Internal Auditor Credentials


Has anybody encountered NBs requiring regulatory/quality consultants conducting internal audits to have training certifications to the MDR/IVDR if they are conducting mock/internal audits? That is, if a consultant worked in the industry under these regulations, shouldn't their resume suffice as evidence of training and effectiveness of training?
Last edited:

Ed Panek

QA RA Small Med Dev Company
Super Moderator
from 13485

8.2.4 Internal audit

The organization shall conduct internal audits at planned intervals to determine whether the quality
management system:

a) conforms to planned and documented arrangements, requirements of this International Standard,
quality management system requirements established by the organization, and applicable
regulatory requirements;

b) is effectively implemented and maintained.

The organization shall document a procedure to describe the responsibilities and requirements for
planning and conducting audits and recording and reporting audit results.

An audit program shall be planned, taking into consideration the status and importance of the processes
and area to be audited, as well as the results of previous audits. The audit criteria, scope, interval and
methods shall be defined and recorded (see 4.2.5).

The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work. Records of the audits and their results, including identification of the processes and areas audited and
the conclusions, shall be maintained (see 4.2.5).

The management responsible for the area being audited shall ensure that any necessary corrections
and corrective actions are taken without undue delay to eliminate detected nonconformities and their
causes. Follow-up activities shall include the verification of the actions taken and the reporting of
verification results.

NOTE Further information can be found in ISO 19011.

ISO 19011 LISTS 6 Principles for auditors

Integrity, Fair, Professional care, Confidentiality, Independence, evidence based approach

Unless very technical product questions arise I don't think you need special training however, ISO auditor training is available so just take the course and avoid the question.


Thank you for this. The issue we are having is the NB is insisting the auditor needs to hold a certificate showing they have been trained to MDR/IVDR as evidence of effective training. They are not considering the resume of the auditor, which clearly shows they served as the lead project manager for MDR implementation. While it would be ideal for everyone to have training certificates, it seems like the NB is discrediting the value of someone with 5 years operating within the regulatory framework vs someone sitting in a 5 day training and taking a test to be called an MDR/IVDR expert.
Top Bottom