ISO13485:2016, MDSAP and Internal Audits

#1
When it was just CMDCAS and ISO13485:2016, we had an internal audit checklist. That checklist went through the ISO standard section by section, point by point and determined if our quality system addressed those requirements. After moving to the MDSAP audit style, we passed our initial audit. On our surveillance audit, the new auditor disagreed with that approach. He said that our internal audit now must follow the MDSAP audit approach, and our previous 'ISO point by point' audit wasn't valid.

I couldn't find anywhere online that agreed or disagreed with this finding. I'm limited in my ISO knowledge, but I thought that if internally we adhered to the standard, we adhered to the standard. I take it I'm wrong?

Cheers,
Mark
 
Elsmar Forum Sponsor

contigo123

Starting to get Involved
#2
Did they give you a finding, and if so what did they reference? Perhaps they are looking to ensure a process approach has been implemented/audited and there are some gaps when you just do a checklist?
 
#3
Thanks for your response. The official finding was:

Scope of the internal audit: did not include MDSAP Audit Approach
No evidence that it covered the additional MDSAP process (e.g. CH 2 and CH4...)

Cheers!
 

LUFAN

Involved In Discussions
#4
Thanks for your response. The official finding was:

Scope of the internal audit: did not include MDSAP Audit Approach
No evidence that it covered the additional MDSAP process (e.g. CH 2 and CH4...)

Cheers!
Did your internal audit/auditor not review Marketing Authorization (Chapter 2) and Adverse Event reporting (Chapter 4)? In which case, I would say that NC is justifiable seeing as that is covered under MDSAP for each country you're selling into (and 13485 by itself to be honest).

A checklist is a totally fine approach, but seeing as MDSAP is not just ISO 13485, your checklist needs to account for every single requirement for each country that's applicable on top of ISO 13485. THAT is the MDSAP audit approach. If interested, shoot me a PM and I'll give you the checklist I got from my Auditing Organization.
 

MarkC

Registered
#5
Thanks for your response. I'm starting to understand it better now. It makes me think my approach (my old checklist) was fine - except it needed expanding beyond simply the standard, which is what I had. The way I addressed the NC was I said myself and the other internal guy will take a formal NDSAP internal auditor training course and then update the document then.

It sounds like the NC was 'well deserved' ...
 

LUFAN

Involved In Discussions
#6
Thanks for your response. I'm starting to understand it better now. It makes me think my approach (my old checklist) was fine - except it needed expanding beyond simply the standard, which is what I had. The way I addressed the NC was I said myself and the other internal guy will take a formal NDSAP internal auditor training course and then update the document then.

It sounds like the NC was 'well deserved' ...
Bingo, you got it. Make sure your checklist is essentially a checklist of the MDSAP Companion Document for each requirement.

I just finishing building a QMS from scratch for my current employer to 13485 only, but I actually find the MDSAP approach better for internal audits because it really does mean (when performed correctly) you're looking at the right requirements in totality. I would advise you that your rewrite your internal audit procedure to be structured around the MDSAP model and grading. Major/Minor has lots of room for ambiguity where as MDSAP is going to give you a number with a methodology to get there. More easily defendable in my opinion and the congruency with MDSAP is just useful.

Let me know if you need any other help.
 

primavesvera

Involved In Discussions
#7
I know I am a bit late, but I had a similar situation with our CE audit - we have our internal audit checklist based on ISO 13485, but we didn't add the specific requirements from the Medical Device Directive Annex.
So, re-adjusting the internal audit checklist with a couple of requirements was deemed as sufficient.
 

LUFAN

Involved In Discussions
#8
I know I am a bit late, but I had a similar situation with our CE audit - we have our internal audit checklist based on ISO 13485, but we didn't add the specific requirements from the Medical Device Directive Annex.
So, re-adjusting the internal audit checklist with a couple of requirements was deemed as sufficient.
Yep, if you're claiming you are auditing to a scope that includes ABC (13485) and 123 (21CFR820/MDD/MDSAP, etc.), you better make sure ABC and 123 are looked at.
 

levatorsuperioris

Involved In Discussions
#9
the MDSAP is the best (IMO) internal audit structure since the consortium declared that each specific question gave a sufficient evaluation of the linked required tasks...there can be no questioning if you follow the process that you meet ISO 13485, 21 CFR, ANVISA, CMDR, TGA MHLW etc... add the MDD on top of that and you have most countries covered, add the MDR annexes and you are good to go further past 2021 May 26th, you don't need to conform to the MDD after 26th May but instead the MDR annex that deals with the transition period.
 
