Qualified MDR internal auditor?


We're a small Canadian company (one product, Class IIa) and always use consultants to conduct our internal audits. We ran into trouble in our last surveillance audit because our chosen internal auditor was not trained in conduct MDR audits. I need to have a small audit conducted only on the MDR requirements and I'm struggling to find one. I'm hopeful the forum has some suggestions. The internal audit could be conducted remotely, as we are a virtual manufacturer.


They were not qualified meaning no training and no real-world experience with auditing MDR. At the end of the day, it resulted in an NC and I need to find someone qualified to help me with MDR internal audits.

Sidney Vianna

Post Responsibly
Setting the internal auditor "competence" aside for the time being, how does the organization ensure compliance with the MDR? Obviously, internal auditing cannot be the only component of compliance with a regulatory requirement. Someone must have made a concerted effort to bring the organization system into compliance prior to the internal audit phase. Did the external auditor demonstrate similar concern about the internal auditor knowledge of the MDD? Or the Health Canada regulations?


We're still transitioning to MDR. The same issues were not raised about MDD, the internal auditor had evidence of this training and completed checklists relevant to these requirements during the audit. We do not sell into Canada because of the cost of MDSAP (even though we're Canadian). The external auditor found that we were in compliance with the required MDR regulations, but I could not show objective evidence that the last internal audit included review of MDR. I haven't found anyone locally yet to help with internal audits, so I'm during to the forum for recommendations.


Trusted Information Resource
This is one of those questionable requirements that many auditing organizations impose on companies.
There's no requirement that an internal auditor must be trained on 'MDR auditing', or any other specific regulation.
The requirement is competency, which can be achieved through education, experience or training.

I would argue that if you have an auditor who is qualified to perform audits (any audits) and has knowledge of the MDR (through training or experience with implementation), then that should be sufficient qualification.

There's nothing special about MDR that requires new auditing skills or approach, other than the knowledge of the MDR itself.

With that, if you are still looking around for an independent qualified consultant that can perform the audit, maybe I can help.

Ronen E

Problem Solver
I wonder what coverage the external auditor was after, for proving that "the internal audit included review of MDR".

I'm going to assume for a moment that you are ISO 13485 certified. You don't have to be for MDR compliance, but the requirements are pretty well aligned so my argument can be easily adjusted.

ISO 13485:2016 s. 8.2.4 Internal Audit requires, in the context of regulatory compliance, that "internal audits are conducted to determine whether the QMS conforms to applicable regulatory requirements". That's it. The standard does not require that internal audits demonstrate overall compliance with the MDR (this goal is reserved, in my understanding, for NB MDR audits - both the onsite/QMS one and the TD desktop one). It only requires, in this context, that the QMS conforms to the requirements that the MDR poses on it, i.e. the quality management requirements spelled out in the MDR. Based on harmonization, it's safe to assume that if you're already ISO 13485:2016 certified you've already met those MDR requirements; so all that's required is an internal auditor competent in ISO 13485:2016 auditing.

Having said that, if you're still interested in a desktop audit of MDR compliance (beyond plain ISO 13484:2016, e.g. TD compliance) and it doesn't work out with @mihzago, I'm willing to audit you. I have a couple of years of hands-on experience in implementing the MDR (from scratch) for a multidisciplinary class IIb device.


Trusted Information Resource
I am located in Montreal and have performed EU MDR internal audits. I travel frequently to Ottawa and Toronto.
I used to be a subcontract medical device lead assessor for EU MDD.
Please contact me if you are interested.
I can perform the audito remotely.
Best of luck,

Danny Kroo


Thanks for all the feedback. I agree with all your points, about ISO 13485 being so closely aligned with MDR. It is a bit frustrating. I don't have the ability to private message, as I don't have 10 posts on the forum yet. I'm interested in chatting further; can you either private message me or drop me at email at [email protected], if you're still interested and available in doing a remote MDR audit.
Top Bottom