Proposed draft consultation: Auditor competency and ... · IMDRF WG (PD1)/N4R2 January 31, 2013 Page 6 of 23 . 135 3.9. Program Administrator: The person that conducts a review of

WG (PD1)/N4R2 1 2

3 4 5

6 7

8 9 10 11 12 13

Proposed Draft 14

International Medical Device Regulators Forum 15

16 17 18 19 20 21 22 23 24 25 Title: Auditor Competency and Training Requirements for Organizations 26

undertaking Audits of Medical Device Manufacturers 27 28 29 Authoring Group: IMDRF MDSAP Work Group 30 31 Date: January 31, 2013 32 33 34 35 36 37 38

IMDRF WG (PD1)/N4R2

January 31, 2013 Page 2 of 23

Table of Contents 39 40

1.0 Scope ...............................................................................................................................4 41 2.0 Reference(s) .....................................................................................................................5 42 3.0 Definitions........................................................................................................................5 43 4.0 Responsibilities ................................................................................................................6 44 5.0 Commitment to Impartiality and Confidentiality ...............................................................7 45 6.0 Entry Level Requirements ................................................................................................7 46 7.0 Training requirements..................................................................................................... 12 47 8.0 Auditor, Technical Expert and Final Reviewer Experience Requirements ....................... 14 48 9.0 Competency Evaluation .................................................................................................. 15 49 10.0 Reaffirmation of Code of Conduct .................................................................................. 16 50 11.0 Records of Pre-requisites, Competency Evaluation and Monitoring ................................ 16 51 12.0 Remediation ................................................................................................................... 17 52 Appendix A – Classification of Technical Knowledge ............................................................... 18 53 Appendix B – Competency Matrices ......................................................................................... 22 54

55

IMDRF WG (PD1)/N4R2


Preface 56 57 The document herein was produced by the International Medical Device Regulators Forum 58 (IMDRF), a voluntary group of medical device regulators from around the world. 59 60 There are no restrictions on the reproduction, distribution or use of this document; however, 61 incorporation of this document, in part or in whole, into any other document, or its translation 62 into languages other than English, does not convey or represent an endorsement of any kind by 63 the International Medical Device Regulators Forum. 64 65 This document is being released as a proposed document for public comment in April through 66 June 14, 2013. No comments will be accepted after June 14, 2013. All comments should be sent 67 on the IMDRF Comment form to the Medical Device Single Audit Program (MDSAP) Working 68 Group Chair, Ms. Kim Trautman at mailto:[email protected] with a copy to the 69 IMDRF Secretariat mailto:[email protected]. 70

71

mailto:[email protected]

mailto:[email protected]

IMDRF WG (PD1)/N4R2


Introduction 72 73 The purpose of this document is to specify competency requirements that shall be demonstrated 74 and maintained by recognized Auditing Organization for personnel involved in medical device 75 regulatory audits and decision making. Regulatory Authorities do not qualify, authorize, or 76 otherwise accredit or license auditors. 77 78 The requirements contained within this document are for personnel involved in audits and 79 decision making functions for assessing conformity with regulatory requirements for medical 80 device manufacturers, and includes: 81

- Defining knowledge, skills, and abilities. 82 - Criteria for various degrees of competency based on roles in audits and decision making 83

functions. 84 - Assisting in evaluation and development. 85 - Providing a basis for identifying training needs. 86

1.0 Scope 87

This document applies to recognized Auditing Organizations conducting audits of a medical 88 device manufacturer for Regulatory purposes. Adherence to this document and its requirements 89 will help mitigate the risk of inconsistent or ineffective assessments of manufacturers by 90 ensuring that Auditing Organization personnel have the necessary commitment, competency, 91 experience, and training before conducting an audit or undertaking a decision making function. 92 The Competency Matrix described in Annex D identifies requirements for training and assists in 93 the development of programs for personnel involved in audits and decision making functions. 94 95 This document relates to functions performed by an Auditing Organization and for the assigned 96 roles described in Table 1. 97 98 Functions

Audit On-site Audit/Decision Off-site

Conduct a review of the assessment application to determine audit team competence requirements, select audit team members, and determine audit duration

n/a Program Administrator

Assessment of a quality management system Lead Auditor / Auditor

n/a

Assessment of product related technologies Technical Expert n/a Assessment of technical documentation *Lead Auditor /

Auditor / Technical Expert

Technical Expert

Assessment of conformity with Regulations Lead Auditor / Auditor / Technical Expert

Final Reviewer / Technical Expert

99 Table 1: Auditing organization Functions and Roles 100

IMDRF WG (PD1)/N4R2


101 * Lead Auditor /Auditor through Design and Development Review and/or the Technical Expert 102 may perform technical documentation reviews on site for lower risk medical devices. 103

2.0 Reference(s) 104

· ISO 9000:2005 - Quality management systems — Fundamentals and vocabulary 105 · GHTF/SG1/N78:2012 - Principles of Conformity Assessment for Medical Device 106 · ISO 19011:2011 - Guidelines for quality and/or environmental management system 107

auditing 108

3.0 Definitions 109

3.1 Audit: A systematic, independent and documented process for obtaining audit 110 evidence and evaluating it objectively to determine the extent to which audit criteria 111 are fulfilled. (ISO 9000:2006 clause 3.9.1) 112

