DocMCP Knowledge Base

English

中文

English

中文

Appearance

Competence and Training Requirements for Auditing Organizations

Document: IMDRF/MDSAP WG/N4FINAL:2013

Official Source

https://www.imdrf.org/documents/competence-and-training-requirements-auditing-organizations

Full Text

Competence and Training Requirements for Auditing Organizations

Document Number: IMDRF/MDSAP WG/N4FINAL:2013

Source: https://www.imdrf.org/documents/competence-and-training-requirements-auditing-organizations

IMDRF/MDSAP WG/N4FINAL:2021 (Edition 2)

Final Document

Title: Competence and Training Requirements for Auditing Organizations

Authoring Group: IMDRF MDSAP Working Group

Date: 16 September 2021

Oh-Sang Kwon, IMDRF Chair

This document was produced by the International Medical Device Regulators Forum. There are no restrictions on the reproduction or use of this document; however, incorporation of this document, in part or in whole, into another document, or its translation into languages other than English, does not convey or represent an endorsement of any kind by the International Medical Device Regulators Forum.

Copyright © 2021 by the International Medical Device Regulators Forum.

Table of Contents

1.0 Scope 5

2.0 Reference(s) 6

3.0 Definitions 6

4.0 Responsibilities 7

5.0 Commitment to Impartiality and Confidentiality 7

6.0 Entry Level Requirements 8

7.0 Training requirements 12

8.0 Auditor, Technical Expert and Final Reviewer Experience Requirements 14

9.0 Competence Evaluation 16

10.0 Reaffirmation of Code of Conduct 17

11.0 Records of Pre-requisites, Competence Evaluation and Monitoring 17

12.0 Remediation 17

Appendix A – Example of Technical Knowledge Classification 19

Appendix B – Competence Information 23

Preface

The document herein was produced by the International Medical Device Regulators Forum (IMDRF), a voluntary group of medical device regulators from around the world.

There are no restrictions on the reproduction, distribution or use of this document; however, incorporation of this document, in part or in whole, into any other document, or its translation into languages other than English, does not convey or represent an endorsement of any kind by the International Medical Device Regulators Forum.

Introduction

This is one document in a collection of documents produced by the International Medical Device Regulators Forum (IMDRF) intended to implement the concept of a Medical Device Single Audit Program (MDSAP). Two documents, IMDRF MDSAP WG N3 – “Requirements for Medical Device Auditing Organizations for Regulatory Authority Recognition” and this document, IMDRF MDSAP WG N4 – “Competence and Training Requirements for Auditing Organizations,” are complementary documents. These two documents N3 and N4 are focused on requirements for an Auditing Organization and individuals performing regulatory audits and other related functions under the respective medical device legislation, regulations, and procedures required in its regulatory jurisdiction.

In addition, IMDRF MDSAP WG N11 will define a method to “grade” nonconformities resulting from a Regulatory Authority assessment of an Auditing Organization and to document the decision process for recognizing an Auditing Organization or revoking recognition.

This collection of IMDRF MDSAP documents will provide the fundamental building blocks by providing a common set of requirements to be utilized by the Regulatory Authorities for the recognition and monitoring of entities that perform regulatory audits and other related functions. It should be noted that in some jurisdictions the recognition process is called designation, notification, registration, or accreditation.

IMDRF developed MDSAP to encourage and support global convergence of regulatory systems, where possible. It seeks to strike a balance between the responsibilities of Regulatory Authorities to safeguard the health of their citizens as well as their obligations to avoid placing unnecessary burdens upon Auditing Organizations or the regulated industry. IMDRF Regulatory Authorities may add additional requirements beyond this document when their legislation requires such additions.

The purpose of this document is to specify competence and training requirements that shall be demonstrated and maintained by recognized Auditing Organizations for personnel involved in medical device regulatory audits and decision making. Recognizing Regulatory Authority(ies) do not qualify, authorize, or otherwise accredit or license auditors.

The requirements contained within this document are for personnel involved in audits and decision making functions for assessing conformity with regulatory requirements for medical device manufacturers, and includes:

  • Defining knowledge, skills, and attributes.

  • Criteria for various degrees of competence based on roles in audits and decision making functions.

  • Assisting in evaluation and development.

  • Providing a basis for identifying training needs.

Scope

This document applies to recognized Auditing Organizations conducting audits of a medical device manufacturer for regulatory purposes. Adherence to this document and its requirements will help mitigate the risk of inconsistent or ineffective assessments of manufacturers by ensuring that Auditing Organization personnel have the necessary commitment, competence, experience, and training before conducting an audit or undertaking a decision making function.

