Good morning all!

Last week, we had our phase-2 audit for ISO 9001:2008, ISO 13485 and MEDDEV which ended up in the company being recommended for certification.
I simply wanted to thank all of you since I got sooooo much information and answers to my questions from this website! This is truly one of the best website (if not THE best) for information, all categories considered!

Thanks again!
P.S. If I can ask one other question: at which point can we officially say that the company is certified? When we get the actual certificate?

Congratulations! :applause: This is great news!

Yes, as of now you have been recommended for registration - have you any nonconformances to clear up? Upon being satisfied any nonconformances are resolved, the registrar will issue a certificate of registration with your registration date.

Thanks... it is quite a relief!

We had one minor non-conformity and 2 areas for improvement... So upon acceptation of the plan for action for the non-conformity, the registration will become official? I guess the company is eager to "propagate" the good news! :biglaugh:

I certainly hope your registrar had covered this subject in closing. Now is a good time to review what expectations were laid out for your organization as far as the nonconformance plan, the plan's submission means and date, how the fix would be verified and, if then the certificate would be issued or if you'd receive it before then.

Good morning all!

Last week, we had our phase-2 audit for ISO 9001:2008, ISO 13485 and MEDDEV which ended up in the company being recommended for certification.
I simply wanted to thank all of you since I got sooooo much information and answers to my questions from this website! This is truly one of the best website (if not THE best) for information, all categories considered!

Thanks again!
P.S. If I can ask one other question: at which point can we officially say that the company is certified? When we get the actual certificate?

Well I can only speak for SGS's approach.


First of all, I think you mean MDD, not MEDDEV. ;)

The onsite auditor can only make a recommendation. That's really important, because you aren't certified for anything at this time, which I think you realise.

For North American clients we have an initial Houston office review, which is just a basic administration check that all the key elements of the submission pack are in place.

We then upload all the documentation onto our (rather impressive) electronic document management system and it can be immediately viewed online by our UK office. The UK is the registrar for ISO9001:2000/2008 (UKAS), ISO13485:2003 (UKAS), ISO13485:2003 (SCC) and is the Notified Body.

(We used to have our CMDCAS-accredited office in Toronto, but moved it to the UK so everything was in one place).

The UK admin team again does a very brief review to ensure that all the key elements are there. The pack is then made available to the medical devices certification team for a detailed review. If everything is okay, the pack then passes to a member of the certification management team for a sign-off. (The pack can still get bounced even at that final stage)


For an initial audit there is a lot that can go wrong. Some of these things will just be corrected by the certification team under their own authority, some will get bounced back to the auditor for correction.

In a few cases, the auditor will need to get additional information from the client.

In extremely rare cases, a re-audit will be required. (I can't remember the last time that happened.)


That sounds like a lot of reviews (it is), and that the whole process is very bureaucratic and takes a lot of time (actually no, because of the electronic access to all documents, and automated notifications).

The quick admin reviews are just a few minutes. The detailed certification review of an initial audit pack can easily take an hour, sometimes much more. There's generally a lot of information to go through, especially if there are multiple approvals to be made.


SGS always prioritizes the review of initial and recertification audits (the review of surveillance audit packs are thus given lower-priority), typically we would expect to complete the review within a week, two at the outside.

We would generally communicate confirmation of successful certification at that time, especially if we are made aware of special urgency.

It's from that point that you can claim certification.

The certificates themselves are generated locally and would typically be received within a few days from then.
[Edit: Most people will wait the extra couple of days for their certs to arrive, but sometimes people have particular urgency, which we would try to accommodate].

So to answer your original question, if all goes well, we like to say about a month after the audit before you receive your certificates. And that's about right, because in practice if there are no issues you will receive your certs within a couple of weeks, but there are often minor issues to resolve which can push things back a week or two.


One final point is that it's possible to pass one part of the audit, and yet fail at another. You may have an "internationally-acceptable" ISO13485:2003 system, but be missing a key element of the MDD requirements for example.

So if, in that example, you needed the ISO13485 registration urgently, you could go ahead with that certification, but be forced to wait for EC certification until whatever deficiences in your MDD compliance were addressed.


Hope that helps! :)

Thanks... it is quite a relief!

We had one minor non-conformity and 2 areas for improvement... So upon acceptation of the plan for action for the non-conformity, the registration will become official? I guess the company is eager to "propagate" the good news! :biglaugh:

From an Official Registration, I would wait until you have the Certificate in Hand before advertising your registration.

Congratulations on your successful Phase 2.

It is very important to remember that all audits are successful, it just depends on your perspective. Audits are fact finding tools to confirm compliance to the Standard. :agree1:

Typically, you need the Certificate prior to making any announcement, also be sure and review the criteria for displaying the Registrar's Logo!

Congratulations on your success.

It is very important to remember that all audits are successful, it just depends on your perspective. Audits are fact finding tools to confirm compliance to the Standard. :agree1:



Excellent point! :agree1: So true. However:lol:, it's a bit challenging convincing many top managers of that notion!:D

Again, thanks so much for the clarifications as the specifics were not explained at the closing meeting (other than the required plan for action and corrective implementation). Gotta admit I did not think about asking either, as I was just sooooo releived! ;-) However, now I realised that it is far from being done or, as we say in french "c'est loin d'être dans la poche!". Hopefully, review will also go well...:mg:

By-the-way, my mistake about MDD... :o

Thanks again for the info! Very useful as usual! ;)

Congratulations!:magic:

We've actually had clients "fail" the audit*, i.e. they received one or more Major CARs, and have those over-turned during the review process: "You're wrong Mr Auditor, that's not a Major!" So they actually get certified. :)

We've also had clients receive Major CARs (usually for "simple" regulatory deficiencies) and submit the corrections before the auditor has finished compiling his pack. So the review team gets a Rev0 and a Rev1 report, with two different conclusions!


What is painful to all concerned, is when the review team converts a Minor into a Major CAR.
Again, that's not frequent, but it is 100% if you happen to be the company/auditor involved. :mg:


(*no we don't use that language :lmao: )