3.2 Auditing Organization: An organization that audits a medical device manufacturer for 113 conformity with quality management system requirements. Auditing organizations 114 may be an independent commercial organization or a Regulatory Authority which 115 perform regulatory audits. 116

3.3 Auditor: A person with the demonstrated personal attributes and competence to 117 conduct an audit. (ISO 9000:2006 clause 3.9.9) 118

3.4 Code of Conduct: A statement of the expected behaviors for personnel involved in 119 audits and decision making functions within an Auditing Organization and 120 incorporating the elements defined in IMDRF/MDSAP/N3R4 – Recognition for 121 Organizations undertaking Audits of Medical Device Manufacturers 122

3.5 Competence: Demonstrated personal attributes and demonstrated ability to apply 123 knowledge and skills. (ISO 9000:2006 clause 3.9.14) 124

3.6 Competency Matrix: Chart that defines competencies for personnel involved in audits 125 and decision making functions and sets the behaviors or performance characteristics 126 requiring the application of knowledge, skills, and understanding in accordance with 127 the audit program and defined performance standards. 128

3.7 Final Reviewer: An experienced auditor, who hasn't participated in the audit under 129 review, who performs a review of the audit and finalizes the classification of the audit 130 results. 131

3.8 Lead Auditor: The individual responsible for leading the audit team. The lead auditor 132 manages an audit team, prepares the audit plan, conducts any audit related meetings, 133 and submits the formal audit report. 134

IMDRF WG (PD1)/N4R2


3.9 Program Administrator: The person that conducts a review of the assessment 135 application to determine audit team competence requirements, select audit team 136 members, and determine audit duration. 137

3.10 Regulatory Authority: A government body or other entity that exercises a legal right 138 to control the use or sale of medical devices within its jurisdiction, and that may take 139 enforcement action to ensure that medical products marketed within its jurisdiction 140 comply with legal requirements. (GHTF/SG1/N78:2012) 141

3.11 Technical Documentation: The documented evidence, normally an output of the 142 quality management system, which demonstrates compliance of a device to the 143 Essential Principles of Safety and Performance of Medical Devices. 144 (GHTF/SG1/N78:2012 and GHTF/SG1/N46:2008) 145

3.12 Technical Expert: A person who provides specific knowledge or expertise to the audit 146 team. (ISO 9000:2006 clause 3.9.11) 147

4.0 Responsibilities 148

It is the responsibility of the Auditing Organization to collect and maintain evidence that 149 demonstrates that personnel involved in audits and decision making functions meet the minimum 150 specified competency requirements contained within this document. 151 152 The Auditing Organization is expected to have documented processes to: (1) initially qualify 153 personnel involved in audits and decision making functions to the specified requirements 154 contained within this document, based on demonstrated competence; (2) ensure that the 155 competence of personnel involved in audits and decision making functions is maintained on a 156 continuing basis; (3) provide personnel with appropriate support and resources where needed 157 and, (4) maintain records of these activities including a signed Code of Conduct for each person 158 involved in the Regulatory Audit process. Auditors-in-training may be included in the audit 159 team, but shall not audit without direction or guidance from the Lead Auditor. 160 161 The Auditing Organization’s processes for establishing and maintaining competence of 162 personnel involved in audits and decision making functions is subject to assessment by the 163 recognizing Regulatory Authority. 164 165 On request, Auditing Organizations are to provide feedback of their experiences with regards to 166 the competence requirements for personnel involved in audits and decision making functions to 167 the recognizing Regulatory Authority, for the purpose of refining the competency criteria and 168 training requirements defined in this document. 169

IMDRF WG (PD1)/N4R2


5.0 Commitment to Impartiality and Confidentiality 170

Each person involved in audits and decision making functions shall sign a declaration that attests 171 to a commitment to comply with all applicable rules, regulations, policies, values, and codes of 172 conduct of the Auditing Organization. The initial declaration shall include or be part of a 173 disclosure of any potential conflicts of interest, including prior association with a manufacturer 174 or its personnel. The employing Auditing Organization shall implement appropriate 175 arrangements to manage perceived or actual conflicts of interest. 176

6.0 Entry Level Requirements 177

An Auditing Organization shall apply their own procedures for formally selecting, training, and 178 approving personnel involved in audits and decision making functions using the requirements 179 and criteria contained within this document. 180 181 The following are the minimum pre-requisite education, experience, and competencies to be 182 demonstrated and maintained by personnel involved in audits and decision making functions. 183

6.1 Pre-requisite Education 184

Lead Auditors, Auditors, Final Reviewers, and Technical Experts should hold a diploma from a 185 university or technical college in medicine, science, or engineering. Disciplines of interest 186 include, for example; 187 188

