Class I Technical File reviewed during ISO 13485 Certification Audit by NB

Quarma

Starting to get Involved
#1
Please consider the following situation:
Europe, European regulations.
A manufacturer of a class I medical device was certified to ISO 13485. (NOT to MDD 93/42 as he has no class Is Im II or III device.)
The auditor stated: I need to check the technical file as ISO 13485 requires to fullfill applicable regulations (MDD 93/42) and if the technical file is not compliant I will write a deviation.
he challenged the Essential requirements file, the verification etc in detail, assessing the content of the documents.

I agree that the manufacturer needs a process to create a technical file in compliance with 93/42.
Class I devices are self declaring acc. to Annex VII of the directive. There is no notified body involvement required.
So I do not agree that the auditor challenges the content of the technical file.
He may ask: Do you have this document ? is it approved ?
but that should be it. No assessing the content of the document.

How do other Notified Bodies (NB) interpret this situation ?
What is your experience with that ?

Please only answer if you are familiar with the CE marking process above.

Thank you for your answers.
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
I agree that the manufacturer needs a process to create a technical file in compliance with 93/42.
A similar requirement is within the ISO13485 as well, check it out.
So I do not agree that the auditor challenges the content of the technical file.
The auditor is doing his part on the design and development process, the risk management process. If you claim to have embraced the 93/42 in its applicability to your medical device, he can look into it from the ISO13485 scope as that is the essence of the ISO13485, QMS >> Medical devices >> Regulatory requirements.
Essential requirements is just a hand-holding to risk management concept as the 93/42 details it.
How do other Notified Bodies (NB) interpret this situation ?
What is your experience with that ?
I have a NB and a CB. In some case both are the same corporate. In some case that are different. They hand shake well in our system.
Your CB is just doing his job within scope.
 
Last edited:

Ronen E

Problem Solver
Staff member
Moderator
#3
Hi,

Formalities aside, you can look at it as an opportunity for improvement.

Do the auditor's comments make sense? Are they well reasoned and MMD-text-based? If they are, you have something to gain from addressing them. If they seem otherwise, you could gain some insights from debating.

Cheers,
Ronen.
 
M

MIREGMGR

#4
So I do not agree that the auditor challenges the content of the technical file.
He may ask: Do you have this document ? is it approved ?
but that should be it. No assessing the content of the document.
I agree with the NB's approach. I'm sure our large, well-known NB would do the same if our system development status was similar.
 

Quarma

Starting to get Involved
#5
Thank you for your discussion. It is a discussion I do not want to lead with the auditor, but which I want to lead.

I was not precise, it is not a notified body (NB) but a CB (certification body) as it is an ISO 13485 certification and not a 93/42 certification, as it is a class I device. (This company has no NB, as it only has class I devices)

For devices with a class higher than I (one), the NB checks if MDD 93/42 is fulfilled, checks the content of technical files, acts in behalf of authorities, and is therefore in some way responsible for the correctness of the technical file - even though the manufacturer is 100% responsible - and therefore the identification number of the NB is beside the CE mark.
Therefore there are requirements on the competency of the auditor regarding product type and technologies used by the audited company. The requirements on 13485 auditors are product and process independent, he just needs to know the standard.

Take into account, that for placing on the market of a class I device the manufacturer needs a quality management system, but no certification to ISO 13485, as Annex VII is selfdeclaring. On the declaration of conformity you do not state, that a notified body was involved for class I. But if the CB assesses the adequateness of the technical file, he clearly is involved.

I think ISO 13485 is about the process: [FONT=&quot]ISO 13485: This international standard?..can also be used by internal and external parties, including certification bodies, to assess the organization?s ability to meet customer and regulatory requirements.[/FONT]

But I understand, that when you audit development, you look into the records created and assess if they are adequate.
Here the auditor wanted us to do things for the technical file with which we do not agree. And I still think it is alone the responsibility of the manufacturer.

I am really interested in a differentiated interpretation of the regulatory situation, and how this is handled by different NBs or CBs.

I am not interested in the practical implications. (if the comments of the auditor would have been helpful - no they were not, it was a SW audit, he had no idea of SW but this is NOT my point). I am neither interested in discussing what makes sense or not, just in the legal interpretation.
The problem is that the CB we used is also an NB and the auditors are used to look into technical files. Also lots of auditors simply audit out of scope, so I want to get the scope clear.


