Certain audits of medical devices and processes are essential for MedDev companies if they want to place their product on the European market.
However, audits are not used only for those reasons. There are used for a variety of reasons, including assessing compliance with standards and regulations, adherence to requirements and specifications, evaluating process and system performance, evaluating the adequacy and effectiveness of the quality management system; etc.
Travel restrictions across the EU are stopping notified bodies from performing the on-site audits. In such a situation as the pandemic caused by COVID-19, traditional on-site audits may not be an option, exposing the organization to compliance risk and potentially jeopardizing the global supply chain.
However, offsite audits may provide the medical device company with an alternative to ensure continued compliance. Offsite audits leverage technology, such as video teleconferencing and shared file folders to facilitate interviews and share documents and records and even QMS software that support such options.
Requirements for Audits
Standard and regulations have requirements for internal audit programs. Regardless of the regulation, standards, and guidance, the requirements for audit programs are generally the same and include the following:
- Establish, implement, and maintain SOP for audit
- Define the audit criteria, scope, interval, and methods
- Determine the necessary competence and ensure competence based on education, training, or experience
- Ensure objectivity and impartiality of the audit process
- Ensure auditors do not have direct responsibility for the matters being audited
- Conduct internal audits considering the status and importance of the processes as well as the results of previous audits
- Ensure audit results are reviewed by managers who have responsibility for the matters audited
- Ensure corrective action(s) are initiated and, if required, re-audit the deficient matters
There is nothing in the GMP regulations, standards, and guidance that prohibits the use of offsite auditing techniques. However, it must be balanced based upon the relative risk postured by the organization and the products and services produced or supplied. For example, organizations with a prior history of compliance issues such as recalls, frequently rejected products, and other negative quality trends are probably not a good candidate for a remote or virtual audit.