Sponsored By

Be prepared: The auditors are coming

When I last wrote about the European Commission's recommendation that Notified Bodies perform unannounced audits of medical device manufacturers along with their critical subcontractors and crucial suppliers, there was a fair amount of curiosity about how this would play out.

Norbert Sparrow

September 12, 2014

4 Min Read
Be prepared: The auditors are coming

When I last wrote about the European Commission's recommendation that Notified Bodies perform unannounced audits of medical device manufacturers along with their critical subcontractors and crucial suppliers, there was a fair amount of curiosity about how this would play out. As recently as March 2014, a member of the Global Medical Device Regulatory Updates group on LinkedIn asked fellow members if any of them had had an unannounced Notified Body audit. Only a couple of group members confessed to having had the pleasure. One of them found it "disturbing," because the Notified Body showed up without any "senior" people, resulting in a "farcical" exercise. The other deemed it "inconvenient" but "not over the top." Since then, unannounced visits have started to hit their stride. Last week, BSI announced that it would conduct up to 300 company visits before the end of the year. Headquartered in London but international in scope, BSI has already conducted some 15 unannounced visits in the United States, with more scheduled for the rest of 2014 and into 2015, noted Paul Brooks, SVP, Healthcare, BSI, on LinkedIn.

Image courtesy Stuart Miles/freedigitalphotos.net.

Why should you care? Well, if you are involved in the manufacture of a medical device that is placed on the EU market—and that applies to "critical" and "crucial" links in the supply chain, not just the company that puts its name on the product—you could be on the hook for a surprise visit from a Notified Body. According to the Commission recommendation, unannounced audits are to be conducted at least every three years, more frequently if high-risk devices are being placed on the market. These visits are in addition to the regular certification audits prescribed in the EU medical device directives.

Although unannounced audits have always been possible under Europe's current medical device directives, which will soon be replaced by a new set of medical device regulations, they were implemented on an ad hoc basis. The Pip implant scandal changed all that. As you may recall, French maker of breast implants Poly Implant Prothèse (Pip) was discovered to be fraudulently using industrial grade rather than medical grade silicone. Pip fooled its auditors simply by hiding the noncompliant silicone when they made their announced visits. To assuage the public outrage that ensued, the European Commission published its recommendation for mandatory unannounced audits.

Where the process remains a bit murky is when critical subcontractors and crucial suppliers are targeted. As with medical device OEMs, unannounced audits were always a possibility for these suppliers, but now the "circumstances have changed," Peter Havel, Senior Vice President of Medical & Health Services, TÜV SÜD, told emdt, a medical manufacturing website and magazine for Europe's medtech community. "In the past, we would have usually accepted that a supplier is already certified by either the same Notified Body or another Notified Body and has a certificate for the parts or processes that are outsourced by the manufacturer," Havel told Shana Leonard, who authored the article. "But following the logic of unannounced audits: If there is an outsourced process and this process is critical to the safety of the device or the patient, then a Notified Body has to make the decision to do an unannounced audit there, too, even if this contract manufacturer has a [quality management or ISO] certificate."

In the article, Leonard notes the issues that these visits can raise for suppliers, especially since they may partner with multiple OEMs and would, therefore, be subject to a stream of Notified Bodies coming to inspect the facilities. Intellectual property concerns are also a legitimate concern. "A contract manufacturer may not want its IP disclosed for the process or part provided to the manufacturer, for example. This is a point that may need to be addressed when revising contracts," Havel recommends.

Jim Twitchell, who works for an undisclosed medtech company in the San Francisco area, has been through an unannounced audit, and he offers the following advice on LinkedIn: "We always maintain our site in an 'audit ready' state, so we were able to host and support [the auditors]. Your quality system management documentation should consider the eventuality that the management rep may not be on site; no different than with FDA. You can have a defined delegate for management representative responsibilities. While I tend to think the actions from the Competent Authorities [EU member state regulatory bodies similar to FDA] are over the top, and a knee-jerk reaction to a couple of isolated cases, it is what it is, and what it is, is law."

Several Notified Bodies, such as BSI and TUV SÜD, have published FAQs related to this procedure. I would suggest giving those documents a read and sitting down with your OEM customers, if appropriate, to clarify your responsibilities before someone comes knocking at your door.

Norbert Sparrow

Norbert Sparrow is Senior Editor at PlasticsToday. Follow him on twitter @norbertcsparrow and Google+.

About the Author(s)

Norbert Sparrow

Editor in chief of PlasticsToday since 2015, Norbert Sparrow has more than 30 years of editorial experience in business-to-business media. He studied journalism at the Centre Universitaire d'Etudes du Journalisme in Strasbourg, France, where he earned a master's degree.

www.linkedin.com/in/norbertsparrow

Sign up for the PlasticsToday NewsFeed newsletter.

You May Also Like