The functions covered by an Auditing Organization, within the scope of this document, and the independence of the roles assigned are described in Table 1.

FunctionsAuditDecision Making
Establishing qualification criteria and for authorizing other personnel to perform specific certification-related activities.Competence Qualifier
Review the manufacturer’s application to determine audit team competence required, select the audit team members, and determine audit durationn/aProgram Administrator
Evaluation of quality management systemLead Auditor / Auditor *n/a
Evaluation of product/process related technologies (where the assigned Lead Auditor / Auditor do not possess qualification in the applicable technology)Technical Expertn/a
Evaluation of Technical DocumentationLead Auditor / Auditor / Technical Expert **n/a
Evaluation of RegulationsLead Auditor / Auditor / Technical Expert ***n/a
Review of audit reports to support certification decisionsn/aFinal Reviewer
  • Qualified in the product/process related technologies utilized in the audited activities (see Appendix A – Knowledge of Manufacturing Techniques and Advanced Topics as applicable).

** Qualified in the product/process related technologies applicable to medical devices in the scope of audit (see Appendix A – Knowledge of Medical Devices and Advanced Topics as applicable).

*** Qualified in the jurisdictional regulatory requirements in the scope of audit (see section 7.1).

Table 1: Auditing Organization Functions and Roles

Reference(s)

  • GHTF/SG1/N78:2012 - Principles of Conformity Assessment for Medical Device

  • ISO 9000:2015**-**Quality management systems — Fundamentals and vocabulary

  • ISO/IEC 17000:2004**–** Conformity assessment – Vocabulary and general principles

  • ISO/IEC 17021-1:2015 - Conformity Assessment – Requirements for bodies providing audit and certification of management system.

  • ISO/IEC TS 17021-3:2017 - Conformity Assessment – Requirements for bodies providing audit and certification of management system – Part 3: Competence requirements for auditing and certification of quality management systems.

Definitions

Audit: A systematic, independent, and documented process for obtaining records, statements of fact or other relevant information and assessing them objectively to determine the extent to which specified requirements are fulfilled. (ISO 17000:2004)

Auditing Organization: An organization that audits a medical device manufacturer for conformity with quality management system requirements and other medical device regulatory requirements. Auditing Organizations may be an independent organization or a Regulatory Authority which perform regulatory audits.

Auditor: A person with the demonstrated personal attributes and competence to conduct an audit. (ISO 9000:2015 clause 3.13.15)

Competence: Demonstrated personal attributes and demonstrated ability to apply knowledge and skills. (ISO 9000:2015 clause 3.10.4)

3.5 Competence Qualifier: Persons undertaking the following activities:

Final Reviewer: An experienced auditor, who hasn't participated in the audit under review, who performs a review of the audit and who may make certification decisions for MDSAP certifications.

Program Administrator: A person(s) that conducts a review of the audit application to determine audit team competence requirements, select audit team members, and determine audit duration.

Regulatory Authority: A government body or other entity that exercises a legal right to control the use or sale of medical devices within its jurisdiction, and that may take enforcement action to ensure that medical products marketed within its jurisdiction comply with legal requirements. (GHTF/SG1/N78:2012)

Technical Documentation : The documented evidence, normally an output of the quality management system, that demonstrates compliance of a device to the Essential Principles of Safety and Performance of Medical Devices. (GHTF/SG1/N78:2012 and GHTF/SG1/N46:2008)

Technical Expert: A person who provides specific knowledge or expertise to the audit team and in relation to the organization, a product, process or activity, or a regulatory requirement to be audited. (Adapted from ISO/IEC 17021-1:2015 clause 3.14))

Responsibilities

It is the responsibility of the Auditing Organization to collect and maintain evidence that demonstrates that personnel involved in auditing activities meet the specified competence requirements contained within this document.

The Auditing Organization shall have documented processes to: (1) initially qualify personnel involved in auditing activities to the specified requirements contained within this document, based on demonstrated competence; (2) ensure that the competence of personnel involved in auditing activities is maintained on a continuing basis; (3) provide personnel with appropriate support and resources where needed and, (4) maintain records of these activities including a signed Code of Conduct (see IMDRF MDSAP WG N3 clause 7.1.6) for each person involved in the Regulatory Audit process. Auditors-in-training may be included in the audit team, but shall not audit without supervision from the Lead Auditor.

