Regulatory Focus™ > News Articles > 2020 > 12 > MDCG clarifies remote audit expectations for notified bodies

MDCG clarifies remote audit expectations for notified bodies

Posted 04 December 2020 | By Michael Mezher 

MDCG clarifies remote audit expectations for notified bodies

The European Commission’s Medical Device Coordination Group (MDCG) released a new questions and answers document clarifying expectations for notified bodies looking to conduct remote audits of medical device manufacturers during the COVID-19 pandemic.
The document is meant to answer “operational and practical implementation” questions raised in response to the committee’s MDCG 2020-4 guidance released in the early months of the pandemic. (RELATED: Notified body audits during the pandemic: New MDCG guidance, Regulatory Focus 8 April 2020).
To ensure continuity of medical care and prevent device shortages, remote audits may be conducted under the principles laid out in MDCG 2020-4 for initial certification audits, as well as for audits to extend the scope of certification under EU directives for medical devices and in vitro diagnostics. Similarly, the document explains that remote audits of existing and new critical subcontractors and suppliers under the directives may be conducted in line with MDCG 2020-4 on a case-by-case basis.
In any case, notified bodies are instructed to justify and document a case-by-case assessment for each remote audit they look to perform.
The document also clarifies that MDCG 2020-4 is not limited to devices that are “clinically necessary during the period of COVID-19 restrictions,” and is meant to apply to all devices requiring a notified body audit during the pandemic.
While unannounced audits are outside the scope of MDCG 2020-4, the document further explains that provisions for unannounced audits under Article 2(c) and Annex III of Commission Recommendation 2013/473 “may not be followed during the period of the pandemic.”
MDCG does not endorse any specific information and communication technologies for the purposes of remote audits but recommends that such technologies, “Should at a minimum ensure effective communication with the necessary levels of security, integrity, confidentiality and data protection,” and that the notified body and manufacturer should agree on the technology to be used in advance. A test-run of the technology in preparation for a remote audit is highly recommended.
The document also notes that remote audits should follow the notified body’s audit program procedures and relevant EU guidelines and “should be intended to replace on-site audits.” Notified bodies and manufacturers should discuss what parts of the audit are feasible to perform remotely and what parts must be done on-site later.
Additionally, the document explains that “the duration of a remote audit may be longer or shorter than if the audit was performed on-site. The difference in duration may be dependent upon the content and complexity of the audit as well as the technology used to conduct the audit.” While notified bodies should not factor in travel time into the calculation of audit duration, MDCG says that network outages should be considered.
For records retention, MDCG says it is the notified body’s responsibility to ensure that documentation records “are sufficient to provide a discernible audit trail for quality management system audits and that such records should be available to relevant authorities,” adding that evidence obtained during an audit should be recorded and retained when necessary.


© 2021 Regulatory Affairs Professionals Society.

Regulatory Focus newsletters

All the biggest regulatory news and happenings.