The new article describes the actions to be taken by the parties involved upon completion of an on-site assessment. 





The Medical Device Coordination Group (MDCG), an advisory body of the European Commission responsible for regulations in the sphere of medical devices, has published a guidance document dedicated to conformity assessment bodies (CABs) and notified bodies (NBs). In particular, the document describes the regulatory matters related to the above mentioned entities as prescribed by the new regulatory framework set forth by the Medical Devices Directive 2017/745 (MDR) and the In Vitro Diagnostic Medical Devices Directive 2017/746 (IVDR). The document provides additional clarifications regarding the applicable requirements, as well as recommendations to be followed by all the parties involved to ensure the said requirements are duly followed. At the same time, provisions of the guidance are non-binding, nor are intended to introduce new rules or impose new obligations. 

The scope of the guidance covers, inter alia, the matters related to post-on-site assessment activities. 


JAT Summary Assessment Report 

According to the guidance, the joint assessment team (JAT) should develop a report reflecting the findings of an on-site inspection conducted. Under the general rule, such a report should be submitted to the designating authority within 30 days from the date when the respective assessment has been completed. Such a report should be accompanied by a description of an applied-for scope subject to assessment. The said report will serve as a basis for the decision the designating authority will take. 

As further explained by the MDCG, the draft JAT assessment report should duly reflect the non-compliances identified in the course of the assessment, as well as the respective summary. It is also stated that the designating authority will provide its comments regarding its draft within 25 business days from the date it was received. The MDCG additionally mentions that as the applied-for scope cannot be further amended after the on-site assessment (except deletion of codes and addition of limitations), the designating authority should also highlight, if applicable, any errors in the attached applied-for scope which otherwise will be considered as final (this check is especially important when a new version with (limited) changes has been provided after the initial application). As was already mentioned before, the said applied-for scope will be used as a basis for the decision regarding the designation of an applicant allowing the latter to conduct respective activities under MDR or IVDR. 

The JAT will consider the comments and feedback received from the designating authority when finalizing the report. According to the guidance, the modified version of the report should be submitted to the designating authority within 15 business days from the date the comments were provided. 

CAPA Plan Assessment 

Another aspect addressed in the guidance relates to the assessment of a plan for corrective and preventive actions (CAPA) to be developed by the applicant entity. In particular, the designating authority will review the CAPA plan to make sure that: 

  • All non-compliances raised in the on-site assessment are included in the CAPA plan;
  • The root cause(s) of all non-compliances has/have been appropriately identified and assessed; 
  • Corrections have been identified and implemented, where appropriate;
  • CAPAs have been identified for each of the root causes, as well as the timeline for their implementation; and
  • To verify the effectiveness of each CAPA has been identified, as well as the timeframe for its review. 

As further described by the MDCG, for each non-compliance identified during the on-site assessment, the authority should use the classification below when analyzing the actions proposed by the applicant: 

  • Satisfactory – When root cause analysis has been properly conducted, corrections, CAPAs, and timeframes for their implementation have been considered adequate, and processes proposed for verifying the effectiveness of such actions have been satisfactory denied;
  • Unsatisfactory – Whenever the information provided by the CAB is not sufficiently clear or relevant information is missing, or it is deemed to be inadequate or insufficient to address the non-compliances and/or prevent their recurrence; the designating authority should explain the rationale for this classification, which elements need to be further clarified and/or which information has to be provided by the CAP, including the applicable timeframes. 

In case some of the CAPAs are deemed to be unsatisfactory, the applicant will have to inform the authority about the timelines within which it is going to submit an updated version of the plan duly covering all the matters raised. In certain cases, more than one round of assessment will be needed to finalize the CAPA plan. 

If the applicant has not provided a CAPA plan, the designating authority will set a new timeframe for this information to be provided. Should the applicant fail to provide the information requested by the authority, the latter may, after a few rounds of requests, decide to cease reviewing the application. 

Under the general rule, the authority provides its response regarding the CAPA plan within 20 business days from the date it was received for review. Such a response is provided in the form of an opinion specifying the classification for each of the non-compliances addressed in the plan. 

However, as was mentioned before, the designating authority always has a right to stop the process if after numerous rounds of negotiations and requests it still finds the CAPA plan not satisfactory. 

In summary, the present guidance describes in detail the actions to be taken upon completion of the on-site assessment. The document explains the way the results of an assessment should be documented and reviewed, and also provides additional clarifications regarding the matters related to non-compliances identified in the course of an on-site assessment. 


How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.