· Biology 189 · Microbiology 190 · Chemistry 191 · Biochemistry 192 · Computer hardware and software technology 193 · Material sciences 194 · Engineering - electrical, mechanical, biomedical, clinical, bioengineering, 195 · Human physiology 196 · Medicine 197 · Pharmacy 198 · Physics and biophysics 199

200 The educational requirement shall remain a strong basis for classification of Technical 201 Knowledge. Typically Technical Experts develop expertise directly related to their educational 202 background. In addition, there is a strong link to educational background for Technical 203 Knowledge in “horizontal” production technology areas such as sterilization. 204 205 Program Administrators should hold certificates or diplomas for successful completion of 206 secondary school education qualifications. 207 208

IMDRF WG (PD1)/N4R2


In exceptional cases, a demonstration of equivalent knowledge and skills may be acceptable. 209 The Auditing Organization shall justify and document the reasons for accepting alternatives to 210 the education requirements. 211

6.2 Pre-requisite Experience 212

Potential Lead Auditors and Auditors, Final Reviewers, Technical Experts and Program 213 Administrators shall be able to demonstrate sufficient experience to have acquired the requisite 214 knowledge and skills to successfully perform the functions required to perform their designated 215 tasks. 216 217 Potential Lead Auditors, Final Reviewers, and Technical Experts shall demonstrate at least four 218 years of full-time experience in the field of medical devices or related sectors (e.g. industry, 219 audit, healthcare, or research). Successful completion of other formal qualifications (advanced 220 degrees) can substitute for a maximum of three years of working experience. 221 222 In exceptional cases, a shorter duration of experience, or experience in areas not mentioned 223 above, may be acceptable. Such cases may include, for example, individuals employed in an 224 audit, inspectional or enforcement position for a regulatory authority whereby they have acquired 225 and demonstrated in-depth knowledge of the application of quality management principles to 226 medical device manufacturing, the application of regulations, as well as the evaluation of 227 compliance of medical device manufacturers to standards and regulations. An Auditing 228 Organization shall justify and document such cases. 229 230 Potential Final Reviewers shall demonstrate at a minimum the experience and skills of a Lead 231 Auditor. 232 233 Potential Technical Experts shall demonstrate at a minimum advanced experience and expertise 234 in a particular process, medical device, or technology classified as Technical Knowledge. 235

6.3 Pre-requisite Competency Requirements 236

Three broad categories of competencies are required for potential Lead Auditors, Auditors, 237 Technical Experts, and Final Reviewers: 238 239

- Foundational Competencies: those generic skills, personal attributes, and behaviors 240 applicable to all personnel and developed through experience (e.g. Adaptability, 241 Diligence, Analytical thought, Communication, etc.) 242

243 - Functional Competencies: those generic skills applicable to all personnel developed 244

through experience and required to perform assessments (e.g. Project Management; Time 245 Management; Teamwork; effective use of Information Technology, Working Documents, 246 etc.) 247

248 - Technical Competencies: those unique skills developed through experience and specific 249

knowledge applicable to personnel depending on the scope of activities needed to address 250

IMDRF WG (PD1)/N4R2


subject areas (e.g. Regulatory requirements, Risk Assessment, Sustainability, Internal 251 Management Controls, Health and Safety Impacts, etc.) 252

253 The attributes and skills described in the three categories of competency are to be evaluated as 254 part of entry level requirements, as well as through training and other recognition activities. 255

6.3.1 Foundational Competencies 256

1. Ethics: Able to act in a responsible, fair, truthful, sincere, honest, and discreet manner with 257 fortitude, even though these actions may not always be popular and may sometimes result in 258 disagreement or confrontation. 259 (See also; ISO 19011 – Cl 7.2.2 – ethical - fair, truthful, sincere, honest and discreet; and 260 acting with fortitude, i.e. able to act responsibly and ethically, even though these actions may 261 not always be popular and may sometimes result in disagreement or confrontation;) 262 263

2. Objectivity: Demonstrates an impartial, unbiased mental attitude free of conflicts of interest; 264 makes a balanced assessment of the relevant circumstances and not unduly influenced by 265 their own interests or by others in forming judgments. 266 (See also; ISO 19011 – Cl 7.2.2 - open-minded, i.e. willing to consider alternative ideas or 267 points of view) 268

269 3. Reasoning: Makes timely and sound decisions after appropriate evaluation of input or 270

information. 271 (See also; ISO 19011 – Cl 7.2.2 - decisive, i.e. able to reach timely conclusions based on 272 logical reasoning and analysis) 273

274 4. Interpersonal Skills: Establishes and maintains positive working relationships with a diverse 275

group of contacts. Works effectively as a team member during the assessment process. 276 Recognizes and considers input from all assessment program stakeholders. 277 (See also; ISO 19011 – Cl 7.2.2 - self-reliant, i.e. able to act and function independently 278 whilst interacting effectively with others and collaborative, i.e. effectively interacting with 279 others, including assessment team members and the Auditing Organization personnel. 280 See also; ISO 17021 – Appendix D - professional, i.e. exhibiting a courteous, conscientious 281 and generally business-like demeanor in the Workplace) 282