The Auditing Organization’s processes for establishing and maintaining competence of personnel involved in auditing activities is subject to assessment by the recognizing Regulatory Authority(ies).

On request, Auditing Organizations are to provide feedback of their experiences with regards to the competence requirements for personnel involved in auditing activities to the recognizing Regulatory Authority(ies), for the purpose of refining the competence criteria and training requirements defined in this document.

Commitment to Impartiality and Confidentiality

Each person involved in auditing activities shall sign a Code of Conduct (see IMDRF MDSAP WG N3 clause 7.1.6) and disclose any potential conflicts of interest, including prior association with a manufacturer or its personnel. The employing Auditing Organization shall implement appropriate arrangements to manage perceived or actual conflicts of interest.

Entry Level Requirements

An Auditing Organization shall apply its own procedures for formally selecting, training, and approving personnel involved in audits and decision making functions using the requirements and criteria contained within this document.

The following are the pre-requisite education, experience, and competencies to be demonstrated and maintained by personnel involved in audits and decision making functions.

Pre-requisite Education

Lead Auditors, Auditors, Final Reviewers, Technical Experts, and Competence Qualifiers should hold a diploma or degree from a university or technical college in medicine, science, or engineering (educational requirement). Disciplines of interest include, for example;

  • Biology
  • Microbiology
  • Chemistry
  • Biochemistry
  • Computer hardware and software technology
  • Material sciences
  • Engineering - electrical, mechanical, biomedical, clinical, bioengineering,
  • Human physiology
  • Medicine
  • Pharmacy
  • Physics and biophysics

Program Administrators should hold certificates or diplomas for successful completion of secondary school education qualifications.

The field of study related to the certificate, diploma or degree should be the primary basis for the classification of Technical Knowledge. However, in exceptional cases, a demonstration of equivalent knowledge and skills may be acceptable. The Auditing Organization shall justify and document the reasons for accepting alternatives to the education requirements.

Pre-requisite Experience

Potential Lead Auditors and Auditors, Final Reviewers, Technical Experts, Competence Qualifier and Program Administrators shall be able to demonstrate sufficient experience to have acquired the requisite knowledge and skills to successfully perform assigned tasks.

Potential Lead Auditors, Final Reviewers, Technical Experts, and Competence Qualifiersshall demonstrate at least four years of relevant full-time experience. Successful completion of other formal qualifications (advanced degrees) can substitute for a maximum of three years of working experience.

In exceptional cases, a shorter duration of experience, or experience in areas not mentioned above, may be acceptable. Such cases may include, for example, individuals employed in an audit, inspectional or enforcement position for a regulatory authority whereby they have acquired and demonstrated in-depth knowledge of the application of quality management system principles to medical device manufacturing, the application of regulations, as well as the evaluation of compliance of medical device manufacturers to standards and regulations. An Auditing Organization shall justify and document such cases.

Potential Final Reviewers shall demonstrate the experience and skills of a Lead Auditor.

Potential Technical Experts shall demonstrate advanced experience and expertise in a particular process, medical device, or technology classified as Technical Knowledge.

Potential Competence Qualifiers shall demonstrate the experience and skills of a Lead Auditor and have a broad base of knowledge of device technologies and the design and manufacture of devices. Pre-requisite Competence Requirements.

6.3 Pre-requisite Competence Requirements

Three broad categories of competencies are required for potential Lead Auditors, Auditors, Technical Experts, and Final Reviewers:

  • Foundational Competencies: those generic skills, personal attributes, and behaviors applicable to all personnel and developed through experience (e.g. adaptability, diligence, critical and analytical thinking, communication, etc.)
  • Functional Competencies: those generic skills applicable to all personnel developed through experience and required to perform audits (e.g. project management; time management; teamwork; effective use of information technology; etc.)
  • Technical Competencies: those unique skills developed through experience and specific knowledge applicable to personnel depending on the scope of activities needed to address subject areas (e.g. regulatory requirements, risk assessment, health and safety impacts, etc.)

The attributes and skills described in the three categories of competence are to be evaluated as part of entry level requirements, as well as through training and other qualification and authorization activities. At entry point it may not be possible to evaluate all three categories. In this case, the Auditing Organization shall evaluate and update competence requirements at a later point in the process of training and other qualification and authorization activities.

6.3.1 Foundational Competencies

  1. Integrity: Abides by a strict code of ethics and behavior; chooses an ethical course of action and does the right thing, even in the face of opposition; encourages others to behave accordingly. Treats others with honesty, fairness, and respect; makes decisions that are objective and reflect the just treatment of others. Takes responsibility for accomplishing work goals within accepted timeframes; accepts responsibility for one's decisions and actions and for those of one's group, team, or department; attempts to learn from mistakes.

