You may have noticed that MDCG issued another position paper last month on the topic of ‘hybrid audits’. It’s a short paper, but an important one, nonetheless.
In an earlier Advena Newsletter article this year, I talked about the BSI webinar on hybrid audits, and how this was going to be their standard approach to all future Unannounced Audits, but now thinking about the new MDCG position paper, it seems clear that the future of audits under the EU MDR or EU IVDR can be performed using the hybrid approach. I say can, because of course it is up to the Notified Body decide on the approach to use…but given the task of scheduling audits in the current climate with Notified Body resources continue to be a challenge, I would expect this to be used as often as practically possible by all NBs to maximise their pool of resources.
As expected, the driver for the acceptance of the hybrid approach to audits came from the COVID-19 pandemic, where auditors and auditees had to become accustomed with the use of information and communication technologies (ICT) during audits, as described in MDCG 2020-4 and MDCG 2020-17.
Even today though, I have seen confusion about what people understand by the term ‘hybrid audit’. Thankfully, this new MDCG position paper clarifies the definition of the term ‘hybrid audit’, as follows:
“A ‘hybrid audit’ should be understood as an audit on the premises of the manufacturer or its supplier(s) and/or subcontractor(s) with at least one auditor present on the premises and other members of the audit team participating from elsewhere using information and communication technologies (ICT)”.
It goes on to clarify that this can be applied for all or part of the audit. The new definition and the guidance document should clear up any previous confusion or lack of clarity about definitions or use.
However, it does not cover the operational aspects of the hybrid audit, and at the end of the document it mentions that “MDCG advises NBCG-Med to further elaborate on operational elements, including the identification of aspects to be audited on the auditee’s premises”.
What next then?
Well, much like the advice in my previous article mentioned above, I would urge you to of course read the MDCG 2022-17 position paper, and to then start to create something of a checklist to ensure that you know how best to handle the hybrid audit professionally, efficiently, and effectively. Here are a few pointers to get started….
· Check to see if your Notified Body has released their own guidance on their processes for hybrid audits.
· Decide which platform you want to use (Teams, Skype, Zoom, etc)
· Ensure that relevant potential auditees know how to use the platform
· Evaluate to determine if there are any risks involved in the hybrid process (and the platform choice) and how you can mitigate those risks
· Ensure that your external audit handling processes are updated accordingly and make sure the relevant personnel are made aware of the hybrid approach.
You may have already hosted this kind of audit before, during the Covid-19 pandemic, so you are well aware of the potential challenges. Nevertheless, read through the MDCG guidance document, and take a look back at your last hybrid audit to make sure that those ‘lessons learned’ made it into your QMS as improvements.