feel comfortable giving access to an eQMS, as it increases the risk of the auditor looking at everything and identifying more non-conformances. Which could then lead to corrective action and preventive action (CAPA), that otherwise could be avoided.

Most life science organizations having an audit want to have control over what the auditor sees and keep the focus narrow.

On the other hand, during the mock audits or preparation audit, the auditor’s job is to get “under the hood” and try to help the organization prepare for the real audit.

“As part of an internal audit or bringing in a consultant to do a third-party audit, giving them that full access to an eQMS might be a good approach. This allows the “auditor” to see everything and have the possibility to find all the little issues. So, when it comes to a notified body or FDA inspection, you will feel much more comfortable.”

– Katie O’Kelly, Consultant at Biologics Consulting

Note, in most situations, you would never give access to the full eQMS. The auditor would only get access to specific parts of the eQMS, which are necessary depending on the scope of the audit.

Remote Auditing Checklist

Feel free to use the checklist below to plan out the remote audit to make it as efficient and hassle-free as possible.

Remote Auditing Tools

Remote audits are conducted through ICT (Information and Communication Technology) systems. Interviews between an auditor and an auditee can be carried out through different video conferencing tools like Skype, Zoom, and Microsoft Teams.

By using the screen sharing function, available in most video conferencing tools, the auditee can present the necessary documents.

Alternatively, files can be shared via email, Dropbox, Google Drive, Box, or best using a Quality Management Software (eQMS).

With an eQMS, the process of sharing and/or demonstrating the documents can be highly efficient for both the auditor and the auditee, when compared to more general file storage platforms.

It is hassle-free, much faster, and the negative time difference effect can also be alleviated. For instance, the auditor can interview the auditee for a few hours a day, when the business working hours of both companies overlap. Then, the auditor can review the relevant documents at his/her convenience.

Organizations can off course use Dropbox or any other cloud-based file storage platform in combination with an electronic signature software like DocuSign. However, such a “workaround” is not the best practice as there is a potential for human error.

Besides, for it to work properly, a good amount of validation is required, to get both systems, work in synergy. With this workflow, accessibility issues may also arise, as Dropbox, for example, does not allow the ease of Electronic Quality Management System, where permissions can be set, so that only specific users have permissions to delete documents, edit and sign documents. This means that, if appropriate processes are not set up, then people can, for instance, accidentally delete documents.

With a Quality Management Software like SimplerQMS, different subsystems are interlinked to each other, for example:

• Corrective actions and preventive actions (CAPA)
• Supplier Management
• Audit Management
• Change Management
• Design Control
• And others

This means that during an audit it will be much easier to find related documentation. For example, you can easily see the connection between a supplier, a supplier finding, a non-conformance issue, and a CAPA.

Documents can be signed with electronic signatures, compliant with 21 CFR Part 11 requirements. This also means that the specific location, date, and time of every electronic signature is documented. Audit trails are also easily accessible – the source of record that provides documented evidence of the changes that have been made to the file(s).

Another highly useful feature of the system is the possibility of setting up alerts, notifying when, for example, the medical equipment calibration, CAPA, NC’s, SOP’s, Training is coming due. This takes some of the human error out of the occasion but also contributes to the overall audit preparedness, and a more efficient Quality Management System.

Frequently Asked Questions About Remote Auditing

Final Thoughts

Over time, accreditation bodies and oversight bodies will probably be increasing their remote audit capabilities and define them as more eligible in more specific cases.

However, if an auditor has never seen the physical facility before, it is hard to imagine if anything would replace that. Therefore, it might be that remote audits become more adopted in the future, especially for stage two kinds of audits, given the cost-effectiveness benefits of remote audits.

Therefore, it’s worth familiarizing yourself with the best practices outlined in this article to be better prepared for the next remote audit.

The post Remote Auditing Best Practices in Life Sciences appeared first on SimplerQMS.