A Quick Guide to Internal Audits for Medical Devices and IVDs
Interview with Educo Life Sciences trainer Richard Young
At Educo Life Sciences we have seen a recent increase in training requests/deliveries around internal audits for both devices and IVDs. As the regulatory landscape shifts to the MDR and IVDR, companies may be increasing their activities to demonstrate compliance.
We interviewed our regulatory and quality expert, Richard Young, to discuss internal audits and to get some tips and insight. We ask him why he thinks companies are focused on internal audits and what the benefits are from internal audits.
Is there anything that has changed recently under the regulations or standards around internal audits that has meant we are seeing a spike in people wanting to up skill in this area?
I don’t think there’s a change in regulations per say, I just think there may be an increased appreciation as the regulatory environment is changing, and in general is getting a little bit harder to comply with. The value of the skills that come from an internal audit is a tool that can be applied to managing the quality management system and the overall performance of a medical device or life science manufacturing company, and those skill sets can be applied out to the distribution chain and supply chain as well. So, it is a very useful set of skills being able to go out there and get this information to give a value add to the company, as far as managing risk and providing management information to the overall process.
What are the real benefits of having a good internal audit programme and having people doing good internal audits in companies?
With a good internal audit what we’re aiming for, when we’re focusing on our own performance and the performance of our supply chain or distribution, is giving us the ability to find problems and solve them before somebody external to the organisation finds out about them, so a good programme has broad coverage across the organisation. It is testing all the processes, both of the organisations’ suppliers and the distributors, looking at those economic operators from a European perspective and it’s thorough, it’s focused along the things that give risk to the organisation, so it needs to be risk-based, with broad coverage but a risk-based process. We really emphasise on those areas and what the process of the tool gives you is a systematic way of asking questions, working with people, getting answers, and comparing those to the requirements or the specification that you were aiming for and making judgments about whether the goals of the quality management system or any other element of the business have actually been met. Once we’ve got it there, it is a great mechanism to fix those problems and provide the information to supply that, and at the end of the process your final bit is going back and using the same techniques to make sure what you’ve done actually works and has actually addressed the issue and benefited the organisation, effectiveness checks. So, it’s a broadly used tool and those interrogation, recording, and investigation skills are pretty useful to the entire organisation.
What kind of skills are required for someone to conduct an effective audit?
Any sort of audit requires the auditor to plan what they’re going to do and research the area they are going to audit, the requirements and the evidence needed that goes along with that. Through that planning process they need to work with the people in that area to schedule an assessment and be able to use the auditing technique to get that information, and it’s very important. One of the real core skills there, is getting to information within an organisation in a way that it is systematic and formal, but doesn’t put people’s backs up because we want to learn these things, and an internal audit system that doesn’t throw up opportunities for improvement or non-conformities, or however the system refers to it isn’t working very well, you are not being hard enough on yourself, you are not generating that input to really aim for what some organisations I work with call “be audit ready everyday”, so that’s one of the goals of an internal audit system. We live in a world of unannounced audits, and you want to be ready for a possibly slightly hostile third party to be coming in and auditing you, and have confidence in your systems, your documentation and that your people are practised and rehearsed in receiving that sort of focus and that any issues are addressed as you go forward. A metric for this that I often use is your internal audit system should find more opportunities for improvement or non-conformities than a third party does. If you’re not, then you need to work harder on that area to get that information out, but don’t trust the zero audits. Audit findings are good!
What are the types of audits that are conducted within an organisation?
Most internal audits are first or second party that we would get involved in as medical device manufacturers. We will be either auditing our own systems and procedures within the quality management system that we are working in, or we will be doing second party audits where will be going out to our suppliers, our wider support structures of the company and using the same techniques to audit those people. When we go out into the field and use these techniques, we usually do it in a more focused manner so if we are looking into a supplier, we might be looking at specific manufacturing processes or elements of their quality management system. If they are warehousing our product, we might be very interested in how they are looking after the product, but not so interested in how they are doing other elements that aren’t part of our risk-based focus. We are gathering evidence to demonstrate that they are in a state of control as well, maybe from a process validation perspective. There is a checklist that will have the things that we need them to demonstrate so that is going to be slightly different, but that’s first and second party audits. What we really receive are third party audits, when a notified body or a competent authority visits us, we are the slightly unwilling recipients of third-party audits, but being auditors and being trained and having a group of knowledgeable people who know how audits should be conducted, is a great way to prepare an organisation to not only give but receive those audits and what the audit process is all about.
Are there any resources that people can search for to help them with auditing?
Absolutely, the basic training to get those skills in a practised and reproduced manner is a very important part of audits, but the types of questions you would ask in an audit on different areas are equally important and something you generates skill in as you’re learning to plan audits and preparing your questions beforehand. There is a great resource out there that’s published freely by the US FDA, it can be found on the fda.gov website and it’s called the QSIT auditing technique. It’s a series of questions that examine different areas of the quality management system, like design and development and product realisation, and it tells you what the FDA audit is actually going to ask if you were ever getting a third party audit from them, it’s a great place to start with planning your audits and looking at where the emphasis would be from a regulator, and it’s very detailed about exactly the questions they are going to ask, and the order they are going to ask them in. It’s a great resource, don’t follow it word for word, but it’s a great starting point to prompt questioning and planning that’s appropriate for the scope of the audit that you’re conducting and following up on so a great place to go and get that.
Watch the interview on internal audits below:
To view all our medical device courses follow the link below.