  2. Objectivity: Makes a balanced assessment of the relevant circumstances and is not unduly influenced by their own interests or by others in forming judgments.

  3. Critical and Analytical Thinking: Seeks relevant, reliable, and competent information for use in problem solving and decision making. Uses sound logic and reasoning to identify strengths and weaknesses of alternative solutions, conclusions, or approaches. Uses reasoning to analyze, compare, and interpret information to draw conclusions.

  4. Interpersonal Skills:**** Establishes and maintains positive working relationships with a diverse group of contacts. Works effectively as a team member during the assessment process. Recognizes and considers input from all assessment program stakeholders.

  5. Communication: Expresses or presents ideas, both orally and in writing, in a clear, concise, accurate and logic fashion, taking into consideration the target audience. Has a good command of language(s) and uses an appropriate business writing style, using objective, specific language; uses punctuation correctly, verifies spelling, and writes grammatically correct. Listens actively; asks clarifying questions and summarizes or paraphrases what others have said to verify understanding.

  6. Adaptability: Demonstrates the ability to use or consider nontraditional methods; makes changes in response to demands and circumstances.

  7. Tenacious: Persistent and focused on achieving objectives.

  8. Perceptive:**** Instinctively aware of and able to understand situations.

  9. Observant: Actively observing physical surroundings and activities.

6.3.2 Functional Competencies

  1. Information Technology: Has the willingness and ability to apply electronic technology to complete work objectives, to use new techniques, and/or technologies as a routine part of assessments and has a working knowledge of how to use regulatory and functional databases and systems.

  2. Interviewing: Plans, conducts, and documents results of discussions with individuals in such a manner as to achieve assessment objectives; ability to determine accuracy of information from interviewees and potential indicators of further follow-up action. Skilled in obtaining relevant, reliable, and useful information from individuals at all levels in the audited organization.

  3. Teamwork: Provides constructive feedback to assessment team members. Ability to identify skill needs and methods for performance improvement; assists with handling performance issues. Provides environment to maximize Auditor proficiency.

  4. Conflict Resolution:**** Recognizes the potential and actual sources of personnel conflict from assessment program stakeholders. Achieves results through diplomatic handling of disagreements and potential conflict; works effectively and cooperates with other individuals and departments to resolve conflicts.

  5. Supervision:**** Plans, organizes, directs, monitors, and evaluates the work of others assigned to assessment projects.

  6. Writing Literacy:**** Creates clear and concise reports and presentations that are based on objective evidence. Uses correct spelling, grammar, and punctuation to produce logical and accurate written documentation and correspondence. Communicates ideas, information, and messages, which may contain technical material, in a logical, organized, and coherent manner.

  7. Time Management:**** Monitors progress against objectives and completes duties in timely and effective manner.

  8. Records Management: maintains accurate and objective records of facts and observations made.

  9. Cultural Sensitivity: Observant and respectful to different cultures.

  10. Autonomy: Ability to work independently and adjust to unforeseen circumstances with minimal assistance.

6.3.3 Technical Competencies

  1. Regulatory requirements and context: Knowledge of the regulatory requirements of the recognizing Regulatory Authority(ies) published in legislation and best practice documents, and the medical device business sector, to enable an assessment of the applicability and compliance with such laws, regulations, and standards.

This knowledge shall include the principles and applications of medical device quality management system requirements for the purpose of:

  • achieving conformity with regulatory requirements
  • implementing and maintaining risk management system requirements
  • ensuring the relevant requirements for products and services have been determined by an organization1
  • ensuring that the interfaces of an organization with its suppliers are effectively documented and controlled1.
  1. Medical devices and the manufacturing environment:**** Knowledge of medical devices and the related manufacturing activities, including:
  • the types of medical devices including their complexities, technologies, and risk classifications
  • their intended use, terminology and technology specific to the technical area1
  • safety and risks of medical devices
  • the processes and technologies used by medical device manufacturers
  • the infrastructure and environment for operation of processes affecting product and service1
  • the provision of processes, products and services from external suppliers1
  • the impact of organization type, size, governance, structure, functions and relationships on development1
  1. Auditing Standards and Techniques: Knowledge of internationally recognised standards and techniques for auditing quality management systems to ensure that each QMS auditor has knowledge of[1]:
  • fundamental concepts and quality management principles and their application
  • terms and definitions related to quality management
  • the process approach including related monitoring and measurement
  • the role of leadership in an organization and its impact on the QMS
  • application of risk based thinking including the determination of risks and opportunities
  • application of the PDCA (plan, do, check, act) cycle
  • structures and interrelationships of documented information specific to quality management
  • quality management related tools, methods, techniques and their application.
  1. Statistical Analysis:**** Knowledge of the basic concepts of probability and statistics including mean, median, confidence level and standard deviation as it relates to representative sampling and trend analysis.