283 5. Analysis: Seeks relevant, reliable, and competent information for use in problem solving and 284

decision making. Uses sound logic to develop alternative solutions and recommendations. 285 286 6. Communication: Communicates ideas in a style that is clear, concise, fluent, and to-the-point, 287

takes audience needs into consideration in oral, written and presentation communications. 288 289 7. Diligence: Exercises prudence and caution during the conduct of the assessment such that a 290

reasonable person would conclude that steps taken and the resulting conclusion were arrived 291 at in a logical manner using all relevant information available. 292

293

IMDRF WG (PD1)/N4R2


8. Adaptability: Demonstrates the ability to use or consider nontraditional methods; makes 294 changes in response to demands and circumstances. 295 (See also; ISO 19011 – Cl 7.2.2 - versatile, i.e. able to readily adapt to different situations) 296

297 9. Tenacity: Persistent 298

(See also; ISO 19011 – Cl 7.2.2 - tenacious, i.e. persistent and focused on achieving 299 objectives) 300

301 10. Intuition: Makes judgments in the absence of complete factual information using 302

perspectives from past experiences and observations. 303 (See also; ISO 19011 – Cl 7.2.2 -perceptive, i.e. aware of and able to understand situations) 304

305 11. Observation: Draws on past experience to obtain visual facts on conditions as they exist and 306

makes comparisons of actual vs. recorded information; compares reality to standards, 307 policies, or procedures to derive opinion on compliance. 308 (See also; ISO 19011 – Cl 7.2.2 - observant, i.e. actively observing physical surroundings 309 and activities) 310

6.3.2 Functional Competencies 311

1. Information Technology: Has the willingness and ability to apply; electronic technology to 312 complete work objectives, new techniques, and/or technologies as a routine part of 313 assessments and has a working knowledge of how to use regulatory and functional databases 314 and systems. 315 316

2. Interviewing: Plans, conducts, and documents results of discussions with individuals in such 317 a manner as to achieve assessment objectives; ability to determine accuracy of information 318 from interviewees and potential indicators of further follow-up action. Skilled in obtaining 319 relevant, reliable, and useful information from individuals at all levels in the auditing 320 organization. 321

322 3. Teamwork: Provides constructive feedback to assessment team members. Ability to identify 323

skill needs and methods for performance improvement; assists with handling performance 324 issues. Provides environment to maximize Auditor proficiency. 325 (See also; ISO 19011 – Cl 7.2.2 - open to improvement, i.e. willing to learn from situations, 326 and striving for better assessment results) 327

328 4. Conflict Resolution: Recognizes the potential and actual sources of personnel conflict from 329

assessment program stakeholders. Achieves results through diplomatic handling of 330 disagreements and potential conflict; works effectively and cooperates with other individuals 331 and departments to resolve conflicts. 332 (See also; ISO 19011 – Cl 7.2.2 - diplomatic, i.e. tactful in dealing with people) 333

334 5. Supervision: Plans, organizes, directs, monitors, and evaluates the work of others assigned to 335

assessment projects. 336 (See also ISO19011 - Clause 7.2.3.4) 337

338

IMDRF WG (PD1)/N4R2


6. Writing Literacy: Prepares reports and presentations that are clear, concise, and based on the 339 objective evidence. 340

341 7. Time Management: Monitors progress against objectives; completes duties in timely, 342

complete, and effective manner. 343 344

8. Records Management: Documents work procedures, situations observed while performing 345 assessment steps, issues identified, assessment against standards, support for opinions, and 346 resolutions/recommendations for action. 347

348 9. Legal Protections: Applies legal privileges and demonstrates how to maintain legal 349

protection of communications and information identified as part of the assessment process. 350 351 10. Cultural Sensitivity: Observant and respectful to the culture of the Auditing Organization 352

(See also; ISO 19011 – Cl 7.2.2 - culturally sensitive) 353 354 11. QMS: Understands and follows the prescribed policy, procedures, and forms for the 355

organizations own quality management system. 356 357 12. Autonomy: Ability to work independently and adjust to unforeseen circumstances with 358

minimal assistance 359

6.3.3 Technical Competencies 360

1. Quality Systems: The principles and applications of medical device quality systems 361 standards, regulations, and guidance documents (e.g. Global Harmonization Task Force 362 Study Group 3 guidance documents). 363

364 2. Regulatory requirements: An understanding of the medical device regulatory requirements of 365

the participating Regulatory Authorities for which the person will be working in to enable an 366 assessment of the applicability and compliance with such standards, laws and regulations. 367

368 3. Medical devices: An understanding of medical devices and the requisite manufacturing 369

activities, including: 370 · their intended use 371 · types of medical devices including their complexities, technologies, and risk 372

classifications 373 · safety and risks of medical devices 374 · processes and technologies used by, and the typical organization of, medical device 375

manufacturers 376 377 4. Auditing Procedures and Techniques: An understanding of the Auditing Organization’s 378

procedures and criteria; an understanding of the relevant standard, and related parts, used for 379 the recognition of the Auditing Organization; and an understanding of auditing standards and 380 techniques for auditing Quality Management Systems. 381

