Internal audits are an important activity for medical device manufacturers. It is not only a requirement for ISO 13485 compliance, but also an opportunity to get valuable feedback that can help to improve both the medical device and the development process.
At GBA Key2Compliance, our experienced auditors support clients throughout the entire internal audit process – ensuring compliance, identifying opportunities for improvement, and helping manufacturers strengthen their quality management systems and product safety.
Internal audits of medical devices for safety and improvement
With extensive experience in medical device Quality Assurance and Regulatory Affairs, the GBA Key2Compliance audit team knows the ins and outs of the internal audit process.
While it’s not mandatory for medical device manufacturers to use an external third-party auditor, there are a lot of benefits in using outside help for internal audits.
“We can help medical device companies audit themselves. It is recommended that manufacturers use an impartial auditor to get a better audit. As an external party, we have not been involved in the development of the device and can look at the processes with fresh eyes, bringing a new perspective and noticing things that the manufacturer may miss. We also have a lot of experience in the medical device area and with audits, so we can provide valuable suggestions on how to improve operations, make the process more efficient, and produce a device that is safe and successful in the market,” says one of our senior auditors.
GBA Key2Compliance helps a wide array of companies with internal audits, from small one-person startups to larger international corporations, adapting to each client’s needs.
“We can design an audit that suits the company. A larger company may need two auditors over a couple of days, while an audit for a smaller firm can be done with one auditor in a few hours. We also perform supplier audits on behalf of manufacturers, for example when critical processes such as manufacturing or sterilization are outsourced and need to be audited as well. The goal is the same with all internal audits: to find any deviations or missed regulatory requirements and to provide suggestions for improvement. We are not a regulatory body there only to point out problems – we are there to help and show how the manufacturer can improve its operations.”
How the internal audit process of medical devices works
For GBA Key2Compliance, it is important to meet with our clients to get to know their company and systems to deliver the best possible service. Since internal audits cover many different areas, we start by creating a plan for the audit. We map out which processes are going to be audited, and against which criteria they will be reviewed.
“The audit can take one or a few days, depending on the size of the company and how detailed the audit is. We usually start with a meeting where we ask questions to get a foundation. We look at everything from written procedures to calibration of equipment, and our experienced internal auditors cover a wide range of special areas. If we find any deviations, we discuss them and provide suggestions for improvement. The audit itself is finalized with a written report, but we are happy to support the continuing work after the audit. We have a lot of experience improving processes and making them more efficient.”
There is no requirement that the manufacturer must use the same auditors again to check if the problems have been fixed, but following up with the same team can be beneficial.
“Following up on audits using the same auditor provides consistency and continuity. When the same auditor returns, it is easy to compare different parts of the process, see what has improved, and ensure that corrective actions have been effective. It creates a more efficient process with better insights.”
How MDR and IVDR is affecting internal audits
The transition to the EU regulations MDR and IVDR has affected internal audits in many ways. The GBA Key2Compliance audit team is well aware that this can cause some concern among medical device manufacturers.
“Right now, there are a lot of questions around the transitions and the new regulations. The main new requirements to keep in mind are Post-Market Surveillance, meaning the process of monitoring the safety and performance of a medical device after it has been released to the market, and following up on how it behaves when used. Then there are increased requirements for clinical data to support the safety and performance of medical devices.
The MDR requires manufacturers to demonstrate the clinical benefits of their devices, including data on their intended use, the characteristics of the patient population, and the performance of the device. Another major part of the MDR is enhanced requirements for device traceability, which mandates the use of a Unique Device Identification (UDI) system and registration in the EUDAMED database.”
The advice from our experts is to keep these changes and new requirements in mind, but not let them overshadow everything else — and to rely on professionals to guide the way.
“MDR and IVDR are getting a lot of attention right now, but don’t forget the other new regulations and standards coming into effect. For example, there is a new directive establishing cybersecurity requirements for medical device manufacturers. If you have any questions, just get in touch with us — we are here to help and to make things simpler.”
Internal audit as a strategy
It is common knowledge in the medical device area that internal audits are necessary, but it is not as well known that they can be performed by an external auditor — or what advantages it can have.
“Our advice is not to think of the internal audit as a box that must be ticked off. See it as an opportunity. Internal audits are great tools for reducing risks and for discovering what can be improved. By using an independent, unbiased auditor, you will get feedback and support that you cannot give yourself. We have experience with many different clients, areas, and devices.
If you use us as an external auditor, take the opportunity, ask questions, and showcase how you work. This helps us help you increase the quality of your processes and products. See the internal audit as strategic, plan for it, and take advantage of the opportunity. We will help you in every way we can. And if you have any questions, just ask us.”
Learn more
If you would like to learn more about our Internal Audit Services, visit our landing page to explore how GBA Key2Compliance can support your company’s compliance journey.