Essential requirements checklist needed?

Hello,
We had the first day of our ISO 13485:2016 audit today. Our business is a very small company who primarily assembles IVD's for self test use under contract from the manufacturer from CE marked components. This is not OBL, the manufacturer is named as such on the products and IFU. The auditor said he expected to see a Technical File complete with ER checklist for each product we assemble. I have already put together a basic technical file containing labelling, the manufacturer's CE certificate and ISO 13485 Certificate, DoC, manufacturing documents etc but did not think the ER checklist was necessary as we are not the manufacturer? I have agreed to do this but looking at the requirements most are not relevant to what we do in relation to the product? Should I just produce a document stating this for each clause that does not apply to us? I would be grateful for any advice, thank you.

Hmm... not an IVDD expert but from MDD there are a few comments:

First the ER checklist is not actually in the current directives, they were an invention of the NBs and pretty useless to be honest. There is new set of regulations (MDD/IVDD not yet in force) that do have an ER checklist and it has a lot more detail so might be a shock to the industry. Anyway, if you are looking for the ER checklist in the current regulations you won't find it.

Next is the issue of having a technical file in the first place. If you are not the manufacturer, there is no need to have a technical file. If you are the EU representative, there might be a responsibility to be the liaison that formally passes the tech file to a competent authority in case of trouble. But even then due to the size of the tech file, normally it would only be extracts with the rest sent on demand. There should be an agreement which specifies what gets kept where, and how to keep it current. It's not just a one time operation, you need a system which keeps it up to date, for example the manufacturer needs to have a point in their design change flow chart that ensures information is sent when required.

I think it's always best to get the auditors to put things in writing and provide references (requirement from the regulation, standard etc.).

I agree with Peter, for an ISO13485 audit, there should be no need for Essential Requirements as they are part of the MDD and IVD Directives.

However, ISO13485 section 4.2.3 does require a Medical Device File which demonstrates conformity with the ISO standard and applicable regulatory requirements (this could be deemed to include the Directives and Essential Requirements) . You might need a statement in the file saying the IVD Directive is not applicable to your company.

My ISO 13485 might be out of date (I don't audit these days), but anyway according to the 2003 edition:

The reference is 4.2.1, which requires the file to be maintained "for each type ... of medical device". However, there is also the statement in Clause 3:

"Wherever requirements are specified as applying to “medical devices”, the requirements apply equally to related services as supplied by the organization"

When ISO 13485 is applied to organizations that provide a service, e.g. storage, sterilisation, distribution, putting packs together etc, the requirement to keep a "file" is with respect to this service, not the medical device. This is not just being nice and trying get these guys a free pass, there are logistical, contractual and confidentiality issues involved in maintaining a medical device "file" outside of the labelling manufacturer. I don't see that as being practical nor something that the regulations/standards require.

I am surprised the auditor asked to see this. Take a quick look at 98/79/EC annex 1 and you can see that the sort of information that would be required to complete an ER checklist would be beyond what a contractor would have access to. Was it made clear to the auditor that you only do contract assembly to customer requirements?