382

IMDRF WG (PD1)/N4R2


5. Statistical Analysis: Knowledge of the basic concepts of probability and statistics including 383 mean, median, confidence level and standard deviation as it relates to representative 384 sampling and trend analysis. 385

386 6. Risk Management: Knowledge of risk management principles including; 387

· Risk Analysis – systematically identifying hazards (i.e. undesirable outcomes and 388 consequences considering environmental impacts and health and safety exposures) 389 and estimating risks (expressed as the severity of exposure, or impacts, and the 390 probability of occurrence) 391

· Risk evaluation – comparing estimated risks against criteria to determine the 392 acceptability of the risk 393

· Risk Control – mitigating and maintain the likelihood and/or severity of risk to 394 acceptable levels 395

· Monitoring the effectiveness of controls - through production and post-production 396 information 397

7.0 Training requirements 398

The following are the minimum activities undertaken to establish initial competency and to 399 maintain proficiency. 400

7.1 Mandatory Initial Training 401

Final Reviewers, Lead Auditors, Auditors and Technical Experts, are to undertake any new 402 training mandated by the recognizing Regulatory Authority within the designated timeframes. 403 Such training could encompass new or revised requirements that were not part of the individual’s 404 previous training. Such training will count toward annual Continual Professional Development 405 (CPD) hours. 406 407 Final Reviewers, Lead Auditors, and Auditors shall have successfully completed the following 408 training prior to performing independent work for the Auditing Organization: 409 410

· 40 hours of class room training in the ISO 9001 standard including a minimum of 8 hours 411 dedicated to the additional requirements of ISO 13485. In cases of already qualified ISO 412 9001 auditors, a minimum of 8 hours of class room training in the additional 413 requirements of ISO 13485. Any alternative evidence of equivalent training by other 414 means shall be justified and documented. 415 416

· 32 hours of training in medical device regulations, and auditing for conformity to those 417 regulations, or equivalent, plus sufficient additional time for each set of jurisdictional 418 regulatory requirements within the scope of recognition for the Auditing Organization 419 and commensurate with the existing experience of the trainee. 420 421

· 8 Hours of training in risk management principles, preferably related to the design of a 422 medical device (e.g. ISO 14971) and their application within a quality management 423 system. (e.g. ISO 13485 and GHTF/SG3/N15R8) 424

IMDRF WG (PD1)/N4R2


· Specified training documented in a training plan and including; the relevant procedures of 425 the Auditing Organization’s quality management system, a sufficient number of audits 426 witnessed by the trainee, and a sufficient number of audits performed by the trainee under 427 supervision and observed by a Lead Auditor, prior to a recognition audit. An Auditing 428 Organization may use evidence of relevant audits performed for another Auditing 429 Organization to show fulfillment of this training requirement. 430 431

Technical Experts shall have successfully completed the following training prior to performing 432 independent work for the Auditing Organization: 433 434

· For each recognition in a category of Technical Knowledge, irrespective of whether this 435 is the first or a later category to be qualified, the Auditing Organization shall document 436 evidence of appropriate training and knowledge for the Technical Expert in the Technical 437 Knowledge category. This may be in the form of training in the requirements of relevant 438 standards, training in the characteristics of, or requirements for, products, product, or 439 process technologies, or training in the clinical indications for a product category, etc. 440 441

· 32 hours of training in medical device regulations, and auditing for conformity to those 442 regulations, or equivalent, plus sufficient additional time for each set of jurisdictional 443 regulatory requirements within the scope of recognition for the Auditing Organization 444 and commensurate with the existing experience of the trainee. 445

446 · 8 Hours of training in risk management principles, preferably related to the design of a 447

medical device (e.g. ISO 14971) and their application within a quality management 448 system. (e.g. ISO 13485 and GHTF/SG3/N15R8) 449 450

· Specified training documented in a training plan and including; the relevant procedures of 451 the Auditing Organization’s quality management system, a sufficient number of technical 452 documentation reviews witnessed by the trainee, and a sufficient number of technical 453 documentation reviews performed by the trainee and peer reviewed by an experienced 454 Technical Expert, prior to being qualified to perform independent technical 455 documentation reviews. An Auditing Organization may use evidence of technical 456 documentation reviews performed for another Auditing Organization to show fulfillment 457 of this training requirement. 458

459 Program Administrators shall have successfully completed specified training documented in a 460 training plan in the relevant procedures of the Auditing Organization’s quality management 461 system. 462

7.2 Continual Professional Development 463

In accordance with the Code of Conduct, personnel involved in audits and decision making 464 functions shall commit themselves to continually improve their proficiency, effectiveness, and 465 quality of work. 466 467

IMDRF WG (PD1)/N4R2


Lead Auditors and Auditors, Final Reviewers, Technical Experts and Program Administrators 468 shall fulfill a minimum requirement for continual professional development (CPD): 469 470

