Audit is un examen sistemático e independiente de un Sistema de Gestión de Calidad para determinar si las actividades y resultados de calidad cumplen con los acuerdos planificados y si estos acuerdos se implementan de manera efectiva.
Complete Guide to Audit
An audit in the medical device industry is a systematic, independent, and documented process for obtaining objective evidence and evaluating it to determine the extent to which audit criteria are fulfilled. Audits are essential tools for verifying compliance with regulatory requirements, industry standards, and internal quality policies.
Types of audits in medical device regulation:
Internal Audits (First-Party Audits)
Internal audits are conducted by the organization itself or on its behalf to verify compliance with its own QMS and regulatory requirements. These audits are required by ISO 13485 and 21 CFR Part 820.
Key characteristics:
- Scheduled at planned intervals (typically annually for each process)
- Conducted by trained internal auditors independent of the audited area
- Identify nonconformities and opportunities for improvement
- Verify effectiveness of corrective actions
- Demonstrate management commitment to quality
Supplier Audits (Second-Party Audits)
Organizations audit their suppliers to ensure they meet quality requirements and contractual obligations. These audits verify supplier capability to consistently deliver materials and services meeting specifications.
Focus areas:
- Supplier QMS effectiveness
- Manufacturing process controls
- Testing and inspection procedures
- Document and record management
- Corrective and preventive action systems
External Audits (Third-Party Audits)
External audits are conducted by independent certification bodies, regulatory agencies, or notified bodies to verify compliance with standards and regulations.
ISO 13485 Certification Audits - Conducted by accredited certification bodies to verify compliance with ISO 13485 requirements. Initial certification audits are followed by annual surveillance audits and recertification every three years.
Notified Body Audits (EU) - Required for CE marking of Class IIa, IIb, and III devices under EU MDR. Notified bodies conduct initial conformity assessments and ongoing surveillance audits.
FDA Inspections - The FDA conducts inspections of medical device manufacturers to verify compliance with 21 CFR Part 820 (QSR/QMSR), premarket submission requirements, and post-market obligations. Inspections may be:
- Routine surveillance inspections
- Pre-approval inspections (PAI) before 510(k) or PMA approval
- For-cause inspections triggered by complaints or adverse events
- Follow-up inspections to verify correction of deficiencies
MDSAP Audits - The Medical Device Single Audit Program allows a single audit to satisfy requirements for multiple regulatory jurisdictions (USA, Canada, Brazil, Japan, Australia). MDSAP audits are more comprehensive than traditional ISO 13485 audits.
Health Canada Audits - Canadian regulatory audits verify compliance with Canadian Medical Device Regulations (CMDR) and ISO 13485.
Audit process and methodology:
1. Audit Planning
- Define audit scope and objectives
- Select audit team and assign responsibilities
- Review relevant documentation and previous audit findings
- Prepare audit checklist and schedule
2. Opening Meeting
- Introduce audit team
- Confirm audit scope and schedule
- Explain audit methodology
- Address questions and concerns
3. Document Review
- Examine QMS documentation against requirements
- Review procedures, work instructions, and records
- Verify document control and version management
4. On-Site Assessment
- Observe processes and operations
- Interview personnel at various levels
- Review objective evidence (records, data, reports)
- Trace products through design, production, and distribution
- Evaluate corrective action effectiveness
5. Audit Findings
- Classify findings as major nonconformities, minor nonconformities, or observations
- Document evidence supporting each finding
- Discuss findings with responsible personnel
6. Closing Meeting
- Present audit findings to management
- Clarify any questions about findings
- Discuss next steps and timelines for corrective actions
- Provide preliminary conclusions
7. Audit Report
- Detailed documentation of all findings
- Supporting evidence and references
- Recommendations for improvement
- Timeline for response and corrective action
Common audit findings in medical device manufacturing:
- Inadequate or incomplete procedures
- Lack of training records
- Insufficient design controls and validation
- Poor document control and change management
- Incomplete CAPA investigations
- Inadequate supplier controls
- Missing or incomplete batch records
- Deficient complaint handling procedures
- Inadequate risk management activities
- Incomplete validation of sterilization or software
Best practices for audit readiness:
1. Maintain audit-ready state - Keep QMS documentation current and readily accessible
2. Conduct regular internal audits - Don't wait for external audits to identify issues
3. Train employees - Ensure staff understand their QMS responsibilities and can articulate them
4. Mock audits - Practice with mock external audits to identify weaknesses
5. Document everything - Ensure all quality activities are properly documented
6. Address findings promptly - Implement effective corrective actions in a timely manner
7. Continuous improvement - Use audit findings as opportunities for improvement, not just compliance
Consequences of audit failures:
- Regulatory citations and warning letters
- Suspension or withdrawal of certifications
- Import restrictions or market suspension
- Consent decrees requiring third-party oversight
- Reputational damage and loss of customer confidence
- Additional inspections and increased regulatory scrutiny
Related Terms
More Compliance & Standards
View allLa Regulación del Sistema de Calidad de la FDA que establece los requisitos de Buenas Prácticas de Fabricación actuales (cGMP) para fabricantes de dispositivos médicos en Estados Unidos.
Un enfoque sistemático para investigar, corregir y prevenir problemas de calidad en la fabricación y operaciones de dispositivos médicos.
Un marcado de conformidad obligatorio para dispositivos médicos vendidos en el Espacio Económico Europeo, que indica el cumplimiento de los requisitos de salud, seguridad y medio ambiente de la UE.
Requisitos de la FDA bajo 21 CFR 820.30 que establecen procedimientos para controlar el diseño de dispositivos médicos y garantizar que cumplan las necesidades del usuario.
Need Help with Global Registration?
Pure Global provides regulatory consulting and AI-powered tools to help medical device companies navigate Global market access.