Training requirements

The Competence Levels described in Appendix B are used to identify requirements for training and the development of programs for personnel involved in audits and decision making functions.

The following are activities undertaken to establish initial competence and to maintain proficiency.

Mandatory Training

Final Reviewers, Lead Auditors, Auditors, Technical Experts, are to undertake any initial or new training mandated by the recognizing Regulatory Authority(ies) within the designated timeframes. Such training could encompass new or revised requirements that were not part of the individual’s previous training. Such training will count toward annual Continual Professional Development (CPD) hours.

Final Reviewers, Lead Auditors, and Auditors shall have successfully completed the following training prior to performing independent work for the Auditing Organization:

  • 40 hours of classroom training in quality management systems (e.g. ISO 9001) including a minimum of 8 hours dedicated to additional medical device quality management system requirements (e.g. ISO 13485). In cases of already qualified quality management system auditors, a minimum of 8 hours of classroom training in the additional medical device quality management system requirements.

  • 32 hours of training in medical device regulations, and auditing for conformity to those regulations, or equivalent, plus sufficient additional time for each set of jurisdictional regulatory requirements within the scope of recognition for the Auditing Organization and commensurate with the existing experience of the trainee.

  • 8 Hours of training in risk management principles, preferably related to the design of a medical device (e.g. ISO 14971) and their application within a quality management system. (e.g. ISO 13485 and GHTF/SG3/N15R8)

Any alternative evidence from professional experience or equivalent training by other means shall be justified and documented.

  • Specified training documented in a training plan and including the relevant procedures of the Auditing Organization’s quality management system, a sufficient number of audits witnessed by the trainee, and a sufficient number of audits performed by the trainee under supervision and observed by a Lead Auditor, prior to a qualification audit. The number of audits witnessed or performed by the trainee, prior to a qualification audit, will be determined from the competency criteria for these roles and established by the Auditing Organization’s Competence Qualifier. (See section 8.0 below)

An Auditing Organization may use evidence of relevant audits performed for another Auditing Organization to show fulfillment of this training requirement.

Technical Experts shall have successfully completed the following training prior to performing work under the direction of a Lead Auditor for the Auditing Organization:

  • For each authorization in a category of Technical Knowledge, irrespective of whether this is the first or a later category to be qualified, the Auditing Organization shall document evidence of appropriate training and knowledge for the Technical Expert in the Technical Knowledge category. This may be in the form of training in the requirements of relevant product, process or activity standards, (or other specific standards that have been nominated by a recognizing Regulatory Authority(ies) that may be used to demonstrate conformity to regulatory requirements), training in the characteristics of, or requirements for, products, or process technologies, or training in the clinical indications for a product category, etc.

Specified training documented in a training plan and including; the relevant procedures of the Auditing Organization’s quality management system for the evaluation of product/process related technologies and, the evaluation of evidence of adequate product technical documentation in relation to relevant regulatory requirements.

Program Administrators shall have successfully completed specified training documented in a training plan in the relevant procedures of the Auditing Organization’s quality management system.

Competence Qualifiers are to be experienced lead auditors and hence would have completed the mandatory initial training for those roles.

Continual Professional Development

In accordance with the Code of Conduct (see IMDRF MDSAP WG N3 clause 7.1.6), personnel involved in audits and decision making functions shall commit themselves to continually improve their proficiency, effectiveness, and quality of work.

Lead Auditors and Auditors, Final Reviewers, Competence Qualifiers, and Program Administrators shall fulfill a requirement for continual professional development (CPD):

  • 6 hours of professional development per year; and,
  • 8 hours of annual training on changes to regulatory requirements and updates on relevant guidance documents pertaining to the regulations, or equivalent.

Mandatory annual training or re-training on the Auditing Organization’s internal procedures and processes shall not count toward CPD hours. Audits or work performed shall not count towards CPD hours. In order to count toward CPD hours, training shall maintain or augment existing competencies, or be provided for the acquisition of new competencies relevant to the roles and responsibilities in audits or decision making functions. Personnel with a broad scope of competence may require more CPD hours per year to maintain their competence. Auditing Organizations shall not permit additional hours carried forward to count as CPD hours in future years.