· 6 hours of professional development per year; and, 471 · 8 hours of annual training on changes to regulatory requirements and updates on relevant 472

guidance documents pertaining to the regulations, or equivalent. 473 474 Mandatory annual training or re-training on internal Auditing Organization procedures and 475 processes shall not count toward CPD hours. In order to count toward CPD hours, training shall 476 maintain or augment existing competencies, or be provided for the acquisition of new 477 competencies relevant to the roles and responsibilities in audits or decision making functions. 478 Personnel with a broad scope of competence may require more CPD hours per year to maintain 479 their competence. Auditing Organizations shall not permit additional hours carried forward to 480 count as CPD hours in future years. 481

8.0 Auditor, Technical Expert and Final Reviewer Experience Requirements 482

Before undertaking independent auditing, Auditors-in-training shall demonstrate at least 20 on-483 site audit days of a medical device manufacturer’s quality management system, which have been 484 observed by a Lead Auditor, conducted in the previous 12 months and with at least 4 complete 485 audits as a member of an audit team. 486 487 Lead Auditors shall demonstrate participation in at least 6 audits that total at least 15 audit days 488 in each subsequent 12 month period. At least 2 of these audits shall be complete audits. 489 490 Before recognition as a Lead Auditor, Lead Auditors-in-training shall have successfully 491 concluded all requirements for an Auditor. Lead Auditors-in-training shall demonstrate at least 492 35 on-site audit days of a medical device manufacturer’s quality management system with at 493 least 3 complete audits conducted within the previous 12 months. Lead Auditors-in-training 494 shall demonstrate at least 15 audit days as Team Leader. Lead Auditors-in-Training are only 495 qualified as a Lead Auditor after a successful witness audit has been documented by a qualified 496 Lead Auditor. 497 498 Lead Auditors shall demonstrate participation in at least 6 audits that total at least 15 days in 499 each subsequent 12 month period. At least 2 of these audits shall be an initial audit or re-audit. 500 At least 2 of these audits shall be performed as an audit team leader. 501 502 Technical Experts shall demonstrate at a minimum advanced experience in a particular process, 503 medical device, or technology classified as Technology Knowledge. A maximum of 10% of the 504 Technical Experts required experience may be derived from time spent meeting the educational 505 requirement, based on detailed written justifications. For recognition in a first Technical 506 Knowledge category, the Technical Expert must have successfully complete 3 technical 507 documentation reviews. Alternatively, reviews of design dossiers (or their equivalent) in the 508 relevant Technical Knowledge category may count toward this requirement. Already approved 509 Technical Files may be used for recognition purposes. For recognition in an additional 510

IMDRF WG (PD1)/N4R2


Technical Knowledge category, the Technical Expert shall provide evidence of relevant and 511 adequate product training, knowledge, and/or experience. 512 513 Technical Experts shall perform 5 technical documentation reviews in each 12 month period. 514 Reviews of significant changes in technical documentation to a product can count for a 515 maximum of 50% of the 5 technical documentation reviews in each 12 month period. 516 517 Technical Experts for process related technology reviews shall perform 5 off-site /on-site 518 reviews in each 12 month period. 519 520 Final Reviewers must have 2 years of seniority/experience in regulatory audits of medical device 521 manufacturers and have successfully concluded all requirements for a Lead Auditor. 522 523 Final Reviewers authorized to monitor training and approve, suspend or withdraw recognition 524 for Technical Experts must have adequate seniority/experience in technical documentation 525 reviews. 526 527 Auditing Organization’s shall record the Technical Knowledge of their Auditors, Lead Auditors, 528 and Technical Experts. This record of Technical Knowledge shall be kept current and used by 529 the Program Administrator to assign auditors and technical experts to specific audits. See 530 Appendix A – Classification of Technical Knowledge 531

9.0 Competency Evaluation 532

9.1 Competency Evaluation Criteria 533

Lead Auditor, Final Reviewer, Technical Expert, and Auditor competency levels will differ and 534 depend on their roles in the assessment program. 535 536 An Auditing Organization is to assign one of four levels for each competency depending on the 537 person’s role: 538 539

Importance Requirement Level Critical Skill or Knowledge Must have 4 Important Skill or Knowledge Should have 3 Helpful Skill or Knowledge Preferable to have 2 Skill or Knowledge Not Critical Not necessary 1

540 A Competency Matrices describe the initial and ongoing competency level required for each 541 role. See Appendix B. 542 543 Auditing Organizations shall use the Competency Matrix to formulate and maintain training 544 plans for Lead Auditors, Final Reviewers, Technical Experts, and Auditors to ensure that they 545 achieve the necessary competency levels. The learning process could include; formal assessment 546 skills training and education, on the job assessment experience, professional development 547 activities, supervisor/manager coaching and mentoring, etc. 548

IMDRF WG (PD1)/N4R2


9.2 Methods of Evaluation: Initial and Ongoing Monitoring. 549

Auditing Organizations shall evaluate the competency of Lead Auditors/Final Reviewers, 550 Technical Experts, and Auditors using a combination of monitoring methods that may include; 551

