The frequency of audits in a health technology company is primarily determined by the requirements of the ISO 13485 standard and the MDR/IVDR regulations. Internal audits must be conducted in accordance with the audit plan defined in the quality management system. External audits performed by a notified body are carried out annually. Regular audits ensure the functionality and compliance of the quality management system.
Regulatory Requirements Determining Audit Frequency in a Health Technology Company
The audit frequency in a health technology company is primarily determined by the European Union’s MDR and IVDR regulations. The ISO 13485 standard requires organizations to conduct internal audits at planned intervals to ensure the effectiveness of the quality management system.
Medical devices in different risk classes may entail stricter audit requirements. For instance, for high-risk devices (Classes IIa, IIb, and III), the notified body must also assess the compliance of the device’s technical documentation.
Other significant regulatory requirements include, for example, the Medical Device Single Audit Program (MDSAP), recognized by the FDA, for companies targeting international markets.
How often should internal and external audits be conducted in a health technology company?
Internal audits must be conducted in accordance with the audit plan defined in the quality management system, covering all aspects of the quality management system, for example, over a three-year period. Not all parts of the quality management system need to be audited annually; instead, the plan can be cyclical, addressing different areas in different years, ensuring that all areas are audited within the specified period, such as three years.
In practice, many companies divide internal audits into several parts throughout the year. For example, product development processes may be audited in the spring, while manufacturing and supplier management are audited in the fall. This approach makes audits more manageable and less disruptive to daily operations.
External audits performed by a notified body are conducted at least annually, with notified bodies also required to perform unannounced audits at least once every five years. This rhythm ensures continuous monitoring of compliance.
Special circumstances may require additional audits. Significant product changes or corrective actions must be reported to the notified body, which may, depending on the case, lead to an audit. Organizational changes or the introduction of new suppliers may also necessitate audits outside the planned schedule.
Consequences of Non-Compliance with Audit Requirements in the Health Technology Industry
Failure to comply with audit requirements can lead to the loss of CE certification and the removal of products from the market. The competent authority may impose a production ban or require extensive corrective actions before operations can resume. In the most severe cases, consequences can range from financial penalties to criminal liability.
Non-compliance significantly undermines a company’s reputation and customer trust. Losing the confidence of certification bodies can prolong future audit processes and increase costs. Insurance companies may also revise their coverage policies, affecting the company’s risk management.
Prevention is always more cost-effective than remediation. Regular internal audits help identify deficiencies before external audits. Utilizing expert services in audit preparation and quality management system development ensures compliance and helps avoid costly consequences.
Health technology companies should invest in adequate audit resources and expertise. Properly conducted audits are not only a mandatory requirement but also a valuable tool for business development and risk management. Regular auditing establishes a foundation for sustainable growth and success in international health technology markets.
