It should come as no surprise that the far-reaching effects of the COVID-19 pandemic include how notified bodies are conducting audits of medical device manufacturers. The European Commission’s Medical Device Coordination Group (MDCG) recently released a document clarifying how notified bodies can expect to conduct remote audits after the committee’s MDCG 2020-4 guidance, released in the early months of the pandemic, began raising questions in the medical device industry and the regulatory community.
The initial guidance opened the possibility of not only postponing onsite surveillance audits under the directives but replacing them with remote audits if both the notified body and manufacturer can ensure information and data remain secure. To ensure continuity of medical care and prevent device shortages, remote audits may be conducted under the principles laid out in MDCG 2020-4 for initial certification audits and for audits to extend the scope of certification under EU directives for medical devices and in vitro diagnostics.
Notified bodies are instructed to justify and document a case-by-case assessment for each remote audit they seek to perform. The MDCG stated that notified body audit reports should clearly indicate that the audit was conducted remotely. The audits should cover all surveillance tasks that can be verified remotely, including an off-site review of all documents that would normally be assessed onsite. But the guidance also notes that it may not be appropriate to use these temporary measures for manufacturers with “a history of a high number and/or critical non-compliances related to production/operational control.”
Released in December 2020, the clarifying document, MDCG 2020-17, was meant to answer operational and practical implementation questions raised in response to the committee’s earlier MDCG 2020-4 guidance. It clarifies that MDCG 2020-4 is not limited to devices that are “clinically necessary during the period of COVID-19 restrictions” and is meant to apply to all devices requiring a notified body audit during the pandemic.
The document also notes that remote audits should follow the notified body’s audit program procedures and relevant EU guidelines and “should be intended to replace on-site audits.” Notified bodies and manufacturers should discuss what parts of the audit are feasible to perform remotely and what parts must be done on-site later. For records retention, MDCG says it is the notified body’s responsibility to ensure that documentation records “are sufficient to provide a discernible audit trail for quality management system audits and that such records should be available to relevant authorities,” adding that evidence obtained during an audit should be recorded and retained when necessary.
If you’d like to know more about the new MDCG guidelines and how they might affect your company, contact the EU medical device market experts here at MEDIcept.
MEDIcept … Trusted Solutions, Rapid Response …
MEDIcept is an international consulting firm offering a full portfolio of services to the medical device and IVD industry. For over 25 years, our unique consulting practice and multidisciplinary team of former FDA, Notified Body, and industry experts have assisted hundreds of companies of all sizes with innovative, compliant, trusted, and cost-effective Regulatory, Quality, Clinical, and Engineering solutions.
For additional information, please contact Susan Reilly at SReilly@MEDIcept.com.