How to Prepare for a Clinical Audit

Audits are not fun. That’s general knowledge. Ask anyone, and they will tell you.

But they will also tell you that being audited is a normal part of being in the industry.
There are several kinds of audits a medical manufacturing company has to go through. Among them, the internal audit, external audit, medical audit, performance audit, etc., are common.
Whether you do regular internal audits to assess your business is, well, your business. But, as a manufacturer in the EU, you have to go through some audits to ensure you are doing your due diligence as a medical manufacturer. And the notified body audit is at the center.
Notified body audits are the ones performed by the NB and are notoriously everyone’s least favorite kind. However, since you have to go through them, let’s make it a bit easier for you. Here are our favorite steps to getting ready for an audit.

The Purpose and Scope of the Audit

A. Familiarize yourself with the regulatory requirements and guidelines governing medical device audits: First, you want to ensure you understand the clinical audit criteria. Go through the documents and MDCG guidelines, find what the notified body will look for, find the clinical documents you need, and even get an idea of the best practice from another manufacturer. In short, if this is new for you, first understand how the audit process goes and get a general idea. Some of the documents you want to take a look at are:

  • MEDDEV 2.1/1 rev 4
  • ISO 13485:2016
  • MDCG Guidance Documents
  • ISO 14155:2020
  • EU MDR 2017/745

B. Understand the specific objectives and scope of the clinical audit: Now, compare how this audit differs from your routine internal audits. Some obvious differences are that there will be external auditors. It will also focus on the clinical effectiveness of the device and clinical documentation since the purpose of this audit is to ensure that you are doing everything possible to make sure your device works perfectly.
C. Identify the key personnel: The notified body will want to make sure that the management of your company is well aware of the clinical evaluation process and is working towards it. So, you will be asked to produce the internal audit reports, clinical development plans, and in general, how much the management is involved in the compliance process. For example, if they find an error in the audit process and find no one is responsible for handling it, the notified body can report you as non-conforming to MDR. But, if they find an error and you show that your management is aware of it and a consultant has been hired to address that error, the NB should be appeased. However, the error has to be actually addressed later on.

Review Regulatory Compliance

A. Ensure that your medical device is compliant: The easiest way to go through a clinical audit is to have a device that complies with all relevant regulations and standards. Ensure your devices already in the market comply with the MDR.
B. Review the quality management and post-market surveillance: The clinical audit emphasizes your QMS system heavily. You should be able to show that you are ready for all possible conditions and the quality improvement process is flawless.
C. Find the gaps or non-compliance areas in your current processes: It’s always better to catch your own non-compliances than have the NB point them out. We advise hiring a consultant with a good grasp of clinical governance and having them conduct a medical audit. Then take that audit report and compare it with the previous audits.
You can identify areas of improvement from these.

Review and Update the Clinical Evaluation Report (CER)

A. Evaluate the existing CER: Get a team and analyze the CER of the existing devices in the market. They will want to see your Clinical Development Plan, Clinical Investigation Plan, Postmarket Clinical Follow-Up Plan, Postmarket Clinical Follow-Up Studies, PSUR, etc. Since it is a systematic review, they will want to check all documents and plans.
B. Update the CER with the latest clinical data: Often, the CER is ready but lacks recent clinical data. You need to ensure all data in the CER are updated, including the current post-market information and adverse event reports.

Clinical Documentation and Clinical Data Management

A. Data collection: A medical audit is all about data collection and having the right data sets. Try to gather and organize all relevant clinical data sources, including clinical investigations, literature reviews, medical records, and post-market surveillance reports, in one place.
B. Ensure that the clinical data are reliable, relevant, and up-to-date: Any medical record used should be chosen using explicit criteria, and all ethical issues should be addressed.
C. Maintain proper documentation of all data: Record the data analysis process, show the source of clinical outcome records, and have case report forms and forms you use for adverse event reporting.

Internal Audits

A. Audit cycle: You should be able to show that you follow an audit cycle and have an audit team. Having regular internal audits to assess your compliance with regulatory requirements and employing quality improvement techniques based on the result of the clinical audits is a huge green flag to NBs.
B. Clinical excellence: A medical audit will try to assess your device’s clinical effectiveness and use; that’s natural. So, try to address any risks/malfunctions/adverse effects identified by the internal audit team and the end users: healthcare professionals.

Gap Analysis and Quality improvement process

A. Gap analysis: Perform a comprehensive gap analysis to identify any deficiencies or areas for improvement in your clinical evaluation process. The goal is to add to the clinical evidence if found lacking.
B. Quality improvement process: It’s imperative that you have one. It should also match your clinical data collection, analysis, and evaluation methodologies.
C. Quality management system: QMS is very important to auditors. Before the audit, use some time to find other quality improvement techniques than the ones you are using currently.

Risk Management

A. Documents: Assess how good your risk-management systems are. Oh, and keep the documentation ready!
B. Analysis: Ensure that the device’s risk factors are accurately detected, analyzed, and minimized.
C. Implementing change: Assess the risk-control measures’ implementation and integration into the clinical evaluation process.

Training and Educating Personnel

A. Train all professionals engaged in the clinical evaluation procedure. Ensure all teams know which documents they need to prepare or which records they need to recheck. Essentially, ensure that everyone on your team understands their roles and duties in preparing for the audit.
B. Keep your staff updated on the newest regulatory regulations and clinical evaluation criteria.

Preparing for the Audit

A. Coordinate with the auditors and plan the audit operations.
B. Learn about the audit procedure and requirements.
C. Prepare the appropriate facilities, resources, and paperwork for the audit.

Post-Audit Follow-up

A. Go over the audit findings and suggestions supplied by the auditors.
B. Based on the audit results, implement any necessary corrective steps.
C. Create a culture of continual improvement inside your organization’s clinical evaluation procedure.
D. Apply audit findings to future clinical evaluation initiatives.
C. Stay up to date on the newest regulatory developments and adapt your processes accordingly.


Audits are scary, even on good days. But, internal and external audit processes serve a purpose: better healthcare delivery and accurate clinical practice. It also allows the EU regulatory personnel to sleep a little more soundly at night! So, use this guide to prep for the easiest clinical audit of your life!

Want more EU MDR and Regulatory Insights?

We send weekly emails with the latest regulatory developments, templates, and strategies straight to QA/RA Professionals like you. Sign up below to get access today.