With the preparations for the market launch of our latest product – medicine cups, after the successfully concluded phases of the technical documentation assessment and the first phase of the MDR QMS audit, the final part of the certification process – the second phase of the MDR QMS audit – began in the last week before our collective leave. While our quality department is working on closing the findings, we want to share with you how the preparation process went, the audit itself, and what we plan to do next.
With the transition to MDR, the capacity of notified bodies remains a problem, because a significant number of them that operated under MDD and IVDD – the old laws, still do not have approval for the new regulatory framework. Fortunately, our notified body – DNV, was one of the first to switch to MDR, so we had no additional delays in this regard. However, due to the different (in)availability of auditors for the different products we submitted for certification and our scope of QMS certification, we still had to split the process for different products, to get earlier dates for at least part of the products – which practically doubled the price of certification.
Given that the normal surveillance audit for ISO 13485 QMS happened in January according to the normal schedule, the first stage of the MDR QMS audit in May, we had a fairly clear picture of the state of the system at that moment, so preparations for the second (and final) stage of the MDR QMS audits were mostly reduced to a) checking the correlation of MDR and QMS requirements and b) preparing the process owner for the audit.
It was extremely useful that the lead auditor contacted us significantly before the audit and, in addition to the standard sharing of the audit program, went through the compliance assessment approach and all the necessary technical requirements that will facilitate the audit. We prepared in advance a table of equivalent documents between the exact sections of our quality management system and the requirements of the audit program, which accelerated the process of reviewing documents and determining the degree of compliance. In addition, some normal preparations of the physical space and processes of the warehouse and production were made to allow the auditors unhindered access to verify the implementation.
The audit itself lasted a little longer than the standard ISO 13485 audit – a full 4 working days. As we are in the process of transitioning to a fully digital business, we provided access for the auditors to the necessary parts of the server with information and documents for the audit – enabling a smooth audit and keeping in mind the security of sensitive data. Assessment of commitment and implementation of requirements took place in the office, production, and warehouses in cooperation with process owners through interviews, document review, and process monitoring. The auditors openly communicated the observations and shared valuable know-how related to the scaling of the QMS in line with the company’s growth and possible future preventive actions in the processes.
All in all, the audit results were satisfactory. As our quality manager always says: “Every audit is an opportunity to improve our system and business in general”, so we are trying to use this opportunity to improve the quality and sustainability of the system management.