Let the doctor begin by stating, you pay for this abuse so your organization might as well get their money’s worth. For starters, Dr. D is seeing a recurrence of auditors that just do not understand ISO 13485; ISO 14971; ISO 19011; or even worse 93/42/EEC. How can you be an effective notified body auditor if you do not understand the Medical Device Directive? The doctor is truly seeing the good, the bad, and the ugly when it comes to notified body audits.
Before I dive into this week’s guidance, please remember: “You pay the notified bodies and they work for you.” If you do not like the relationship with your notified body, by all means file for that divorce and move on. If you are unhappy with BSI then move to SGS. If SGS is giving you fits, then move to DEKRA. If DEKRA isn’t working for you then try TUV-R or UL. If TUV-R or UL is giving your organization severe indigestion then move to BSI. People, you have choices, so just like a marriage, pick a notified body that you are comfortable working with or continue to suffer in silence. It’s your device company, so it’s your pain!
For you notified bodies reading this week’s guidance, remember Dr. D loves you man and would never intentionally “fustigate” (look-it-up) your efforts to drive the quality and regulatory compliance of your clients. However, for those notified body auditors making stuff up as you pretend to know what you are doing, the gig is up my friends. It is time for all of you wannabes to move on to another industry. If you cannot correctly interpret standards and regulations, you are clearly in the wrong industry. That being said, I hope you enjoy this week’s guidance.
- Failure to comply with harmonized standards. Folks, there is no requirements to do so. Harmonized standards are strongly recommended but not mandated by 93/42/EEC, the European Medical Device Directive.
- The MDD requires that the notified bodies audit your critical suppliers. Beep, beep, beep; wrong again folks. There is no such requirement just another money maker for the notified bodies. If medical device manufacturers accept this type of comment as a mandated requirement, then the cost of playing in this sand box will quickly escalate.
- ISO 13485:2003 is no longer a valid standard. Beep, beep, beep; wrong again. Although EN ISO 13485:2012 has been harmonized, outside of the EU in places such as the United States, ISO 13485:2003 remains a valid standard. In fact, Health Canada specifically references 13485:2003 in SOR/98-282 (The Canadian Medical Device Regulation).
- It is required that your auditors must be certified by a recognized accreditation board. Once again, this nonconformance would be incorrect. ISO 19011 requires that auditors be competent, period! Formal certification for all auditors is a noble pursuit; however, it is also an expensive one. Dr. D strongly recommends an in-house training of auditors occur or when in doubt, outsource the entire internal audit program.
- ISO 9001 requires written procedures in support of all clauses. Sorry, wrong again. ISO 9001 requires a quality manual and high-level procedures for the following clauses:
- 4.2.3 Control of Documents
- 4.2.4 Control of Records;
- 8.2.2 Internal Audits;
- 8.3 Control of Nonconforming Product;
- 8.5.2 Corrective Action; and
- 8.5.3 Preventive Action.
In closing, the doctor hopes you have found some value in this week’s guidance. Cheers from Dr. D. and best wishes for continued professional success.
- Devine, C. (2012). Devine guidance for complying with the European medical device directive – MDD. Charleston, SC: Amazon.