Auditor, Technical Expert and Final Reviewer Experience Requirements

There must be documented evidence of successful completion of the mandatory training (see 7.1 above) prior to fulfilling the following requirements. Any alternative evidence of equivalent experience by other means shall be justified and documented.

Auditors-in-training, Auditors, Lead Auditor-in-training, and Lead Auditors

8.1.1 Auditor In Training: Before undertaking independent auditing, auditors will be considered an Auditor-in-training. The Auditor-in-training shall participate as a member of an audit team for at least 20 audit days. The Auditor-in-training must be observed by a Lead Auditor, the audits must be conducted within 12 months, and at least 2 of these audits must be initial or re-audits/recertification audits.

8.1.2 Auditor Qualification; After successfully completing auditor training requirements, Auditors shall demonstrate participation in at least 6 audits that total at least 15 audit days in each subsequent 12 month period. At least 2 of these audits must be initial or re-audits/recertification audits in order to maintain the necessary experience and qualification.

8.1.3 Lead Auditor Qualification: After successfully completing auditor requirements, an auditor can be considered, Lead Auditors-in-training. Lead Auditors-in-training shall demonstrate at least an additional 15 on-site audit days leading an audit, at least 3 of these audits must be initial or re-audits/recertification audits, and these audits must be conducted within 12 months. Lead Auditors-in-Training are only qualified as a Lead Auditor after a successful witness audit has been documented by a qualified Lead Auditor.

Lead Auditors shall demonstrate participation in at least 6 audits that total at least 15 days in each subsequent 12 month period. At least 2 of these audits must be initial or re-audits/recertification audits. At least 2 of these audits shall be performed as a Lead Auditor in order to maintain the necessary experience and qualification.

Experience and audits performed at one Auditing Organization may carry over to another Auditing Organization as long as proper documentation is maintained.

NOTE: Competence qualifiers who satisfy the initial competence requirements for Lead Auditor are not required to maintain the requirements for on-site audit days for each subsequent 12 month period if their role in the organization does not typically involve auditing, for example, if the competence qualifier is a manager or supervisor.

Technical Experts

On first qualification, Technical Experts shall demonstrate advanced experience in a particular process, medical device, or technology classified as Technology Knowledge.

When infrequently used, the AO should satisfy itself that the knowledge of the expert for particular processes, medical devices, or technologies includes the relevant and current standards and best practice documents.

8.3 Final Reviewers

Final Reviewers must have comprehensive experience in conducting regulatory audits of medical device manufacturers and have successfully concluded all requirements for an MDSAP Lead Auditor or equivalent experience as a Lead Auditor in another medical device regulatory audit program.

8.4 Technical Knowledge

Technical Knowledge may be categorized or coded by Regulatory Authorities. The Auditing Organization must define a method of assigning Technical Knowledge with regards to the requirements of the recognizing Regulatory Authority(ies).

Auditing Organization’s shall record the Technical Knowledge of their Auditors, Lead Auditors, Technical Experts, Final Reviewers and Competence Qualifiers. This record of Technical Knowledge shall be kept current and at least be used by the Program Administrator to assign auditors and technical experts to specific audits.

See Appendix A – Example of Technical Knowledge Classification

Competence Evaluation

Competence Evaluation Criteria

Program Administrator, Lead Auditor/Final Reviewer, Auditor, and Technical Expert competence levels will differ and depend on their roles in certification-related activities.

The MDSAP Auditing Organisation shall have a process for determining the competence criteria for personnel involved in the management and performance of audits and certification-related activities. These criteria shall at least include those identified throughout this document and summarized in Appendix B. The initial and ongoing competence level required for each role is also described in Appendix B.

Auditing Organizations shall use competency criteria to formulate and maintain training plans for Program Administrators, Lead Auditors/Final Reviewers, Auditors, and Technical Experts to ensure that they achieve the necessary competence levels. The learning process could include; formal assessment skills training and education, on the job assessment experience, professional development activities, supervisor/manager coaching and mentoring, etc.

Competence Qualifiers are to be experienced Lead Auditors and should meet the competency requirements for those roles.