· Review of records of audits or inspections, education, training, etc. 552 · Feedback from peers and supervisors 553 · Interviews 554 · Observation of performance 555 · Testing 556

9.3 Re-Evaluation 557

An Auditing Organization shall evaluate Lead Auditors/Final Reviewers, Technical Experts, and 558 Auditors for continued recognition of competency at least every 3 years. 559 560 An Auditing Organization shall confirm skills and personal attributes of Lead Auditors and 561 Auditors through a witness audit every two years. 562

10.0 Reaffirmation of Code of Conduct 563

Personnel involved in the audit are to reaffirm their commitment to the Code of Conduct on an 564 annual basis. This should be in the form of a signed statement kept on file. 565

11.0 Records of Pre-requisites, Competency Evaluation and Monitoring 566

Auditing Organizations will maintain current and accurate records associated with the evaluation 567 and maintenance of competencies. Auditor competency files and audit logs shall demonstrate 568 how auditors meet the requirements contained in this document and are to include: 569 570

· Auditor name, position, and contact information. 571 · Pre-requisite and subsequent education 572 · Results of evaluation of the Auditor’s competence in the role of Lead Auditor/Final 573

Reviewer, Technical Expert, or Auditor according to the requirements in this document. 574 · Audit/Inspection/Assessment experience 575 · Training participation and outcomes 576 · Scope of demonstrated competence to perform audits including any restrictions (e.g. due 577

to prior experience with a manufacturer which could be considered a conflict of interest) 578 · An Audit Log 579

580 An Auditing Organization shall make these records available to the recognizing Regulator 581 Authority upon request. The Program Administrator shall maintain a list of Lead Auditors, 582 Auditors, and Technical Experts. The list is to be updated annually. 583

IMDRF WG (PD1)/N4R2


12.0 Remediation 584

An Auditing Organization shall suspend the recognition of personnel that fail to meet the 585 requirements for the maintenance of competency or renewal of recognition. An Auditing 586 Organization shall prepare a remediation plan in order to bring the person back into compliance. 587 When an auditor is under remediation, he or she may not participate in audits except where it is 588 necessary as part of the remediation plan and under supervision; or to fulfill the minimum audit 589 experience requirement defined in this document. In such cases, the person under remediation 590 shall not act as a Lead Auditor or Final Reviewer. 591 592 The Auditing Organization shall observe an auditor successfully performing a full audit in order 593 to have recognition re-instated. 594 595 A Technical Expert shall be assessed under supervision and recognition confirmed by the Final 596 Reviewer based on the outcome of this review. 597

598

IMDRF WG (PD1)/N4R2


Appendix A – Classification of Technical Knowledge 599

Knowledge of Medical Devices 600 601 Auditing Organizations shall utilize the following tables to classify Technical Knowledge and 602 record the relevant classification in personnel files. 603 604 Non-Active Medical Devices

Non-Active Implants (excluding Dental Implants)

· Non-Active Cardiovascular Implants · Non-Active Orthopedic Implants · Non-Active Soft Tissue Implants · Non-Active Functional Implants

Medical Devices for Wound Care

· Bandages and Dressings · Suture Material · Other Non-Active devices for wound care

Non-Active Dental Devices

· Non-Active Dental Equipment and Instruments · Dental Materials · Dental Implants

General Non-Active Medical Devices

· Non-Active Devices for anesthesia, emergency and intensive care

· Non-Active Devices for injection, infusion, transfusion and dialyses

· Non-Active Orthopedic and Rehabilitation Devices

· Non-Active Measuring Devices · Non-Active Ophthalmic Devices · Non-Active Instruments · Devices for Contraception · Non-Active Devices for disinfection, cleaning

and rinsing · Non-Active Devices for In-Vitro Fertilization

(IVF) and Assisted Reproduction Technologies (ART)

Other Non-Active Medical Devices

· Specify

605 Active Non Implantable Medical Devices

Monitoring Devices · Active Devices for monitoring vital physiological parameters

· Active Devices for monitoring non-vital physiological parameters

IMDRF WG (PD1)/N4R2


Imaging Devices · Imaging Devices using Ionizing Radiation · Imaging Devices using non-ionizing Radiation

Devices for Radiation and Thermotherapy

· Devices using Ionizing radiation · Devices using non-ionizing radiation · Device for Thermotherapy · Devices for Lithotripsy

General Active non-implantable Medical Devices

· Active devices for extracorporeal circulation, infusion and hemapheresis

· Active devices for respiratory therapy, oxygen therapy, and inhalation anesthesia

· Active Devices for stimulation and inhibition · Active surgical devices · Active Ophthalmic devices · Active Dental Devices · Active devices for disinfection and

sterilization · Active rehabilitation devices and active

prostheses · Active devices for patient positioning and

transport · Software · Active devices for In-Vitro Fertilization (IVF)

and Assisted Reproduction Technologies (ART)

Other Active Non-Implantable Medical Devices

· Specify

606 607 Active Implantable Medical Devices

Devices for stimulation or inhibition Devices delivering Drugs or other substances