And I am still interested in other peoples experiences on the situation:
ISO 13485, no MDD 93/42, class I medical device.

please keep discussing
 

somashekar

Staff member
Super Moderator
#6
Within the company's ISO13485 QMS, it is pretty clear that the MDD 93/42 is mapped as the regulatory, and further there is no NB involved based on MDD device classification.
How does the company's internal audit process perform ?
Do they audit the ISO13485 scope only or the MDD also as applicable.
If the MDD is not in the internal audit scope, it is a much bigger gap.
If the MDD is in the internal audit scope, then certainly it is in the purview of the ISO13485 CB audit.
The ISO13485 cert that the company has would also include the EN ISO13485, mentioned. (Can this be confirmed)
EN ISO13485 and the ISO13485, are just practically one and same. The MDD and the EN ISO13485 are stitched into each other by way of the harmonized standard.
The ISO13485 CB auditor does need to have applicable product type background as a prerequisite, and certainly is knowledgeable apart from the QMS knowledge proper.
But I understand, that when you audit development, you look into the records created and assess if they are adequate.
Here the auditor wanted us to do things for the technical file with which we do not agree. And I still think it is alone the responsibility of the manufacturer.
It is the responsibility of the manufacturer even when a NB is involved. In any case if the technical file / its contents has gaps the ISO13485 auditor has in his scope to highlight.
 
Last edited:

pkost

Trusted Information Resource
#7
I think it boils down to this:

- Class I devices must comply with the MDD (even though they are not technically assessed by a notified body)
- ISO 13485 requires that you comply with the appropraite regulations
- It is therefore within scope for a CA to assess compliance with the MDD
- The existence of a ER checklist does not necessarily mean that you comply, the content is important
- It is therefore within scope to evaluate the ER checklist

So my question and one you have already asked is was his finding justified?
-Do they have the technical competence to understand and assess your technical file?

Ultimately, if you disagree with the finding, take it up the chain and contest it.
 

Quarma

Starting to get Involved
#8
Thank you for your discussions.
Quote:
- ISO 13485 requires that you comply with the appropraite regulations

I do not agree:
ISO 13485 requires that you have a process to comply with the appropriate regulations.

My interpretation comes from the following parts of the standard:
1.1 Scope:
This International Standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
It says "ability" not "that it provides".

4.2.1f f) any other documentation specified by national or regional regulations.
So there needs to be a process for establishing required documents like essential requirements checklist, clinical evaluation etc.

ISO 13485 is about applying a process to comply with regulations, not about complying with regulations.

In IAF MD 9 it is specified what the NB needs to check for ISO 13485:
"MD.4.4.1
ISO 13485 requires the organization to comply with the statutory and regulatory requirements applicable to the safety and performance of the medical devices.
The maintenance and evaluation of legal compliance is the responsibility of the client
organization. The CAB is responsible for verifying that the client organization has evaluated statutory and regulatory compliance and can show that appropriate action has been taken in cases of non-compliance with relevant legislation and regulations, including the notification to the Regulatory Authority of any incidences that require reporting." CAB=Conformity assessment body


I think that is quite clear.



You are giving too much credit to the NB. This is especially impoortant when taking ISO 13485 as supplier qualification. ISO 13485 does not say they comply with the regulations, just that they have a process to comply.
 

somashekar

Staff member
Super Moderator
#10
The ability to provide is about documenting, implementing, maintaining and being effective, in providing the medical device and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
So without auditing the DO part of the overall system which equals "that it provides".... just the "ability" in the sense of "PLAN" has little to no meaning to a medical device regulatory audit.
It is always the responsibility of the client. Without undue credit to the CB, dwelling into the DO part of the regulatory is an audit requirement. Else there is no difference between ISO9001 and ISO13485.
 