Methods of Evaluation: Initial and Re-Evaluation

Auditing Organizations shall evaluate the competence of Lead Auditors/Final Reviewers, Technical Experts, and Auditors using a combination of monitoring methods that may include;

  • Review of records of audits or inspections, education, training, etc.
  • Feedback from the audited manufacturers, peers, and supervisors
  • Interviews
  • Observation of performance
  • Testing

Re-Evaluation

An Auditing Organization shall evaluate Lead Auditors/Final Reviewers, Technical Experts, and Auditors for continued qualification of competence at least every 3 years.

An Auditing Organization shall confirm skills and personal attributes of Lead Auditors and Auditors through a witness audit every 3 years.

Reaffirmation of Code of Conduct

Personnel involved in the audit are to reaffirm their commitment to the Code of Conduct (see IMDRF MDSAP WG N3 clause 7.1.6) on an annual basis. This should be in the form of a signed statement kept on file.

Records of Pre-requisites, Competence Evaluation and Monitoring

Auditing Organizations shall maintain current and accurate records associated with the evaluation and maintenance of competencies. Auditor competence files and audit logs shall demonstrate how auditors meet the requirements contained in this document and are to include:

  • Auditor name, position, and contact information.
  • Pre-requisite and subsequent education
  • Results of evaluation of the Auditor’s competence in the role of Lead Auditor/Final Reviewer, Technical Expert, or Auditor according to the requirements in this document.
  • Audit/Inspection/Assessment experience
  • Training participation and outcomes
  • Scope of demonstrated competence to perform audits including any restrictions (e.g. due to prior experience with a manufacturer which could be considered a conflict of interest)
  • An Audit Log

An Auditing Organization shall make these records available to the recognizing Regulatory Authority(ies) upon request. The Auditing Organization shall maintain a list of Lead Auditors, Auditors, and Technical Experts. The list is to be reviewed annually and updated as necessary.

Remediation

An Auditing Organization shall suspend the authorization of personnel that fail to meet the requirements for the maintenance of competence or renewal of authorization. An Auditing Organization shall prepare a remediation plan in order to bring the person back into compliance. When an auditor is under remediation, he or she may not participate in audits except where it is necessary as part of the remediation plan and under supervision; or to fulfill the audit experience requirement defined in this document. In such cases, the person under remediation shall not act as a Lead Auditor or Final Reviewer.

The Auditing Organization shall observe an auditor successfully performing a full audit in order to have authorization re-instated.

A Technical Expert shall be assessed under supervision and authorization confirmed by the Final Reviewer based on the outcome of this review.

Appendix A – Example of Technical Knowledge Classification

Knowledge of Medical Devices

Non-Active Medical Devices| Non-Active Implants (excluding Dental Implants)|

  • Non-Active Cardiovascular Implants
  • Non-Active Orthopedic Implants
  • Non-Active Soft Tissue Implants
  • Non-Active Functional Implants

---|---|---
Medical Devices for Wound Care|

  • Bandages and Dressings
  • Suture Material
  • Other Non-Active devices for wound care

Non-Active Dental Devices|

  • Non-Active Dental Equipment and Instruments
  • Dental Materials
  • Dental Implants

General Non-Active Medical Devices|

  • Non-Active Devices for anesthesia, emergency and intensive care
  • Non-Active Devices for injection, infusion, transfusion and dialyses
  • Non-Active Orthopedic and Rehabilitation Devices
  • Non-Active Measuring Devices
  • Non-Active Ophthalmic Devices
  • Non-Active Instruments
  • Devices for Contraception
  • Non-Active Devices for disinfection, cleaning and rinsing
  • Non-Active Devices for In-Vitro Fertilization (IVF) and Assisted Reproduction Technologies (ART)
  • Non-Active Devices for Ingestion

Other Non-Active Medical Devices|

  • Specify

Active Non Implantable Medical Devices| Monitoring Devices|

  • Active Devices for monitoring vital physiological parameters
  • Active Devices for monitoring non-vital physiological parameters

---|---|---
Imaging Devices|

  • Imaging Devices using Ionizing Radiation
  • Imaging Devices using non-ionizing Radiation

Devices for Radiation and Thermotherapy|

  • Devices using Ionizing radiation
  • Devices using non-ionizing radiation
  • Device for Thermotherapy
  • Devices for Lithotripsy

General Active non-implantable Medical Devices|

  • Active devices for extracorporeal circulation, infusion and hemapheresis
  • Active devices for respiratory therapy, oxygen therapy, and inhalation anesthesia
  • Active Devices for stimulation and inhibition
  • Active surgical devices
  • Active Ophthalmic devices
  • Active Dental Devices
  • Active devices for disinfection and sterilization
  • Active rehabilitation devices and active prostheses
  • Active devices for patient positioning and transport
  • Software, including software design for medical devices
  • Active devices for In-Vitro Fertilization (IVF) and Assisted Reproduction Technologies (ART)

