External audit non conformity related to applicable regulations

[MDRepair Canada]

Hi
We just got audited by an ISO 13485 auditor (follow up audit) and among the non conformities we had, one was related to how our internal audits include applicable regulations
Here is the finding
" 2022 Internal audit scope doesn’t seems to be inclusive of applicable regulatory requirements
Evidence: No formal evidence that applicable requirements of Health Canada’s medical device regulations end up being covered during 2021 / 2022 internal audit cycle. "

In the audit report, i referenced ISO 13485 and our internal SOP that apply to this audit but no mention of health Canada regulation
I am not sure how to answer this. Shall i add in the audit reports reference to applicable regulations? Shall i reference for each SOP i use as reference for audit, the applicable regulations? What would be the immediate correction?

How far should i go with that? Mention the Health Canada regulations, the article?

Many thanks in advance for your help.

 

[somashekar]

Mentioning the applicable regulation (in your case HCMDR) is just one bit.
Has your internal audit addressed and sampled all the Health Canada requirements that your organization complies with. Have you involved your regulatory manager in the audit and has his area been covered in the audit plan, audited and records evident ??

 

[MDRepair Canada]

Dear @somashekar ,
Thank you for your answer. We do not have regulatory manager (we are a medical device repair company). And Health Canada are already taken into account during the audits. It is just that it was not stated or referenced anywhere.

 

[Sidney Vianna]

I am not sure how to answer this.

Most internal auditors are not really knowledgeable on management system standards such as ISO 13485, EVEN LESS with regulatory requirements. In most cases, internal auditors are able to reasonably verify that the processes and procedures are being followed or not.

You can approach this in two ways:

1. you can “demonstrate” that the applicable regulations have been incorporated somehow in your operating processes and procedures. So, by assessing your system this way, you would be indirectly assessing compliance against valid regulatory requirements.

2. you can challenge the external auditor to demonstrate what exact regulation requirements are not being verified for, by doing your internal audits as you are currently doing.

 

[Enternationalist]

A simple approach to implementation might be to use the MDSAP model (or inspiration from it) internally. It's pretty clear on where Canada deviates and how to cover it in terms of the quality system. Depending on what you repair, I imagine you might need to comply with the Canadian electrical code and other regulations.

If you're confident it's all covered, you just need a way to verify that it remains covered over the years. If someone new comes in, how will they know what can't be changed? If Canada's regulations are updated, is anybody checking up on them? These are the types of questions that can be answered by an internal audit - but right now, you aren't asking them, and simply trust that the system was built taking things into account. That may be true now - what you need is a system to make sure it stays true and that provides you evidence of this.

 

[Edward Reesor]

My suggestion is to use the FDA templates for MDSAP. Use the parts that apply to Canada (and others as they might apply to your company). Of course, this is used in conjunction with the ISO 13485:2016 audit procedures.

 

[lhaas]

agree with Edward Reesor - we had a similar finding. we use the MDSAP audit process as a template for our internal audits now as we must conform to both US and Canada MDR as well as ISO 13485.

 

[DannyK]

Hi
We just got audited by an ISO 13485 auditor (follow up audit) and among the non conformities we had, one was related to how our internal audits include applicable regulations
Here is the finding
" 2022 Internal audit scope doesn’t seems to be inclusive of applicable regulatory requirements
Evidence: No formal evidence that applicable requirements of Health Canada’s medical device regulations end up being covered during 2021 / 2022 internal audit cycle. "

In the audit report, i referenced ISO 13485 and our internal SOP that apply to this audit but no mention of health Canada regulation
I am not sure how to answer this. Shall i add in the audit reports reference to applicable regulations? Shall i reference for each SOP i use as reference for audit, the applicable regulations? What would be the immediate correction?

How far should i go with that? Mention the Health Canada regulations, the article?

Many thanks in advance for your help.

Your quality system should include the applicable regulatory requirements for each jurisdiction that you distribute to.
For my clients, I create an SOP that covers all the Health Canada SOR 98/282 requirements and specified in the internal audit procedure that you audit the regulatory requirements.
I hope this helps.

Danny

 

[danntef]

Hi! We had the same issue, we have a finding due to the Canada Regulations are not included in the scope of our internal audits. However, while we performed our investigation I found that Canada Regulations, may be disregarded if the organization only manufactures devices Class I, which it applies 100% to us. Do you know if I'm interpreting well the exclusion?

Thank you

 

[mihzago]

Hi! We had the same issue, we have a finding due to the Canada Regulations are not included in the scope of our internal audits. However, while we performed our investigation I found that Canada Regulations, may be disregarded if the organization only manufactures devices Class I, which it applies 100% to us. Do you know if I'm interpreting well the exclusion?

Thank you

not quite, as a Class I medical device manufacturer/distributor/importer you still have to comply with MDEL requirements, problem reporting, recalls, and a few other things.