Looking to outsource Internal Audit - MDSAP competent auditor needed

paullarn

Registered
Hi Guys, We need a qualified MDSAP auditor for internal audit. This will be our first internal audit. Any recommendations where to start?
 

DannyK

Trusted Information Resource
Where are you located?
Can the audit be performed remotely?
I perform MDSAP internal audits remotely.
 

paullarn

Registered
Not sure if they have to be MDSAp, but I know we need someone who has proper training and certification for an internal Audit for FDA
 

Jean_B

Trusted Information Resource
Don't. The only qualification course for MDSAP is restricted to participating Auditing Organisations. Others will just do generic stuff and walk you through the free and publicly available documentation. Get a good auditor which you can qualify against 13485 or 19011 and give him the criteria documents. Give preference to auditors who have been involved in audits of those regional regulations directly.
 

paullarn

Registered
Don't. The only qualification course for MDSAP is restricted to participating Auditing Organisations. Others will just do generic stuff and walk you through the free and publicly available documentation. Get a good auditor which you can qualify against 13485 or 19011 and give him the criteria documents. Give preference to auditors who have been involved in audits of those regional regulations directly.
For an internal FDA Audit, what are the questions we should be asking and how should we select a person to audit our Documents and Records?
 

Jean_B

Trusted Information Resource
By internal FDA audit I assume an internal audit against 21 CFR 803, 806, 807 and 820 (the USA regulations referenced explicitly by MDSAP). Too much for a single forum post, but if you're trying to select a good auditor they would ask for or infer matters concerning each requirement item on the following aspects:
Is it applicable? If not, how is that justified (and where is that justification documented)?
Was it established(listed intent/requirements/record filing location in the QSR)?
Was it implemented/done? And if so, was it effective and the documented procedure still suitable (do not assume the procedure is truth).
Are the people working on it competent by qualification and training?
If you're affecting conformity to product requirements are you doing so in a validated manner, or verifying them on each and every item?
Was it maintained? I.e kept up to date with changing requirements, interfaces with other changed processes maintained, resources adjusted given changing situations.
Do you still have all the requisite records?

I also suggest requesting a (censored) copy or extract of an audit report of theirs. The reporting style is crucial when it comes to internal company acceptance and demonstrating due diligence.
 

paullarn

Registered
Thanks jean for detailed reply. Everyone says they know what they are doing but before we hire a 3rd party auditor what are the questions my organization should ask an Auditor before we hire him/her in terms of qualification and his or her credentials?
 

Jean_B

Trusted Information Resource
Sadly it usually takes one to know one, and even then mistakes are made. Questions are so specific to your business' preferences that we couldn't really help you anyway.
Qualify as you would any consultant (would be Brazil's requirement in medtech anyway), and for credentials either a substantial amount of active audit experience as well as duty within USA medtech on their CV, and preferably a certificate on auditing aspects (i.e. ISO 13485, ISO 19011, others with a qualification for medtech from the CV) from any reputable training body.
You could also try looking at IRCA's register.
 
Top Bottom