Other Active Non-Implantable Medical Devices|

  • Specify

Active Implantable Medical Devices| Devices for stimulation or inhibition|
---|---|---
Devices delivering Drugs or other substances|
Devices substituting or replacing organ functions|
Radioactive seeds for interstitial radiotherapy|
Other active implantable medical devices|
In Vitro Diagnostic Medical Devices | Reagents and reagent products, calibrators and control materials for In Vitro Diagnostic Medical Devices|

  • clinical chemistry
  • immunochemistry
  • hematology
  • microbiology
  • infectious immunochemistry
  • histology/cytology
  • genetic testing

---|---|---
In Vitro Diagnostic Instruments and software|
In Vitro Diagnostic medical devices for near-patient use|

  • devices for home use
  • near-patient use other than home use

Other In Vitro Diagnostic medical devices|

  • Specify

Medical Devices incorporating specific substances or technologies| Medical device containing medicinal or biologically active substances|
---|---|---
Medical devices containing or manufactured using tissue of animal origin|
Medical devices containing human blood derivatives|
Medical devices using micro-machinery and MEMS|
Medical devices containing nanomaterial|
Medical devices using biologically active coatings or materials being wholly or mainly absorbed by the body|

Knowledge of Manufacturing Technologies

Examples include:

  • Thin and thick film techniques
  • Manufacturing techniques for microelectronics
  • Manufacturing techniques for micro-machinery
  • Aseptic processing
  • Welding techniques
  • Manufacturing techniques for ceramics and sol-gels
  • Manufacturing techniques involving polymers (extrusion, injection molding, etc.)
  • Metal manufacturing techniques (casting, shaping, heat treating, etc.)
  • Textile and fiber manufacturing technologies, weaving
  • Packaging techniques

Knowledge of Advanced Topics

Examples include:

  • Knowledge of sterilization techniques and their validation
  • Knowledge of microbiology and bioburden monitoring
  • Knowledge of biocompatibility and its evaluation
  • Knowledge of cleanroom processing
  • Knowledge of environmental monitoring and controls
  • Knowledge of packaging technologies
  • Knowledge of stability testing
  • Knowledge of risk management practices
  • Knowledge of cleaning and disinfection
  • Biological evaluation of medical devices
  • Clinical evaluation of medical devices
  • Physical and chemical evaluation of medical devices
  • Knowledge of process validation practices
  • Software validation techniques

Appendix B – Competence Information

Competence Levels

A Program Administrator, Lead Auditor, Auditor, or Technical Expert is required to attain a competence level for each foundational, functional and technical competence, depending on their role, and in accordance with the following tables.

ImportanceRequirementCompetence Level
Critical Skill or KnowledgeMust have3
Important Skill or KnowledgeShould have2
Helpful Skill or KnowledgePreferable to have1
Foundational COMPETENCIES**Program Administrator ***Lead Auditor/Final Reviewer
---------
Integrity33
Objectivity33
Critical and Analytical Thinking33
Interpersonal Skills23
Communication33
Adaptability23
Tenacious23
Perceptive23
Observant13

Table 1 - Foundational Competence Levels

Functional COMPETENCIES**Program Administrator ***Lead Auditor/Final ReviewerAuditorTechnical Expert
Information Technology3332
Interviewing1332
Teamwork2333
Conflict Resolution3332
Supervision1311
Writing Literacy1322
Time Management2332
Records Management3322
Cultural Sensitivity1333
Autonomy1331

Table 2 - Functional Competence Levels

Technical COMPETENCIES**Technical Expert ****Lead Auditor/Final ReviewerAuditor
Regulatory Requirements and context232
Medical Devices and the manufacturing environment333
Auditing Standards and Techniques133
Statistical Analysis132

Table 3 - Technical Competence Levels

*Program Administrators shall have a technical competence level 3 in the Auditing Organization’s policies and procedures for; assessing an application, determining the required audit team competence, selecting audit team members, and determining audit duration.

**A Technical Expert shall have a technical competence level 3 in their area(s) of expertise.

  1. From, or adapted from, ISO/IEC 17021-3:2017 - Conformity assessment - Requirements for bodies providing audit and certification of management systems- Part 3: Competence requirements for auditing and certification of quality management systems ↑

Content licensed under CC BY 4.0

Copyright © 2026 RASAAS