Thread starter Similar threads Forum Replies Date
CPhelan Do you require MDSAP for CE Marking of a Medical Device or is ISO13485:2016 with clinical data sufficient? CE Marking (Conformité Européene) / CB Scheme 6
K ERP System Software Validation - ISO13485 2016 4.1.6 Design and Development of Products and Processes 8
A ISO13485:2016 name and ownership changes questions ISO 13485:2016 - Medical Device Quality Management Systems 3
D ISO13485:2016 7.5.6 Process Validation Responsibilities ISO 13485:2016 - Medical Device Quality Management Systems 1
D Customer Audit Finding ISO13485:2016 7.6 ISO 13485:2016 - Medical Device Quality Management Systems 7
S PPT for ISO13485:2016 Employee Training (Request) ISO 13485:2016 - Medical Device Quality Management Systems 0
qualityegghead ISO13485:2016 4.2.4 Control Of Documents - Lifetime of the Medical Device ISO 13485:2016 - Medical Device Quality Management Systems 3
S ISO13485 2016 - What the upshot is of failing to upgrade on a medical diagnostic device ISO 13485:2016 - Medical Device Quality Management Systems 1
H ISO13485:2016 Measurement System - Methods General Measurement Device and Calibration Topics 4
G ISO13485:2016 Cl. 7.5.1 - Production and Service Provision - Medical Device Repairs ISO 13485:2016 - Medical Device Quality Management Systems 3
M Looking for Cross reference of AS9100:2016 to ISO13485 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
M ISO13485:2016 - Exemption vs. Not Applicable ISO 13485:2016 - Medical Device Quality Management Systems 16
K Implementing ISO13485:2016 in the Middle of a New Device Project ISO 13485:2016 - Medical Device Quality Management Systems 1
T ISO13485:2016 Clause 6.3 - Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 1
R ISO13485:2016 Clause 4.2.3 - Changes in Technical File Requirements ISO 13485:2016 - Medical Device Quality Management Systems 18
F Is USB-IF standard compliant with ISO13485? Medical Device and FDA Regulations and Standards News 3
A When will ISO13485 Update be Released? EU Medical Device Regulations 1
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
A Is it mandatory to obtain ISO13485 certificate prior to CE marking? EU Medical Device Regulations 8
M Address change for a company with CE/ISO13485 EU Medical Device Regulations 2
A Document "Correspondence IATF 16949 vs ISO13485" available? IATF 16949 - Automotive Quality Systems Standard 0
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
N Can a (class I) medical device be manufactured in a GMP certified site with no ISO13485? EU Medical Device Regulations 18
V Iso13485 certification vs CE technical audit ISO 13485:2016 - Medical Device Quality Management Systems 3
R How to improve a Validation program and procedures to FDA (21 CFR part 820) & ISO13485 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Nonconformance to a Note in ISO13485 clause 6.2 Human Resources Effectiveness ISO 13485:2016 - Medical Device Quality Management Systems 13
C ISO13485 exclusions for design and automation company ISO 13485:2016 - Medical Device Quality Management Systems 2
R ISO13485/ISO9001 Convenient Document Management System Document Control Systems, Procedures, Forms and Templates 3
R ISO9001 & ISO13485 QMS for 2 types of products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M ISO13485 Documentation packs (manual, procedures, forms etc) ISO 13485:2016 - Medical Device Quality Management Systems 3
C ISO13485/9001 clause 6.3 (Infrastructure) ISO 13485:2016 - Medical Device Quality Management Systems 3
T ISO13485 cert expired - Product still CE Marked CE Marking (Conformité Européene) / CB Scheme 1
V Revised ISO std vs ISO13485:2003 - Help Please!!! ISO 13485:2016 - Medical Device Quality Management Systems 4
C Is there a strong market out there for ISO13485 certification? ISO 13485:2016 - Medical Device Quality Management Systems 11
B Must a Design Outsourcing Company have ISO13485? ISO 13485:2016 - Medical Device Quality Management Systems 3
L ISO13485 past practice labeling vs customer requirement Other ISO and International Standards and European Regulations 2
S CMDCAS ISO13485 - Bilateral agreement with SAI global to conduct Certification Audits ISO 13485:2016 - Medical Device Quality Management Systems 7
Q Multiple Quality Standards - AS9100 and ISO13485/9001 Cross Reference Matrix Quality Manager and Management Related Issues 3
C ISO13485 Incoming Receiving Parts Verification ISO 13485:2016 - Medical Device Quality Management Systems 13
Q ISO13485 Section 7.5.1.1 and 7.5.2.1 for a Distributor ISO 13485:2016 - Medical Device Quality Management Systems 2
W Setting up from scratch - Looking for help (ISO9001 / ISO13485) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
B Outsource Production Line need ISO13485 Certificate ISO 13485:2016 - Medical Device Quality Management Systems 1
somashekar Clause 7.5.5. as in the text and in the Annex B (ISO13485:2003) ISO 13485:2016 - Medical Device Quality Management Systems 1
U Do we have to have foreign legal documents? (ISO13485 4.2.3 document control) ISO 13485:2016 - Medical Device Quality Management Systems 3
0 Medical Device Distribution Centre and Implementing ISO13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
C Writing a Sterilization Procedure when the Process is Subcontracted - ISO13485 Quality Management System (QMS) Manuals 1
J ISO13485 Certification Scope - Registering a Subset of our Products ISO 13485:2016 - Medical Device Quality Management Systems 9
J ISO13485 Clause exclusions for a Medical Software Company ISO 13485:2016 - Medical Device Quality Management Systems 9
P How to streamline different documents in a multi plant ISO13485 QMS ISO 13485:2016 - Medical Device Quality Management Systems 8
D FDA Guidance on Interim Use of ISO13485 for Medical Device Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 3

Similar threads

Top Bottom