Manufacturers of medical devices are subject to extensive requirements under ISO 13485, QMSR, MDR, and IVDR. These regulatory frameworks require not only documented processes, but also their regular evaluation for effectiveness. Audits in medical technology are a key instrument for assessing compliance, identifying risks at an early stage, and systematically implementing improvement opportunities.
Depending on their objective, internal audits, supplier audits, and external certification audits differ significantly in terms of focus, depth, and responsibility. What they share, however, is the goal of creating transparency regarding the actual state of the quality management system.
What is an audit in MedTech
An audit is a structured, documented and independent assessment in which it is evaluated whether defined requirements are fulfilled and whether processes are effectively implemented.
In the context of medical technology, these requirements relate to regulatory and normative standards. The focus is not limited to formal documentation, but in particular on the practical implementation in day-to-day operations.
Audits in MedTech typically cover the following aspects:
- Assessment of process compliance
- Verification of risk control
- Effectiveness of CAPA measures
- Adequacy of management review
- Traceability of regulatory decisions
A risk-based approach plays a central role. Processes with a higher impact on product quality or patient safety are examined in greater depth, while areas of lower criticality are assessed proportionately.
Typical challenges in MedTech audits
Companies often face the challenge of aligning audit programmes strategically rather than treating them as purely formal compliance exercises.
Internal audits are sometimes conducted with an excessive focus on documentation and insufficient attention to process effectiveness. Supplier audits may be limited to questionnaire-based assessments without adequately evaluating operational processes on-site. External audits conducted by certification bodies, in turn, require consistent and robust evidence across all QMS processes.
Further typical issues include:
- Unclear allocation of responsibilities
- Incomplete root cause analyses for non-conformities
- Recurring findings due to insufficient verification of effectiveness
- Inadequate risk-based audit planning
- Lack of integration of audit results into management decision-making
An effective audit programme must therefore be understood as an integral part of corporate governance and be closely linked to CAPA processes and strategic planning.
Our objectives are
We create clarity on how internal audit structures need to be designed in order to meet regulatory requirements in a transparent and traceable way, while at the same time generating added value for the organisation.
A key objective is to align audit programmes in a risk-based manner. This involves assessing which processes are particularly critical for product quality, patient safety, and regulatory compliance.
In addition, we support companies in systematically integrating audit results into CAPA processes and verifying their effectiveness.
For audits conducted on behalf of certification bodies, the focus is also on an objective and standards-compliant assessment of the quality management system within the framework of certification procedures.
We work with
Our services are aimed at medical device manufacturers and their suppliers who wish to establish, conduct, or further develop internal audit programmes.
We also support companies in the risk-based assessment, qualification, and auditing of their suppliers, particularly in the context of outsourced processes or critical components.
In the context of audits by certification bodies and regulatory authorities, we work with companies preparing for certification or surveillance audits as well as FDA inspections, or seeking an independent pre-assessment (mock audit) of their system.
Our main points of contact are typically professionals responsible for quality management, regulatory affairs, procurement, and production, as well as members of senior management.
Our services include
Our audit services in MedTech cover the planning, execution, and follow-up of various types of audits.
Internal audits
- Development of risk-based audit programmes
- Conducting process-oriented system audits and mock audits prior to FDA inspections
- Verification of compliance with normative and regulatory requirements
- Assessment of the effectiveness of CAPA measures
Supplier audits
- Risk classification of suppliers
- Assessment of outsourced processes in accordance with ISO 13485
- Review of quality agreements
- Conducting on-site or remote audits
- Assessment of supplier performance and deviation management
Audits conducted on behalf of certification bodies
- Conducting independent audits within certification processes
- Assessing conformity with ISO 13485 and ISO 9001
- Preparing transparent and traceable audit reports
- Classifying non-conformities in accordance with defined criteria
- ISO 9001 Quality management systems – requirements
- ISO 13485 Medical devices – Quality management systems – Requirements for regulatory purposes
- ISO 19011 Guidelines for auditing management systems
- FDA 21 CFR Part 820 Quality Management System Regulation (QMSR)
- Swiss Medical Device Ordinance MepV 812.213
- European Medical Device Regulation (EU) 2017/745 MDR
- Medical Device Single Audit Program MDSAP