Thread starter Similar threads Forum Replies Date
S Technical File for Surgical Mask in Class 1 MDD Elsmar Cove Forum ToS and Forum Policies 1
N Technical file requirements class 1 device MDR Other Medical Device Regulations World-Wide 6
A Technical file requirement for Class IIb medical device CE Marking (Conformité Européene) / CB Scheme 3
D Technical file structure/content requirements for Class IIa devices & new MDR EU Medical Device Regulations 14
J Update Technical File for EU Class IIa Medical Software Products EU Medical Device Regulations 3
shimonv Which class I accessory information should be kept in the Technical File EU Medical Device Regulations 6
M Technical File Locations - Class I and Class IIa Medical Devices EU Medical Device Regulations 3
E When to submit a Technical File for a Class IIb Medical Device EU Medical Device Regulations 3
L Labeling Requirements in Part A Class IIb Medical Device Technical File CE Marking (Conformité Européene) / CB Scheme 2
T Class IIa Medical Device Technical File - Annexes EU Medical Device Regulations 6
D Translation Procedure (to other European languages) for Class IIa in Technical File CE Marking (Conformité Européene) / CB Scheme 16
L Class 1 Medical Device Contract Manufacturer Technical File Requirements Design and Development of Products and Processes 3
C Class II Medical Device Technical File Checklist CE Marking (Conformité Européene) / CB Scheme 20
S How do I create a Technical File for a Class IIa Medical Device EU Medical Device Regulations 4
E CE MDD 93/42/EEC Class I Technical File Help CE Marking (Conformité Européene) / CB Scheme 4
M Documentation of OEM Device - Technical File for a Class IIa Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 4
SteveK Technical File Review to updated MDD 93/42/EC (Class II medical devices) EU Medical Device Regulations 3
J Technical File vs. Design Dossier - Class II and Class III Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 12
I MDD Class I software technical documentation sample EU Medical Device Regulations 2
P Valid NB Technical Review Nonconformance? New Class IIb Product EU Medical Device Regulations 4
I Technical Agreement Template for a Class II Medical Device in EU wanted EU Medical Device Regulations 3
SteveK Medical Device Technical Files (Class IIa & IIb) ? Design Development Documentation EU Medical Device Regulations 7
Le Chiffre Health Canada to accept Summary Technical Documentation (STED) for Class III & IV ISO 13485:2016 - Medical Device Quality Management Systems 1
B Technical Reports - Class 2 medical device design and manufacturing Design and Development of Products and Processes 14
A FDA Class Classification for a cabinet 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
W Protective earth for Class I ME equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
K Class III Kit Box - Are translations mandatory under EU MDR? EU Medical Device Regulations 4
Edward Reesor FDA DM and /or Class I Life Saving US Food and Drug Administration (FDA) 0
A Interpretation of GMP Requirements for class 1 medical device manufacturer (device GMP exempt, only General controls applicable) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F UDI - Unit of Use and Class I, single-use devices EU Medical Device Regulations 0
H MDD Article 12 Labeling for Class IIa Medical Device - Please Advise EU Medical Device Regulations 2
A AQL - How to count samples with defects for each defect class AQL - Acceptable Quality Level 17
R IVDR CE Mark for Class A products - Declaration of Conformity CE Marking (Conformité Européene) / CB Scheme 2
A Medical Device Vigilance decision tree for Japan for class 2 devices. Japan Medical Device Regulations 1
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 11
W Seeking Guidance Verification Test Strategy for Class B Medical Devices IEC 62304 - Medical Device Software Life Cycle Processes 1
S Shipment of a CE Approved Class III Device to the EU Member States Other US Medical Device Regulations 1
Edward Reesor EU Authorized Representative (Class I device) CE Marking (Conformité Européene) / CB Scheme 8
S Class I MDR Article 10 – QMS EU Medical Device Regulations 1
Q Old products new class - Dental Devices - Choosing tests EU Medical Device Regulations 2
dinaroxentool Former Class I device that is upscaled to IIa if the MDR is delayed EU Medical Device Regulations 2
J Class Fixed ME Equipment (US Deviation) IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
W Direct to customer export of medical device (class I: prescription lenses + frame) US Food and Drug Administration (FDA) 2
M CE self-certification for Class I device (face mask) EU Medical Device Regulations 9
C New Class III medical device application for Health Canada Canada Medical Device Regulations 6
T First 510(k) submission - Class II software as medical device US Food and Drug Administration (FDA) 1
Y Retrospective Validation - Class I device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
JoCam Failure to test Class I medical device to IEC 60601-1-11 IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
C ISO 13485 Requirement in Australia/NZ for class 1? ISO 13485:2016 - Medical Device Quality Management Systems 1
S How to register class IIA medical device accessories EU Medical Device Regulations 1
Similar threads


















































Top Bottom