Devices substituting or replacing organ functions

Radioactive seeds for interstitial radiotherapy

Other active implantable medical devices

IMDRF WG (PD1)/N4R2


608 In Vitro Diagnostic Medical Devices

Reagents and reagent products, calibrators and control materials for In Vitro Diagnostic Medical Devices

· clinical chemistry · immunochemistry · hematology · microbiology · infectious immunochemistry · histology/cytology · genetic testing

In Vitro Diagnostic Instruments and software

In Vitro Diagnostic medical devices for near-patient use

· devices for home use · near-patient use other than home use

Other In Vitro Diagnostic medical devices

· Specify

609 610 Medical Devices incorporating specific substances or technologies

Medical device containing medicinal or biologically active substances

Medical devices containing or manufactured using tissue of animal origin

Medical devices containing human blood derivatives

Medical devices using micro-machinery and MEMS

Medical devices containing nanomaterial

Medical devices using biologically active coatings or materials being wholly or mainly absorbed by the body

611 An Auditing Organizations shall further stratify and record knowledge of medical devices to 612 indicate knowledge of specific manufacturing technologies, production methods or advanced 613 topics. 614

IMDRF WG (PD1)/N4R2


Knowledge of Manufacturing Technologies 615 616 Knowledge of specific manufacturing technologies and their quality practices shall be recorded 617 in the personnel files of auditors. Examples include: 618

· Thin and thick film techniques 619 · Manufacturing techniques for microelectronics 620 · Manufacturing techniques for micro-machinery 621 · Aseptic processing 622 · Welding techniques 623 · Manufacturing techniques for ceramics and sol-gels 624 · Manufacturing techniques involving polymers (extrusion, injection molding, etc.) 625 · Metal manufacturing techniques (casting, shaping, heat treating, etc.) 626 · Textile and fiber manufacturing technologies, weaving 627 · Packaging techniques 628

629 Knowledge of Advanced Topics 630 631 Where Auditors, Lead Auditors, and Technical Experts have advanced knowledge of special 632 technical areas, this shall be reflected in the personnel files held by the Auditing Organization. 633 Examples include: 634

· Knowledge of sterilization techniques and their validation 635 · Knowledge of microbiology and bioburden monitoring 636 · Knowledge of biocompatibility and its evaluation 637 · Knowledge of cleanroom processing 638 · Knowledge of environmental monitoring and controls 639 · Knowledge of packaging technologies 640 · Knowledge of stability testing 641 · Knowledge of risk management practices 642 · Knowledge of cleaning and disinfection 643 · Biological evaluation of medical devices 644 · Clinical evaluation of medical devices 645 · Physical and chemical evaluation of medical devices 646 · Knowledge of process validation practices 647 · Software validation techniques 648

649 An Auditing organization may also choose to record knowledge that personnel may have of the 650 use of the device. 651

652

IMDRF WG (PD1)/N4R2


Appendix B – Competency Matrices 653

Rating criteria 654 655 Program Manager, Lead Auditor, Auditor, or Technical Expert are assigned one of four levels 656 for each competency depending on their role in accordance with the following tables. 657 658

Importance Requirement Level Critical Skill or Knowledge Must have 4 Important Skill or Knowledge Should have 3 Helpful Skill or Knowledge Preferable to have 2 Supplemental Skill Set Optional 1 659 660

Foundational COMPETENCIES

Program Administrator Lead Auditor

Auditor

Technical Expert

Ethics 4 4 4 4 Objectivity 4 4 4 4 Reasoning 4 4 4 3 Interpersonal Skills 3 4 4 3 Analysis 4 4 4 3 Communication 4 4 3 3 Diligence 4 4 4 3 Adaptability 3 4 4 3 Tenacity 3 4 4 4 Intuition 3 4 4 3 Observation 2 4 4 4

661 Table 1 - Foundational Competencies 662

663

IMDRF WG (PD1)/N4R2


Functional COMPETENCIES

Program Administrator

Lead Auditor

Auditor

Technical Expert

Information Technology

4 4 4 3

Interviewing 2 4 4 3 Teamwork 3 4 4 4 Conflict Resolution 4 4 4 3 Supervision 2 4 2 2 Writing Literacy 2 4 3 3 Time Management 3 4 4 3 Records Management 4 4 3 3 Legal Protections 4 4 4 4 Cultural Sensitivity 2 4 4 4 QMS 2 4 4 2 Autonomy 2 4 4 2

664 Table 2 - Functional Competencies 665

666 667

Technical COMPETENCIES

Technical Expert*

Lead Auditor

Auditor

Quality Systems 3 4 4 Regulatory Requirements

4 4 4

Medical Devices 4 4 4 Auditing Procedures and Techniques

3 4 4

Statistical Analysis 2 4 4 Risk Management 2 4 4

668 Table 3 - Technical Competencies 669

670 *A Technical Expert shall have a technical competency of (4) in their area of expertise 671 **Program Administrators shall have a technical competency of (4) in the Auditing 672 organizations policies and procedures for assessing the application to determine audit 673 team competence required, selecting the audit team members, and determining audit time. 674