Tuesday, July 7, 2009

General principles for auditing organisations - Medical device manufacturers

5.1 Independence
The auditing organisations and their auditors shall be impartial and free from engagements and influences which could affect their objectivity, and in particular shall not be:
a) involved in the design, construction, marketing, installation, servicing or supply of the device categories within the scope of the audit;
b) involved in the design, construction, implementation or maintenance of the quality system being audited;
c) an authorised representative of the manufacturer.
Examples where independence could be compromised would include the following:
i) the auditor having a financial interest in the company being audited (e.g. holding stock in the company);
ii) the auditor being employed currently by a manufacturer producing medical devices.
iii) the auditor being a member of staff from a research or medical institute or a consultant having a commercial contract or equivalent interest with the manufacturer or the manufacturers of similar devices.
All persons and organisations involved with an audit should respect and support the independence and integrity of the auditors.
The impartiality of the auditing organisation and auditors shall be established and documented.

5.2 Audit objectives and scope
Audit objectives and scope should be clearly defined and documented by the auditing organisation and the audit team and, as permitted by the regulatory requirements, agreed to by the manufacturer in the initial planning stages of the audit. However, based on the quality audit observations, the audit scope and objectives may be modified.
5.3 Roles, responsibilities and authorities
All the organisations involved in the audit process should be identified and their respective roles, responsibilities and authorities should be clearly defined and documented to:
a) ensure a clear understanding of mutual expectations throughout the audit process;
b) provide a means of accountability with respect to relevant regulatory requirements.
5.4 Resources
Adequate resources in terms of competent staff, financial support, time to conduct effective audits and, where necessary, access to technical information and expertise from external sources should be committed to the conduct and implementation of audits and all supporting audit activities in order to ensure that audit results and conclusions are of the highest possible reliability within the limitations of the sampling aspects of auditing.
5.5 Competence of the audit team
Audits of medical device manufacturers should only be performed by audit teams possessing as a whole the education, skills and experience with respect to the relevant regulatory requirements and to the device technologies and related processes, as well as those required for auditing.
5.6 Consistency of procedures
The conduct of audits should be in accordance with defined and documented methodologies and techniques designed to provide consistency of approach and depth among audits of the same type and scope. The management of audit activities should be in accordance with documented, systematic procedures designed to provide the necessary technical and administrative support for the audits. Such procedures should be designed to comply with the applicable regulatory requirements and align with these Guidelines. See also clause 11.1.2

5.7 Adequacy of audit documentation
Documentation associated with each audit shall be maintained in accordance with applicable regulatory requirements and be sufficient to:
a) provide adequate information to the appropriate regulatory authorities to be used, if necessary, in pre-market approval or post market surveillance activities; and
b) ensure traceability and continuity between the successive audits of the same system; and
c) provide a basis for corrective action and opportunities for quality improvement to the manufacturer.
5.8 Confidentiality, due professional care and code of ethics
The confidentiality of all documents and information obtained in association with an audit should be safeguarded. There should be no disclosure of such documents and information to a third party without the express approval of the auditee, unless it is a regulatory requirement.
Due professional care, diligence and good judgement should be practised at all times in the conduct of an audit and in the management of supporting activities in accordance with an established and documented code of ethics.
5.9 Audit results and conclusions
The results and conclusions of audits should be consistent and accurate regardless of the auditors or the auditing organisation involved, to provide the beneficiaries of the audit with the necessary level of confidence in the output. Such conclusions are subject to the normal limitations of an audit as the objective evidence collected during the audit is a sample not normally based on a statistical rationale.
5.10 Quality system
Auditing organisations should implement and maintain a quality system to ensure that the audits conducted are of the highest quality in accordance with these general principles and to facilitate continuous improvement.

No comments: